Technical Summary
This document specifies conventions for X.509 certificate usage by
S/MIME (Secure/Multipurpose Internet Mail Extensions) agents. S/MIME
provides a method to send and receive secure MIME messages, and
certificates are an integral part of S/MIME agent processing. S/MIME
agents validate certificates as described in RFC 3280, the Internet
X.509 Public Key Infrastructure Certificate and CRL Profile. S/MIME
agents must meet the certificate processing requirements in this
document as well as those in RFC 3280.
Working Group Summary
The S/MIME Working Group came to rough consensus on this document.
Protocol Quality
This document was reviewed by Russ Housley for the IESG.
RFC Editor Note
Please make the following changes in order to insert an appropriate
reference to the ASN.1 specification. Also, the definitions of BER
and DER are deleted since they are not used in the body of the text.
Finally, the [SMIME-MSG] reference is changed to point to the most
current specification, which is already in the RFC Editor queue.
1. Please add a reference to the definition of ASN.1.
OLD:
ASN.1: Abstract Syntax Notation One, as defined in ITU-T X.208.
NEW:
ASN.1: Abstract Syntax Notation One, as defined in ITU-T X.208
[X.208-88].
2. Please delete the definition of BER and DER.
OLD:
BER: Basic Encoding Rules for ASN.1, as defined in ITU-T X.209.
Certificate: A type that binds an entity's name to a public key with a
digital signature. This type is defined in the Internet X.509 Public
Key Infrastructure (PKIX) Certificate and CRL Profile [KEYM]. This
type also contains the distinguished name of the certificate issuer
(the signer), an issuer-specific serial number, the issuer's signature
algorithm identifier, a validity period, and extensions also defined
in that document.
Certificate Revocation List (CRL): A type that contains information
about certificates whose validity an issuer has prematurely revoked.
The information consists of an issuer name, the time of issue, the
next scheduled time of issue, a list of certificate serial numbers and
their associated revocation times, and extensions as defined in
[KEYM]. The CRL is signed by the issuer. The type intended by this
specification is the one defined in [KEYM].
DER: Distinguished Encoding Rules for ASN.1, as defined in ITU-T
X.690.
NEW:
Certificate: A type that binds an entity's name to a public key with a
digital signature. This type is defined in the Internet X.509 Public
Key Infrastructure (PKIX) Certificate and CRL Profile [KEYM]. This
type also contains the distinguished name of the certificate issuer
(the signer), an issuer-specific serial number, the issuer's signature
algorithm identifier, a validity period, and extensions also defined
in that document.
Certificate Revocation List (CRL): A type that contains information
about certificates whose validity an issuer has prematurely revoked.
The information consists of an issuer name, the time of issue, the
next scheduled time of issue, a list of certificate serial numbers and
their associated revocation times, and extensions as defined in
[KEYM]. The CRL is signed by the issuer. The type intended by this
specification is the one defined in [KEYM].
3. Please insert a normative reference to the ASN.1 specification.
OLD:
[SMIME-MSG] "S/MIME Version 3 Message Specification ", Internet Draft
draft-ietf-smime-msg
NEW:
[SMIME-MSG] "S/MIME Version 3.1 Message Specification ", Internet Draft
draft-ietf-smime-rfc2633bis-09
[X.208-88] ITU-T. Recommendation X.208: Specification of Abstract
Syntax Notation One (ASN.1). 1988.