datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

Internet X.509 Public Key Infrastructure Subject Identification Method (SIM)
RFC 4683

Document type: RFC - Proposed Standard (October 2006; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4683 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: kent@bbn.com, stefans@microsoft.com

Network Working Group                                            J. Park
Request for Comments: 4683                                        J. Lee
Category: Standards Track                                         H. Lee
                                                                    KISA
                                                                 S. Park
                                                                   BCQRE
                                                                 T. Polk
                                                                    NIST
                                                            October 2006

                Internet X.509 Public Key Infrastructure
                  Subject Identification Method (SIM)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document defines the Subject Identification Method (SIM) for
   including a privacy-sensitive identifier in the subjectAltName
   extension of a certificate.

   The SIM is an optional feature that may be used by relying parties to
   determine whether the subject of a particular certificate is also the
   person corresponding to a particular sensitive identifier.

Park, et al.                Standards Track                     [Page 1]
RFC 4683             Subject Identification Method          October 2006

Table of Contents

   1. Introduction ....................................................2
      1.1. Key Words ..................................................5
   2. Symbols .........................................................6
   3. Requirements ....................................................6
      3.1. Security Requirements ......................................6
      3.2. Usability Requirements .....................................7
      3.3. Solution ...................................................7
   4. Procedures ......................................................8
      4.1. SII and SIItype ............................................8
      4.2. User Chosen Password .......................................9
      4.3. Random Number Generation ...................................9
      4.4. Generation of SIM ..........................................9
      4.5. Encryption of PEPSI .......................................10
      4.6. Certification Request .....................................10
      4.7. Certification .............................................11
   5. Definition .....................................................11
      5.1. SIM Syntax ................................................11
      5.2. PEPSI .....................................................12
      5.3. Encrypted PEPSI ...........................................12
   6. Example Usage of SIM ...........................................13
   7. Name Constraints ...............................................13
   8. Security Considerations ........................................14
   9. Acknowledgements ...............................................15
   10. IANA Considerations ...........................................15
   11. References ....................................................15
      11.1. Normative References .....................................15
      11.2. Informative References ...................................15
   Appendix A.  "Compilable" ASN.1 Module, 1988 Syntax ...............18

1.  Introduction

   A Certification Authority (CA) issues X.509 public key certificates
   to bind a public key to a subject.  The subject is specified through
   one or more subject names in the "subject" or "subjectAltName" fields
   of a certificate.  The "subject" field contains a hierarchically
   structured distinguished name.  The "subjectAltName field" may
   contain an electronic mail address, IP address, or other name forms
   that correspond to the subject.

   For each particular CA, a subject name corresponds to a unique
   person, device, group, or role.  The CA will not knowingly issue
   certificates to multiple entities under the same subject name.  That
   is, for a particular certificate issuer, all currently valid
   certificates asserting the same subject name(s) are bound to the same
   entity.

Park, et al.                Standards Track                     [Page 2]
RFC 4683             Subject Identification Method          October 2006

[include full document text]