datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

Internet X.509 Public Key Infrastructure: Qualified Certificates Profile
RFC 3739

Document type: RFC - Proposed Standard (March 2004; Errata)
Obsoletes RFC 3039
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3739 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: No addresses provided

Network Working Group                                       S. Santesson
Request for Comments: 3739                                     Microsoft
Obsoletes: 3039                                               M. Nystrom
Category: Standards Track                                   RSA Security
                                                                 T. Polk
                                                                    NIST
                                                              March 2004

               Internet X.509 Public Key Infrastructure:
                     Qualified Certificates Profile

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document forms a certificate profile, based on RFC 3280, for
   identity certificates issued to natural persons.

   The profile defines specific conventions for certificates that are
   qualified within a defined legal framework, named Qualified
   Certificates.  However, the profile does not define any legal
   requirements for such Qualified Certificates.

   The goal of this document is to define a certificate profile that
   supports the issuance of Qualified Certificates independent of local
   legal requirements.  The profile is however not limited to Qualified
   Certificates and further profiling may facilitate specific local
   needs.

Santesson, et al.           Standards Track                     [Page 1]
RFC 3739             Qualified Certificates Profile           March 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Changes since RFC 3039 . . . . . . . . . . . . . . . . .  3
       1.2.  Definitions. . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Requirements and Assumptions . . . . . . . . . . . . . . . . .  4
       2.1.  Properties . . . . . . . . . . . . . . . . . . . . . . .  5
       2.2.  Statement of Purpose . . . . . . . . . . . . . . . . . .  5
       2.3.  Policy Issues. . . . . . . . . . . . . . . . . . . . . .  5
       2.4.  Uniqueness of Names. . . . . . . . . . . . . . . . . . .  6
   3.  Certificate and Certificate Extensions Profile . . . . . . . .  6
       3.1.  Basic Certificate Fields . . . . . . . . . . . . . . . .  6
             3.1.1.  Issuer . . . . . . . . . . . . . . . . . . . . .  6
             3.1.2.  Subject. . . . . . . . . . . . . . . . . . . . .  7
       3.2.  Certificate Extensions . . . . . . . . . . . . . . . . .  9
             3.2.1.  Subject Alternative Name . . . . . . . . . . . .  9
             3.2.2.  Subject Directory Attributes . . . . . . . . . .  9
             3.2.3.  Certificate Policies . . . . . . . . . . . . . . 11
             3.2.4.  Key Usage. . . . . . . . . . . . . . . . . . . . 11
             3.2.5.  Biometric Information. . . . . . . . . . . . . . 11
             3.2.6.  Qualified Certificate Statements . . . . . . . . 13
   4.  Security Considerations. . . . . . . . . . . . . . . . . . . . 15
   A.  ASN.1 Definitions. . . . . . . . . . . . . . . . . . . . . . . 17
       A.1.  1988 ASN.1 Module (Normative). . . . . . . . . . . . . . 17
       A.2.  1997 ASN.1 Module (Informative). . . . . . . . . . . . . 19
   B.  A Note on Attributes . . . . . . . . . . . . . . . . . . . . . 23
   C.  Example Certificate. . . . . . . . . . . . . . . . . . . . . . 23
       C.1.  ASN.1 Structure. . . . . . . . . . . . . . . . . . . . . 24
             C.1.1.  Extensions . . . . . . . . . . . . . . . . . . . 24
             C.1.2.  The Certificate. . . . . . . . . . . . . . . . . 25
       C.2.  ASN.1 Dump . . . . . . . . . . . . . . . . . . . . . . . 27
       C.3.  DER-encoding . . . . . . . . . . . . . . . . . . . . . . 30
       C.4.  CA's Public Key. . . . . . . . . . . . . . . . . . . . . 31
   References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 34

1.  Introduction

   This specification is one part of a family of standards for the X.509
   Public Key Infrastructure (PKI) for the Internet.  It is based on
   [X.509] and [RFC 3280], which defines underlying certificate formats
   and semantics needed for a full implementation of this standard.

   This profile includes specific mechanisms intended for use with
   Qualified Certificates.  The term Qualified Certificates and the

[include full document text]