S/MIME Version 2 Certificate Handling
RFC 2312

Document Type RFC - Historic (March 1998; No errata)
Was draft-dusse-smime-cert (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2312 (Historic)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                           S. Dusse
Request for Comments: 2312                             RSA Data Security
Category: Informational                                       P. Hoffman
                                                Internet Mail Consortium
                                                             B. Ramsdell
                                                               Worldtalk
                                                            J. Weinstein
                                                                Netscape
                                                              March 1998

                 S/MIME Version 2 Certificate Handling

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

1. Overview

   S/MIME (Secure/Multipurpose Internet Mail Extensions), described in
   [SMIME-MSG], provides a method to send and receive secure MIME
   messages. In order to validate the keys of a message sent to it, an
   S/MIME agent needs to certify that the key is valid. This memo
   describes the mechanisms S/MIME uses to create and validate keys
   using certificates.

   This specification is compatible with PKCS #7 in that it uses the
   data types defined by PKCS #7. It also inherits all the varieties of
   architectures for certificate-based key management supported by PKCS
   #7.  Note that the method S/MIME messages make certificate requests
   is defined in [SMIME-MSG].

   In order to handle S/MIME certificates, an agent has to follow
   specifications in this memo, as well as some of the specifications
   listed in the following documents:

    - "PKCS #1: RSA Encryption", [PKCS-1].
    - "PKCS #7: Cryptographic Message Syntax", [PKCS-7]
    - "PKCS #10: Certification Request Syntax", [PKCS-10].

Dusse, et. al.               Informational                      [Page 1]
RFC 2312        S/MIME Version 2 Certificate Handling         March 1998

   Please note: The information in this document is historical material
   being published for the public record. It is not an IETF standard.
   The use of the word "standard" in this document indicates a standard
   for adopters of S/MIME version 2, not an IETF standard.

1.1 Definitions

   For the purposes of this memo, the following definitions apply.

   ASN.1: Abstract Syntax Notation One, as defined in CCITT X.208.

   BER: Basic Encoding Rules for ASN.1, as defined in CCITT X.209.

   Certificate: A type that binds an entity's distinguished name to a
   public key with a digital signature. This type is defined in CCITT
   X.509 [X.509].  This type also contains the distinguished name of the
   certificate issuer (the signer), an issuer-specific serial number,
   the issuer's signature algorithm identifier, and a validity period.

   Certificate Revocation List (CRL): A type that contains information
   about certificates whose validity an issuer has prematurely revoked.
   The information consists of an issuer name, the time of issue, the
   next scheduled time of issue, and a list of certificate serial
   numbers and their associated revocation times. The CRL is signed by
   the issuer. The type intended by this specification is the one
   defined in [KEYM].

   DER: Distinguished Encoding Rules for ASN.1, as defined in CCITT
   X.509.

1.2 Compatibility with Prior Practice of S/MIME

   Appendix C contains important information about how S/MIME agents
   following this specification should act in order to have the greatest
   interoperability with earlier implementations of S/MIME.

1.3 Terminology

   Throughout this memo, the terms MUST, MUST NOT, SHOULD, and SHOULD
   NOT are used in capital letters. This conforms to the definitions in
   [MUSTSHOULD].  [MUSTSHOULD] defines the use of these key words to
   help make the intent of standards track documents as clear as
   possible. The same key words are used in this document to help
   implementors achieve interoperability.

Dusse, et. al.               Informational                      [Page 2]
RFC 2312        S/MIME Version 2 Certificate Handling         March 1998

2. PKCS #7 Options

   The PKCS #7 message format allows for a wide variety of options in
   content and algorithm support. This section puts forth a number of
   support requirements and recommendations in order to achieve a base
   level of interoperability among all S/MIME implementations. Most of
   the PKCS #7 format for S/MIME messages is defined in [SMIME-MSG].

2.1 CertificateRevocationLists

   Receiving agents MUST support for the Certificate Revocation List
   (CRL) format defined in [KEYM]. If sending agents include CRLs in
   outgoing messages, the CRL format defined in [KEYM] MUST be used.

   All agents MUST validate CRLs and check certificates against CRLs, if
Show full document text