Internet Engineering Task Force (IETF) S. Turner
Request for Comments: 5913 IECA
Category: Standards Track S. Chokhani
ISSN: 2070-1721 Cygnacom Solutions
June 2010
Clearance Attribute and Authority Clearance Constraints
Certificate Extension
Abstract
This document defines the syntax and semantics for the Clearance
attribute and the Authority Clearance Constraints extension in X.509
certificates. The Clearance attribute is used to indicate the
clearance held by the subject. The Clearance attribute may appear in
the subject directory attributes extension of a public key
certificate or in the attributes field of an attribute certificate.
The Authority Clearance Constraints certificate extension values in a
Trust Anchor (TA), in Certification Authority (CA) public key
certificates, and in an Attribute Authority (AA) public key
certificate in a certification path for a given subject constrain the
effective Clearance of the subject.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5913.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Turner & Chokhani Standards Track [Page 1]
RFC 5913 Clearance and Authority Clearance Constraints June 2010
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
1.1. Terminology ................................................4
1.2. ASN.1 Syntax Notation ......................................4
2. Clearance Attribute .............................................4
3. Authority Clearance Constraints Certificate Extension ...........5
4. Processing Clearance and Authority Clearance Constraints
in a PKC ........................................................6
4.1. Collecting Constraints .....................................7
4.1.1. Certification Path Processing .......................7
4.1.1.1. Inputs .....................................8
4.1.1.2. Initialization .............................8
4.1.1.3. Basic Certificate Processing ...............8
4.1.1.4. Preparation for Certificate i+1 ............9
4.1.1.5. Wrap-up Procedure ..........................9
4.1.1.5.1. Wrap Up Clearance ...............9
4.1.1.6. Outputs ...................................10
5. Clearance and Authority Clearance Constraints
Processing in AC ...............................................10
5.1. Collecting Constraints ....................................11
5.1.1. Certification Path Processing ......................11
5.1.1.1. Inputs ....................................11
5.1.1.2. Initialization ............................11
5.1.1.3. Basic PKC Processing ......................12
5.1.1.4. Preparation for Certificate i+1 ...........12
5.1.1.5. Wrap-up Procedure .........................12
5.1.1.5.1. Wrap Up Clearance ..............12
5.1.1.6. Outputs ...................................12
6. Computing the Intersection of permitted-clearances and
Authority Clearance Constraints Extension ......................12
7. Computing the Intersection of securityCategories ...............13
8. Recommended securityCategories .................................15
datatracker.ietf.org