datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates
RFC 2528

Document type: RFC - Informational (March 1999)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 2528 (Informational)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                        R. Housley
Request for Comments: 2528                                       SPYRUS
Category: Informational                                         W. Polk
                                                                   NIST
                                                             March 1999

                Internet X.509 Public Key Infrastructure

         Representation of Key Exchange Algorithm (KEA) Keys in
         Internet X.509 Public Key Infrastructure Certificates

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Table of Contents

   Abstract ........................................................ 2
   1.  Executive Summary ........................................... 2
   2.  Requirements and Assumptions ................................ 2
   2.1.  Communication and Topology ................................ 2
   2.2.  Acceptability Criteria .................................... 2
   2.3.  User Expectations ......................................... 3
   2.4.  Administrator Expectations ................................ 3
   3.  KEA Algorithm Support ....................................... 3
   3.1.  Subject Public Key Info ................................... 3
   3.1.1.  Algorithm Identifier and Parameters ..................... 4
   3.1.2.  Encoding of KEA Public Keys ............................. 5
   3.2.  Key Usage Extension in KEA certificates ................... 5
   4. ASN.1 Modules ................................................ 5
   4.1 1988 Syntax ................................................. 5
   4.2 1993 Syntax ................................................. 6
   5. References ................................................... 6
   6. Security Considerations ...................................... 7
   7. Authors' Addresses ........................................... 8
   8. Full Copyright Statement ..................................... 9

Housley & Polk               Informational                      [Page 1]
RFC 2528                        PKIX KEA                      March 1999

Abstract

   The Key Exchange Algorithm (KEA) is a classified algorithm for
   exchanging keys.  This specification profiles the format and
   semantics of fields in X.509 V3 certificates containing KEA keys. The
   specification addresses the subjectPublicKeyInfo field and the
   keyUsage extension.

1.  Executive Summary

   This specification contains guidance on the use of the Internet
   Public Key Infrastructure certificates to convey Key Exchange
   Algorithm (KEA) keys. This specification is an addendum to RFC 2459,
   "Internet X.509 Public Key Infrastructure: Certificate and CRL
   Profile".  Implementations of this specification must also conform to
   RFC 2459.  Implementations of this specification are not required to
   conform to other parts from that series.

2.  Requirements and Assumptions

   The goal is to augment the X.509 certificate profile presented in
   Part 1 to facilitate the management of KEA keys for those communities
   which use this algorithm.

2.1.  Communication and Topology

   This profile, as presented in [RFC 2459] and augmented by this
   specification, supports users without high bandwidth, real-time IP
   connectivity, or high connection availability.  In addition, the
   profile allows for the presence of firewall or other filtered
   communication.

   This profile does not assume the deployment of an X.500 Directory
   system.  The profile does not prohibit the use of an X.500 Directory,
   but other means of distributing certificates and certificate
   revocation lists (CRLs) are supported.

2.2.  Acceptability Criteria

   The goal of the Internet Public Key Infrastructure (PKI) is to meet
   the needs of deterministic, automated identification, authentication,
   access control, and authorization functions. Support for these
   services determines the attributes contained in the certificate as
   well as the ancillary control information in the certificate such as
   policy data and certification path constraints.

Housley & Polk               Informational                      [Page 2]
RFC 2528                        PKIX KEA                      March 1999

   The goal of this document is to profile KEA certificates, specifying
   the contents and semantics of attributes which were not fully
   specified by [RFC 2459].  If not specifically addressed by this

[include full document text]