Cryptographic Message Syntax (CMS) Content Constraints X.509 Certificate Extension
draft-ietf-pkix-cms-content-constraints-00
Document | Type |
Replaced Internet-Draft
(pkix WG)
Expired & archived
|
|
---|---|---|---|
Authors | Russ Housley , Sam Ashmore , Carl Wallace | ||
Last updated | 2008-10-06 | ||
Replaced by | draft-housley-cms-content-constraints-extn | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-housley-cms-content-constraints-extn | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document specifies the syntax and semantics for the Cryptographic Message Syntax (CMS) content constraints X.509 certificate extension. This extension is used to determine whether the public key in an X.509 public key certificate is appropriate to use in the processing of a protected content. In particular, the CMS content constraints certificate extension is one part of the authorization decision; it is used when validating a digital signature on a CMS SignedData content or validating a message authentication code (MAC) on a CMS AuthenticatedData content or CMS AuthEnvelopedData content. The signed or authenticated content type is identified by an ASN.1 object identifier, and this certificate extension indicates the content types that the certified public key is authorized to validate. If the authorization check is successful, the CMS content constraints certificate extension also provides default values for absent attributes.
Authors
Russ Housley
Sam Ashmore
Carl Wallace
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)