A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - X

certificate

Click on the red underlined text to get to the source

... [X.509] and [RFC3280], which defines underlying certificate formats and semantics needed for a full implementation of this standard. ...

... This profile includes specific mechanisms intended for use with Qualified Certificates. The term Qualified Certificates and the assumptions that affect the scope of this document are discussed in ...

... profile includes specific mechanisms intended for use with Qualified Certificates. The term Qualified Certificates and the assumptions that affect the scope of this document are discussed in Section 2. ...

... Section 3 defines requirements on certificate information content. This specification provides profiles for two certificate fields ...

... certificate information content. This specification provides profiles for two certificate fields: issuer and subject ...

... issuer and subject. It also provides profiles for four certificate extensions defined in RFC 3280^prop: subject alternate name, subject ...

... subject alternate name, subject directory attributes, certificate policies, and key usage, and it defines two additional extensions: biometric information and ...

... key usage, and it defines two additional extensions: biometric information and qualified certificate statements. The certificate extensions are presented in the 1997 Abstract Syntax Notation ...

... defines two additional extensions: biometric information and qualified certificate statements. The certificate extensions are presented in the 1997 Abstract Syntax Notation One (ASN.1 ...

... already defined in RFC 3280^prop. Appendix B contains a note on attributes. Appendix C contains an example certificate. The appendices sections are followed by the References, Authors ...

... sections to clarify that this profile is generally applicable to a broad type of certificates, even if its prime purpose is to facilitate issuance of Qualified Certificates. ...

... to a broad type of certificates, even if its prime purpose is to facilitate issuance of Qualified Certificates. * To align with RFC 3280^prop ...

2. Requirements and Assumptions

... The term "Qualified Certificate" is used by the European Directive on Electronic Signature ...

... Electronic Signature [EU-ESDIR] to refer to a specific type of certificates, with appliance in European electronic signature legislation. This specification is intended to support this class ...

... legislation. This specification is intended to support this class of certificates, but its scope is not limited to this application. Within this standard, the term "Qualified Certificate ...

... certificates, but its scope is not limited to this application. Within this standard, the term "Qualified Certificate" is used generally, describing a certificate whose primary purpose is to ...

... Within this standard, the term "Qualified Certificate" is used generally, describing a certificate whose primary purpose is to identify a person with a high level of assurance, where the ...

... identify a person with a high level of assurance, where the certificate meets some qualification requirements defined by an applicable legal framework ...

... Electronic Signature [EU-ESDIR]. The actual mechanisms that decide whether a certificate should or should not be considered a "Qualified Certificate" in regard to any legislation are outside the scope of ...

... whether a certificate should or should not be considered a "Qualified Certificate" in regard to any legislation are outside the scope of this standard. ...

... Harmonization in the field of identity certificates issued to natural persons, in particular Qualified Certificates, is essential within ...

... identity certificates issued to natural persons, in particular Qualified Certificates, is essential within several aspects that fall outside the scope of RFC 3280^prop. The most ...

... jurisdiction under which the CA operates when issuing a particular certificate. - Definition of key usage ...

... - Definition of key usage extension usage for Qualified Certificates. - Definition of information structure for storage of biometric ...

... - Definition of a standardized way to store predefined statements with relevance for Qualified Certificates. - Requirements ...

... This profile accommodates profiling needs for Qualified Certificates based on the assumptions that: ...

... based on the assumptions that: - Qualified Certificates are issued by a CA that makes a statement that the certificate ...

... Certificates are issued by a CA that makes a statement that the certificate serves the purpose of a Qualified Certificate, as discussed in Section 2.2. ...

... that the certificate serves the purpose of a Qualified Certificate, as discussed in Section 2.2. - The Qualified Certificate ...

... Certificate, as discussed in Section 2.2. - The Qualified Certificate indicates a certificate policy consistent with liabilities, practices, and procedures undertaken ...

... - The Qualified Certificate indicates a certificate policy consistent with liabilities, practices, and procedures undertaken by the CA ...

... CA, as discussed in Section 2.3. - The Qualified Certificate is issued to a natural person (living human being). ...

... human being). - The Qualified Certificate contains a name which may be either based on the real name of the subject or a pseudonym ...

... This profile defines conventions to declare within a certificate that it serves the purpose of being a Qualified Certificate. This enables ...

... profile defines conventions to declare within a certificate that it serves the purpose of being a Qualified Certificate. This enables the CA to explicitly define this intent. ...

... entity in evaluating the risk associated with creating or accepting signatures that are based on a Qualified Certificate. This profile ...

... profile defines two ways to include this information: - As information defined by a certificate policy included in the certificate policies extension, and ...

... - As information defined by a certificate policy included in the certificate policies extension, and - As a statement included in the Qualified Certificates ...

... certificate policies extension, and - As a statement included in the Qualified Certificates Statements extension. ...

... profile to specify any policies or legal aspects that will govern services that issue or utilize certificates according to this profile. ...

... profile that a responsible issuing CA will undertake to follow a certificate policy that is consistent with its liabilities, practices, and procedures. ...

3. Certificate and Certificate Extensions Profile

... Certificate and Certificate Extensions Profile ...

... This section defines certificate profiling conventions. The profile is based on the Internet ...

... profile is based on the Internet certificate profile RFC 3280^prop, which in turn ...

... Basic Certificate Fields ...

... This section provides additional details regarding the contents of two fields in the basic certificate. These fields are the issuer and subject ...

... The issuer field SHALL identify the organization responsible for issuing the certificate. The name SHOULD be an officially registered name of the organization. ...

... necessary to identify the issuing organization. A relying party MAY have to consult associated certificate policies and/or the issuer's CPS ...

... The subject field of a certificate compliant with this profile SHALL contain a distinguished name ...

... Certificate Extensions ...

... This section provides additional details regarding the contents of four certificate extensions defined in RFC 3280^prop: Subject Alternative Name ...

... Subject Alternative Name, Subject directory attributes, Certificate policies, and Key usage. This section also defines two additional extensions: biometric information and qualified certificate ...

... Certificate policies, and Key usage. This section also defines two additional extensions: biometric information and qualified certificate statements. ...

... change of date due to time zone adjustments. For example, a birth date of September 27, 1959 is encoded as "19590927120000Z". Compliant certificate parsing applications SHOULD ignore any time data and just present the contained date without any time zone adjustments. ...

... identifier of at least one of the subject's claimed countries of citizenship at the time the certificate was issued. If more than one country of citizenship is specified, each country of citizenship SHOULD be specified through a separate, single-valued ...

... Certificate Policies ...

... The certificate policies extension SHALL be present and SHALL contain the identifier of at least one certificate policy ...

... certificate policies extension SHALL be present and SHALL contain the identifier of at least one certificate policy which reflects the practices and procedures undertaken by the CA. The certificate policy ...

... certificate policy which reflects the practices and procedures undertaken by the CA. The certificate policy extension MAY be marked critical. ...

... Information provided by the issuer stating the purpose of the certificate, as discussed in Section 2.2, SHOULD be evident through indicated policies. ...

... indicated policies. The certificate policies extension MUST include all policy information needed for certification path validation ...

... The certificate policies extension MUST include all policy information needed for certification path validation. If policy related statements are included in the QCStatements extension (see ...

... identified policies. Certificate policies MAY be combined with any qualifier defined in RFC 3280^prop. ...

... Qualified Certificate Statements ...

... This section defines an OPTIONAL extension for the inclusion of statements defining explicit properties of the certificate. Each statement SHALL include an object identifier ...

... define the semantics, a relying party may have to consult a relevant certificate policy or CPS to determine the exact semantics. ...

... critical and -- non-critical Qualified Certificate Statements. Either all -- statements must be critical or all statements must be ...

... A statement suitable for inclusion in this extension MAY be a statement by the issuer that the certificate is issued as a Qualified Certificate in accordance with a particular legal system (as ...

... issuer that the certificate is issued as a Qualified Certificate in accordance with a particular legal system (as discussed in Section 2.2). ...

... Other statements suitable for inclusion in this extension MAY be statements related to the applicable legal jurisdiction within which the certificate is issued. As an example, this MAY include a maximum reliance limit for the certificate indicating restrictions on CA ...

... the certificate is issued. As an example, this MAY include a maximum reliance limit for the certificate indicating restrictions on CA's liability. ...

... The certificate statement (id-qcs-pkixQCSyntax-v1), identifies conformance with requirements defined in the obsoleted RFC 3039(-> 3739^prop) ...

... (Version 1). This statement is thus provided for identification of old certificates issued in conformance with RFC 3039(-> 3739^prop). This statement MUST NOT be included in certificates ...

... certificates issued in conformance with RFC 3039(-> 3739^prop). This statement MUST NOT be included in certificates issued in accordance with this profile. ...

... This profile includes a new qualified certificate statement (identified by the OID id-qcs-pkixQCSyntax-v2), identifying ...

... requirements defined in this profile. This Qualified Certificate profile is referred to as version 2, while RFC ...

... -- This statement identifies conformance with requirements -- defined in this Qualified Certificate profile -- (Version 2 ...

... OID, defining semantics for attributes and names in basic certificate fields and certificate extensions. The OID may define semantics ...

... defining semantics for attributes and names in basic certificate fields and certificate extensions. The OID may define semantics for ...

... identifier OID, by a certificate policy (or CPS), or some other implicit factors. ...

4. Security Considerations

... digital signature that is validated with a Qualified Certificate will be highly dependent upon the policy governing the use of the associated private key. Both the private key holder ...

... involved parties, certain conditions should exist before CAs issue certificates as Qualified Certificates. The associated private keys ...

... CAs issue certificates as Qualified Certificates. The associated private keys must be unique for the subject ...

... subject's sole control. That is, a CA should not issue a qualified certificate if the means to use the private key is not protected against unintended usage. This implies that the CA ...

... CA must further verify that the public key contained in the certificate is legitimately representing the subject. ...

... CAs should not issue CA certificates with policy mapping extensions indicating acceptance of another CA's policy unless these conditions ...

... Combining the nonRepudiation bit in the keyUsage certificate extension with other keyUsage bits may have security implications ...

... security implications depending on the context in which the certificate is to be used. Applications validating electronic signatures based on such ...

... Applications validating electronic signatures based on such certificates should determine whether the present key usage combination is appropriate for their use. ...

... combination is appropriate for their use. The ability to compare two qualified certificates to determine if they represent the same physical entity ...

... issuers. Comparing names without knowledge of the semantics of names in these particular certificates may provide misleading results. ...

5. A. ASN.1 Definitions

... Country Code -- Certificate extensions -- Biometric info extension ...

... critical and -- non-critical Qualified Certificate Statements. Either all -- statements must be critical or all statements must be ...

... -- This statement identifies conformance with requirements -- defined in this Qualified Certificate profile -- (Version 2 ...

... id-pda-countryOfResidence AttributeType ::= { id-pda 5 } -- Certificate extensions id-pe-biometricInfo OBJECT IDENTIFIER ...

... ID id-pda-countryOfResidence } -- Certificate extensions -- Biometric info extension ...

... critical and -- non-critical Qualified Certificate Statements. Either all -- statements must be critical or all statements must be ...

... -- This statement identifies conformance with requirements -- defined in this Qualified Certificate profile -- (Version 2 ...

6. B. A Note on Attributes

... This document defines several new attributes, both for use in the subject field of issued certificates and in the subjectDirectoryAttributes extension. A complete definition of these new attributes (including matching rules ...

7. C. Example Certificate

... C. Example Certificate ...

... DER-encoding of a certificate issued in conformance with this profile. The example has been developed with the help of the OSS ...

... profile. The example has been developed with the help of the OSS ASN.1 compiler. The certificate has the following characteristics: 1. The certificate ...

... certificate has the following characteristics: 1. The certificate is signed with RSA and the SHA-1 hash ...

... - Forschungszentrum Informationstechnik GmbH, C=DE 4. The certificate was issued on 1 February, 2004 and will expire on 1 February, 2008 ...

... on 1 February, 2008 5. The certificate contains a 1024 bit RSA key ...

... RSA key 6. The certificate includes a critical key usage extension ...

... non-repudiation 7. The certificate includes a certificate policy identifier extension indicating the practices and procedures undertaken ...

... 7. The certificate includes a certificate policy identifier extension indicating the practices and procedures undertaken by the issuing CA ...

... object identifier 1.3.36.8.1.1). The certificate policy object identifier is defined by TeleTrust, Germany. ...

... Germany. 8. The certificate includes a subject directory attributes extension containing the following attributes: ...

... gender: Female 9. The certificate includes a qualified statement certificate extension indicating that the naming registration authority's ...

... 9. The certificate includes a qualified statement certificate extension indicating that the naming registration authority's name is "municipality@darmstadt.de". ...

... name is "municipality@darmstadt.de". 10. The certificate includes, in conformance with RFC 3280^prop, an authority ...

... C.1.2. The Certificate ...

... The signed portion of the certificate is shown here in the value notation defined in [X.680]. Note that extension values are already ...

... This section contains an ASN.1 dump of the signed portion of the certificate. Some values have been truncated for readability purposes. ...

... This section contains the full, DER-encoded certificate, in hex. 30820310 30820279 A0030201 02020449 9602D230 0D06092A 864886F7 0D010105 ...

... RSA key of the CA who signed the example certificate. It is included with the purpose of simplifying verifications of the example certificate ...

... certificate. It is included with the purpose of simplifying verifications of the example certificate. 30818902818100c88f4bdb66f713ba3dd7a9069880e888d4321acb53cda7fcdf ...

8. References

... Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile ...

... X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile", RFC 3280^prop ...

... ISO/IEC 9594-8:2001, Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - X

Previous | Next

Frontpage | Contents | Keywords

RFC-Ref.org

Sister Sites

Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org