Skip to main content

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

The information below is for an old version of the document that is already published as an RFC.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 3280.
Authors Russ Housley , Tim Polk , Dr. Warwick S. Ford , David Solo
Last updated 2020-01-21 (Latest revision 2002-01-18)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Proposed Standard
Additional resources Mailing list discussion
Stream WG state (None)
Document shepherd (None)
IESG IESG state Became RFC 3280 (Proposed Standard)
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
A new Request for Comments is now available in online RFC libraries.

        RFC 3280

        Title:      Internet X.509 Public Key Infrastructure
                    Certificate and Certificate Revocation List (CRL)
        Author(s):  R. Housley, W. Polk, W. Ford, D. Solo
        Status:     Standards Track
        Date:       April 2002
        Pages:      129
        Characters: 295556
        Updates/Obsoletes/SeeAlso:    None

        I-D Tag:    draft-ietf-pkix-new-part1-12.txt


This memo profiles the X.509 v3 certificate and X.509 v2 Certificate
Revocation List (CRL) for use in the Internet.  An overview of this
approach and model are provided as an introduction.  The X.509 v3
certificate format is described in detail, with additional information
regarding the format and semantics of Internet name forms.  Standard
certificate extensions are described and two Internet-specific
extensions are defined.  A set of required certificate extensions is
specified.  The X.509 v2 CRL format is described in detail, and
required extensions are defined.  An algorithm for X.509 certification
path validation is described.  An ASN.1 module and examples are
provided in the appendices.

This document is a product of the Internet X.509 Public Key
Infrastructure (PKIX) Working Group of the IETF.

This is now a Proposed Standard Protocol.

This document specifies an Internet standards track protocol for
the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the
"Internet Official Protocol Standards" (STD 1) for the
standardization state and status of this protocol.  Distribution
of this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.echo 
Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.