RFC 2459:Internet X.509 Public Key Infrastructure ...

RFC-Ref

Previous | Next

Frontpage | Contents | Keywords

Internet X.509 Public Key Infrastructure Certificate and CRL Profile

1. Introduction

2. Requirements and Assumptions

2.1. Communication and Topology

2.2. Acceptability Criteria

2.3. User Expectations

2.4. Administrator Expectations

3. Overview of Approach

3.1. X.509 Version 3 Certificate

3.2. Certification Paths and Trust

3.3. Revocation

3.4. Operational Protocols

3.5. Management Protocols

4. Certificate and Certificate Extensions Profile

4.1. Basic Certificate Fields

4.1.1. Certificate Fields

4.1.1.1. tbsCertificate

4.1.1.2. signatureAlgorithm

4.1.1.3. signatureValue

4.1.2. TBSCertificate

4.1.2.1. Version

4.1.2.2. Serial number

4.1.2.3. Signature

4.1.2.4. Issuer

4.1.2.5. Validity

4.1.2.5.1. UTCTime

4.1.2.5.2. GeneralizedTime

4.1.2.6. Subject

4.1.2.7. Subject Public Key Info

4.1.2.8. Unique Identifiers

4.1.2.9. Extensions

4.2. Standard Certificate Extensions

4.2.1. Standard Extensions

4.2.1.1. Authority Key Identifier

4.2.1.2. Subject Key Identifier

4.2.1.3. Key Usage

4.2.1.4. Private Key Usage Period

4.2.1.5. Certificate Policies

4.2.1.6. Policy Mappings

4.2.1.7. Subject Alternative Name

4.2.1.8. Issuer Alternative Names

4.2.1.9. Subject Directory Attributes

4.2.1.10. Basic Constraints

4.2.1.11. Name Constraints

4.2.1.12. Policy Constraints

4.2.1.13. Extended key usage field

4.2.1.14. CRL Distribution Points

4.2.2. Private Internet Extensions

4.2.2.1. Authority Information Access

5. CRL and CRL Extensions Profile

5.1. CRL Fields

5.1.1. CertificateList Fields

5.1.1.1. tbsCertList

5.1.1.2. signatureAlgorithm

5.1.1.3. signatureValue

5.1.2. Certificate List "To Be Signed"

5.1.2.1. Version

5.1.2.2. Signature

5.1.2.3. Issuer Name

5.1.2.4. This Update

5.1.2.5. Next Update

5.1.2.6. Revoked Certificates

5.1.2.7. Extensions

5.2. CRL Extensions

5.2.1. Authority Key Identifier

5.2.2. Issuer Alternative Name

5.2.3. CRL Number

5.2.4. Delta CRL Indicator

5.2.5. Issuing Distribution Point

5.3. CRL Entry Extensions

5.3.1. Reason Code

5.3.2. Hold Instruction Code

5.3.3. Invalidity Date

5.3.4. Certificate Issuer

6. Certification Path Validation

6.1. Basic Path Validation

6.2. Extending Path Validation

7. Algorithm Support

7.1. One-way Hash Functions

7.1.1. MD2 One-way Hash Function

7.1.2. MD5 One-way Hash Function

7.1.3. SHA-1 One-way Hash Function

7.2. Signature Algorithms

7.2.1. RSA Signature Algorithm

7.2.2. DSA Signature Algorithm

7.3. Subject Public Key Algorithms

7.3.1. RSA Keys

7.3.2. Diffie-Hellman Key Exchange Key

7.3.3. DSA Signature Keys

9. Intellectual Property Rights

10. Security Considerations

11. Appendix A. Psuedo-ASN.1 Structures and OIDs

11.1. A.1 Explicitly Tagged Module, 1988 Syntax

11.2. A.2 Implicitly Tagged Module, 1988 Syntax

12. Appendix B. 1993 ASN.1 Structures and OIDs

12.1. B.1 Explicitly Tagged Module, 1993 Syntax

12.2. B.2 Implicitly Tagged Module, 1993 Syntax

13. Appendix C. ASN.1 Notes

14. Appendix D. Examples

14.1. D.1 Certificate

14.2. D.2 Certificate

14.3. D.3 End-Entity Certificate Using RSA

14.4. D.4 Certificate Revocation List

15. Appendix E. Authors' Addresses

16. Appendix F. Full Copyright Statement

Previous | Next

Frontpage | Contents | Keywords

RFC-Ref.org

Sister Sites

Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org