datatracker.ietf.org
Sign in
Version 5.7.1.p2, 2014-10-29
Report a bug

Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates
RFC 3709

Document type: RFC - Proposed Standard (February 2004; Errata)
Updated by RFC 6170
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3709 (Proposed Standard)
Responsible AD: Steven Bellovin
Send notices to: <kent@bbn.com>, <wpolk@nist.gov>

Network Working Group                                       S. Santesson
Request for Comments: 3709                                     Microsoft
Category: Standards Track                                     R. Housley
                                                          Vigil Security
                                                              T. Freeman
                                                               Microsoft
                                                           February 2004

               Internet X.509 Public Key Infrastructure:
                    Logotypes in X.509 Certificates

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document specifies a certificate extension for including
   logotypes in public key certificates and attribute certificates.

Santesson, et al.           Standards Track                     [Page 1]
RFC 3709            Logotypes in X.509 Certificates        February 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Certificate-based Identification . . . . . . . . . . . .  3
       1.2.  Selection of Certificates. . . . . . . . . . . . . . . .  4
       1.3.  Combination of Verification Techniques . . . . . . . . .  5
       1.4.  Terminology. . . . . . . . . . . . . . . . . . . . . . .  6
   2.  Different types of logotypes in Certificates . . . . . . . . .  6
   3.  Logotype Data. . . . . . . . . . . . . . . . . . . . . . . . .  6
   4.  Logotype Extension . . . . . . . . . . . . . . . . . . . . . .  7
       4.1.  Extension Format . . . . . . . . . . . . . . . . . . . .  7
       4.2.  Other Logotypes. . . . . . . . . . . . . . . . . . . . . 11
   5.  Type of Certificates . . . . . . . . . . . . . . . . . . . . . 12
   6.  Use in Clients . . . . . . . . . . . . . . . . . . . . . . . . 12
   7.  Security Considerations. . . . . . . . . . . . . . . . . . . . 13
   8.  IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 15
   9.  Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 15
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
       10.1. Normative References . . . . . . . . . . . . . . . . . . 16
       10.2. Informative References . . . . . . . . . . . . . . . . . 16
   A.  ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . . 17
   B.  Example Extension. . . . . . . . . . . . . . . . . . . . . . . 19
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 21

1.  Introduction

   This specification supplements RFC 3280 [PKIX-1], which profiles
   X.509 [X.509] certificates and certificate revocation lists (CRLs)
   for use in the Internet.

   The basic function of a certificate is to bind a public key to the
   identity of an entity (the subject).  From a strictly technical
   viewpoint, this goal could be achieved by signing the identity of the
   subject together with its public key.  However, the art of Public-Key
   Infrastructure (PKI) has developed certificates far beyond this
   functionality in order to meet the needs of modern global networks
   and heterogeneous IT structures.

   Certificate users must be able to determine certificate policies,
   appropriate key usage, assurance level, and name form constraints.
   Before a relying party can make an informed decision whether a
   particular certificate is trustworthy and relevant for its intended
   usage, a certificate may be examined from several different
   perspectives.

Santesson, et al.           Standards Track                     [Page 2]
RFC 3709            Logotypes in X.509 Certificates        February 2004

   Systematic processing is necessary to determine whether a particular
   certificate meets the predefined prerequisites for an intended usage.
   Much of the information contained in certificates is appropriate and
   effective for machine processing; however, this information is not
   suitable for a corresponding human trust and recognition process.

   Humans prefer to structure information into categories and symbols.
   Most humans associate complex structures of reality with easily
   recognizable logotypes and marks.  Humans tend to trust things that
   they recognize from previous experiences.  Humans may examine

[include full document text]