profile
Click on the red underlined text to get to the source
... certificate revocation list (CRL) in
Section 5. The profiles include the identification of ISO/IEC/ITU and
...
... ANSI extensions which may be useful in the Internet PKI. The profiles
are presented in the 1988 Abstract Syntax Notation One (ASN.1 ...
...
The goal of this specification is to develop a profile to facilitate
the use of X.509 certificates within Internet applications ...
... and IPsec. In order to relieve some of the obstacles to using X.509
certificates, this document defines a profile to promote the
development of certificate management ...
...
Some communities will need to supplement, or possibly replace, this
profile in order to meet the requirements of specialized application
domains ...
... topology, especially
users of secure electronic mail. This profile supports users without
high bandwidth, real-time ...
... IP connectivity, or high connection
availability. In addition, the profile allows for the presence of
firewall or other filtered communication.
...
... profile does not assume the deployment of an X.500 Directory
system. The profile does not prohibit the use of an X.500 Directory,
but other means of distributing certificates ...
... IPsec within a router.
This profile recognizes the limitations of the platforms these users
employ and the limitations in sophistication and attentiveness of the
users themselves. This manifests itself in minimal user
...
... As with user expectations, the Internet PKI profile is structured to
support the individuals who generally operate CAs. Providing
...
... X.509 v3 systems for Internet use, it is necessary
to specify a profile for use of the X.509 v3 extensions tailored for
the Internet ...
... X.509 v3 extensions tailored for
the Internet. It is one goal of this document to specify a profile
for Internet WWW, electronic mail ...
... IPsec applications.
Environments with additional requirements may build on this profile
or may replace it.
...
... format needs to be profiled for Internet use. It is one goal of this
document to specify that profile. However, this profile does not
require CAs ...
... Internet use. It is one goal of this
document to specify that profile. However, this profile does not
require CAs to issue CRLs ...
...
This section presents a profile for public key certificates that will
foster interoperability ...
... version of the encoded certificate. When
extensions are used, as expected in this profile, use X.509 version 3
...
... distinguished names are irrelevant. The characters themselves are
compared without regard to encoding. Implementations of the profile
are permitted to use the comparison algorithm ...
...
For the purposes of this profile, GeneralizedTime values MUST be
expressed Greenwich Mean Time (Zulu) and MUST include seconds (i.e.,
...
... subject and/or
issuer names over time. This profile recommends that names not be
reused for different entities and that Internet certificates ...
... use of unique identifiers. CAs conforming to this profile SHOULD NOT
generate certificates with unique identifiers ...
... certificates with unique identifiers. Applications
conforming to this profile SHOULD be capable of parsing unique
identifiers and making comparisons.
...
...
At a minimum, applications conforming to this profile MUST recognize
the extensions which must or may be critical in this specification.
...
...
This profile does not restrict the combinations of bits that may be
set in an instantiation of the keyUsage extension. However,
...
... profile recommends against the use of this extension. CAs
conforming to this profile MUST NOT generate certificates with
critical ...
... times specified by the two components, respectively. CAs conforming
to this profile MUST NOT generate certificates with private key usage
...
...
To promote interoperability, this profile RECOMMENDS that policy
information terms consist of only an OID. Where an OID ...
... OID. Where an OID alone is
insufficient, this profile strongly recommends that use of qualifiers
be limited to those identified in this section.
...
... IA5String. While an empty string is a valid IA5String, such an
rfc822Name is not permitted by this profile. The behavior of clients
that encounter such a certificate ...
... that encounter such a certificate when processing a certificication
path is not defined by this profile.
...
... The subject directory attributes extension is not recommended as an
essential part of this profile, but it may be used in local
environments. This extension MUST be non-critical.
...
...
Within this profile, the minimum and maximum fields are not used with
any name forms, thus minimum is always zero, and maximum is always
absent.
...
... CRL information
is obtained. The extension SHOULD be non-critical, but this profile
recommends support for this extension by CAs and applications.
...
... As described above, one goal of this X.509 v2 CRL profile is to
foster the creation of an interoperable and reusable Internet PKI ...
... broader spectrum of operational and assurance requirements. This
profile establishes a common baseline for generic applications
requiring broad interoperability. The profile ...
... profile establishes a common baseline for generic applications
requiring broad interoperability. The profile defines a baseline set
of information that can be expected in every CRL. Also, the profile ...
... profile defines a baseline set
of information that can be expected in every CRL. Also, the profile
defines common locations within the CRL for frequently used
...
... Environments with additional or special purpose requirements may
build on this profile or may replace it.
...
... CA has not revoked any unexpired certificates that it
has issued. The profile requires conforming CAs to use the CRL
extension cRLNumber in all CRLs ...
... version of the encoded CRL. When
extensions are used, as required by this profile, this field MUST be
present and MUST specify version 2 (the integer value ...
... UTCTime for dates through the year 2049. CAs conforming to this
profile that issue CRLs MUST encode thisUpdate as GeneralizedTime for
dates in the year 2050 or later.
...
... UTCTime for dates through the year 2049. CAs conforming to this
profile that issue CRLs MUST encode nextUpdate as GeneralizedTime for
dates in the year 2050 or later.
...
... supersedes another CRL. CAs conforming to this profile MUST include
this extension in all CRLs.
...
... unique identifier fields or private critical extensions, as
recommended within this profile. However, if these components appear
in certificates, they MUST be processed. Finally, policy qualifiers
...
... This section describes cryptographic algorithms which may be used
with this profile. The section describes one-way hash functions and
digital signature ...
... A patent statement regarding the RSA algorithm can be found at the
end of this profile.
...
... The RSA algorithm is named for its inventors: Rivest, Shamir, and
Adleman. This profile includes three signature algorithms based on
...