Internet X.509 Public Key Infrastructure Certificate and CRL Profile

This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use in the Internet. An overview of the approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms (e.g., IP addresses). Standard certificate extensions are described and one new Internet-specific extension is defined. A required set of certificate extensions is specified. The X.509 v2 CRL format is described and a required extension set is defined as well. An algorithm for X.509 certificate path validation is described. Supplemental information is provided describing the format of public keys and digital signatures in X.509 certificates for common Internet public key encryption algorithms (i.e., RSA, DSA, and Diffie-Hellman). ASN.1 modules and examples are provided in the appendices.

[1]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[2]  P. T. Barry,et al.  Abstract syntax notation-one (ASN.1) , 1992 .

[3]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[4]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[5]  Burton S. Kaliski,et al.  PKCS #1: RSA Encryption Version 1.5 , 1998, RFC.

[6]  Tim Howes,et al.  The String Representation of Standard Attribute Syntaxes , 1995, RFC.

[7]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, RFC.

[8]  Harald Tveit Alvestrand IETF Policy on Character Sets and Languages , 1998, RFC.

[9]  Francois Yergeau UTF-8, a transformation format of ISO 10646 , 1998, RFC.

[10]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers , 1989, RFC.

[11]  D. H. Crocker,et al.  Standard for the format of arpa intemet text messages , 1982 .

[12]  Burton S. Kaliski,et al.  The MD2 Message-Digest Algorithm , 1992, RFC.

[13]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[14]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[15]  David M. Balenson,et al.  Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers , 1993, RFC.

[16]  Vince Fuller,et al.  Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy , 1993, RFC.

[17]  Tim Berners-Lee,et al.  Uniform Resource Locators (URL) , 1994, RFC.

[18]  Steve Kent,et al.  Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[19]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[20]  Steve Kille,et al.  Using Domains in LDAP/X.500 Distinguished Names , 1998, RFC.