S/MIME Example Keys and Certificates
draft-dkg-lamps-samples-01
|
Document |
Type |
|
Active Internet-Draft (individual)
|
|
Last updated |
|
2019-11-20
|
|
Stream |
|
(None)
|
|
Intended RFC status |
|
(None)
|
|
Formats |
|
plain text
html
xml
pdf
htmlized
bibtex
|
Stream |
Stream state |
|
(No stream defined) |
|
Consensus Boilerplate |
|
Unknown
|
|
RFC Editor Note |
|
(None)
|
IESG |
IESG state |
|
I-D Exists
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
lamps D.K. Gillmor
Internet-Draft ACLU
Intended status: Informational 21 November 2019
Expires: 24 May 2020
S/MIME Example Keys and Certificates
draft-dkg-lamps-samples-01
Abstract
The S/MIME development community benefits from sharing samples of
signed or encrypted data. This document facilitates such
collaboration by defining a small set of X.509v3 certificates and
keys for use when generating such samples.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 24 May 2020.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Gillmor Expires 24 May 2020 [Page 1]
Internet-Draft S/MIME Example Keys and Certificates November 2019
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 3
2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 3
2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 4
2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 4
2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 4
2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Example Certificate Authority . . . . . . . . . . . . . . . . 5
3.1. Certificate Authority Certificate . . . . . . . . . . . . 5
3.2. Certificate Authority Secret Key . . . . . . . . . . . . 5
4. Alice's Sample . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Alice's End-Entity Certificate . . . . . . . . . . . . . 6
4.2. Alice's Private Key Material . . . . . . . . . . . . . . 7
4.3. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 8
5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 10
5.1. Bob's End-Entity Certificate . . . . . . . . . . . . . . 10
5.2. Bob's Private Key Material . . . . . . . . . . . . . . . 10
5.3. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
8. Document Considerations . . . . . . . . . . . . . . . . . . . 13
8.1. Document History . . . . . . . . . . . . . . . . . . . . 13
8.1.1. Substantive Changes from -00 to -01 . . . . . . . . . 13
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Normative References . . . . . . . . . . . . . . . . . . 14
10.2. Informative References . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction
The S/MIME ([RFC8551]) development community, in particular the
e-mail development community, benefits from sharing samples of signed
and/or encrypted data. Often the exact key material used does not
matter because the properties being tested pertain to implementation
correctness, completeness or interoperability of the overall system.
However, without access to the relevant secret key material, a sample
is useless.
This document defines a small set of X.509v3 certificates ([RFC5280])
and secret keys for use when generating or operating on such samples.
Show full document text