datatracker.ietf.org
Sign in
Version 5.6.3, 2014-09-19
Report a bug

Internet X.509 Public Key Infrastructure Qualified Certificates Profile
RFC 3039

Document type: RFC - Proposed Standard (January 2001; No errata)
Obsoleted by RFC 3739
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 3039 (Proposed Standard)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                       S. Santesson
Request for Comments: 3039                                      AddTrust
Category: Standards Track                                        W. Polk
                                                                    NIST
                                                               P. Barzin
                                                                  SECUDE
                                                              M. Nystrom
                                                            RSA Security
                                                            January 2001

                Internet X.509 Public Key Infrastructure
                     Qualified Certificates Profile

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   This document forms a certificate profile for Qualified Certificates,
   based on RFC 2459, for use in the Internet.  The term Qualified
   Certificate is used to describe a certificate with a certain
   qualified status within applicable governing law.  Further, Qualified
   Certificates are issued exclusively to physical persons.

   The goal of this document is to define a general syntax independent
   of local legal requirements.  The profile is however designed to
   allow further profiling in order to meet specific local needs.

   It is important to note that the profile does not define any legal
   requirements for Qualified Certificates.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.

Santesson, et al.           Standards Track                     [Page 1]
RFC 3039             Qualified Certificates Profile         January 2001

Table of Contents

   1  Introduction ................................................    2
   2  Requirements and Assumptions ................................    3
   2.1  Properties ................................................    4
   2.2  Statement of Purpose ......................................    5
   2.3  Policy Issues .............................................    5
   2.4  Uniqueness of names .......................................    5
   3  Certificate and Certificate Extensions Profile ..............    6
   3.1  Basic Certificate Fields ..................................    6
   3.1.1  Issuer ..................................................    6
   3.1.2  Subject .................................................    6
   3.2  Certificate Extensions ....................................    9
   3.2.1  Subject Directory Attributes ............................    9
   3.2.2  Certificate Policies ....................................   10
   3.2.3  Key Usage ...............................................   10
   3.2.4  Biometric Information ...................................   11
   3.2.5  Qualified Certificate Statements ........................   12
   4  Security Considerations .....................................   14
   5  References ..................................................   15
   6  Intellectual Property Rights ................................   16
   A  ASN.1 definitions ...........................................   17
   A.1  1988 ASN.1 Module .........................................   17
   A.2  1993 ASN.1 Module .........................................   19
   B  A Note on Attributes ........................................   24
   C.  Example Certificate ........................................   24
   C.1  ASN.1 Structure ...........................................   25
   C.1.1 Extensions ...............................................   25
   C.1.2 The certificate ..........................................   27
   C.2  ASN.1 Dump ................................................   29
   C.3  DER-encoding ..............................................   32
   C.4  CA's public key ...........................................   33
   Authors' Addresses .............................................   34
   Full Copyright Statement .......................................   35

1  Introduction

   This specification is one part of a family of standards for the X.509
   Public Key Infrastructure (PKI) for the Internet.  It is based on RFC

[include full document text]