datatracker.ietf.org
Sign in
Version 5.6.2.p5, 2014-08-04
Report a bug

Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols
RFC 3029

Document type: RFC - Experimental (February 2001; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 3029 (Experimental)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                           C. Adams
Request for Comments: 3029                          Entrust Technologies
Category: Experimental                                      P. Sylvester
                                     EdelWeb SA - Groupe ON-X Consulting
                                                            M. Zolotarev
                                      Baltimore Technologies Pty Limited
                                                           R. Zuccherato
                                                    Entrust Technologies
                                                           February 2001

                Internet X.509 Public Key Infrastructure
           Data Validation and Certification Server Protocols

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document describes a general Data Validation and Certification
   Server (DVCS) and the protocols to be used when communicating with
   it.  The Data Validation and Certification Server is a Trusted Third
   Party (TTP) that can be used as one component in building reliable
   non-repudiation services.

   Useful Data Validation and Certification Server responsibilities in a
   PKI are to assert the validity of signed documents, public key
   certificates, and the possession or existence of data.

   Assertions created by this protocol are called Data Validation
   Certificates (DVC).

   We give examples of how to use the Data Validation and Certification
   Server to extend the lifetime of a signature beyond key expiry or
   revocation and to query the Data Validation and Certification Server
   regarding the status of a public key certificate.  The document
   includes a complete example of a time stamping transaction.

Adams, et al.                 Experimental                      [Page 1]
RFC 3029                     DVCS Protocols                February 2001

Table of Contents

   1. Introduction .................................................  2
   2. Services provided by DVCS ....................................  4
    2.1 Certification of Possession of Data ........................  4
    2.2 Certification of Claim of Possession of Data ...............  4
    2.3 Validation of Digitally Signed Documents ...................  4
    2.4 Validation of Public Key Certificates ......................  5
   3. Data Certification Server Usage and Scenarii .................  5
   4. Functional Requirements for DVCS .............................  7
   5. Data Certification Server Transactions .......................  7
   6. Identification of the DVCS ...................................  8
   7. Common Data Types ............................................  9
    7.1 Version ....................................................  9
    7.2 DigestInfo ................................................. 10
    7.3. Time Values ............................................... 10
    7.4. PKIStatusInfo ............................................. 11
    7.5. TargetEtcChain ............................................ 11
    7.6. DVCSRequestInformation .................................... 12
    7.7. GeneralName and GeneralNames .............................. 13
   8. Data Validation and Certification Requests ................... 13
   9. DVCS Responses ............................................... 17
    9.1. Data Validation Certificate ............................... 18
    9.2. DVCS Error Notification ................................... 21
   10. Transports .................................................. 22
    10.1 DVCS Protocol via HTTP or HTTPS ........................... 22
    10.2 DVCS Protocol Using Email ................................. 22
   11. Security Considerations ..................................... 23
   12. Patent Information .......................................... 23
   13. References .................................................. 25
   14. Authors' Addresses .......................................... 26
   APPENDIX A - PKCS #9 Attribute .................................. 27
   APPENDIX B - Signed document validation ......................... 27
   APPENDIX C - Verifying the Status of a Public Key Certificate ... 28
   Appendix D - MIME Registration .................................. 30
   Appendix E - ASN.1 Module using 1988 Syntax ..................... 31
   Appendix F - Examples ........................................... 34
   Appendix G - Acknowledgements ................................... 50
   Full Copyright Statement ........................................ 51

[include full document text]