datatracker.ietf.org
Sign in
Version 5.6.2.p5, 2014-08-04
Report a bug

Internet X.509 Public Key Infrastructure Certificate and CRL Profile
RFC 2459

Document type: RFC - Proposed Standard (January 1999; Errata)
Obsoleted by RFC 3280
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 2459 (Proposed Standard)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                         R. Housley
Request for Comments: 2459                                        SPYRUS
Category: Standards Track                                        W. Ford
                                                                VeriSign
                                                                 W. Polk
                                                                    NIST
                                                                 D. Solo
                                                                Citicorp
                                                            January 1999

                Internet X.509 Public Key Infrastructure
                      Certificate and CRL Profile

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use
   in the Internet.  An overview of the approach and model are provided
   as an introduction.  The X.509 v3 certificate format is described in
   detail, with additional information regarding the format and
   semantics of Internet name forms (e.g., IP addresses).  Standard
   certificate extensions are described and one new Internet-specific
   extension is defined.  A required set of certificate extensions is
   specified.  The X.509 v2 CRL format is described and a required
   extension set is defined as well.  An algorithm for X.509 certificate
   path validation is described. Supplemental information is provided
   describing the format of public keys and digital signatures in X.509
   certificates for common Internet public key encryption algorithms
   (i.e., RSA, DSA, and Diffie-Hellman).  ASN.1 modules and examples are
   provided in the appendices.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.

Housley, et. al.            Standards Track                     [Page 1]
RFC 2459        Internet X.509 Public Key Infrastructure    January 1999

   Please send comments on this document to the ietf-pkix@imc.org mail
   list.

                           T?T?T?Ta?a?a?ab?b?b?bl?l?l?le?e?e?e o?o?o?of?f?f?f C?C?C?Co?o?o?on?n?n?nt?t?t?te?e?e?en?n?n?nt?t?t?ts?s?s?s

   1  Introduction ................................................    5
   2  Requirements and Assumptions ................................    6
   2.1  Communication and Topology ................................    6
   2.2  Acceptability Criteria ....................................    7
   2.3  User Expectations .........................................    7
   2.4  Administrator Expectations ................................    7
   3  Overview of Approach ........................................    7
   3.1  X.509 Version 3 Certificate ...............................    9
   3.2  Certification Paths and Trust .............................   10
   3.3  Revocation ................................................   12
   3.4  Operational Protocols .....................................   13
   3.5  Management Protocols ......................................   13
   4  Certificate and Certificate Extensions Profile ..............   15
   4.1  Basic Certificate Fields ..................................   15
   4.1.1  Certificate Fields ......................................   16
   4.1.1.1  tbsCertificate ........................................   16
   4.1.1.2  signatureAlgorithm ....................................   16
   4.1.1.3  signatureValue ........................................   17
   4.1.2  TBSCertificate ..........................................   17
   4.1.2.1  Version ...............................................   17
   4.1.2.2  Serial number .........................................   18
   4.1.2.3  Signature .............................................   18
   4.1.2.4  Issuer ................................................   18
   4.1.2.5  Validity ..............................................   21
   4.1.2.5.1  UTCTime .............................................   22
   4.1.2.5.2  GeneralizedTime .....................................   22
   4.1.2.6  Subject ...............................................   22
   4.1.2.7  Subject Public Key Info ...............................   23

[include full document text]