This document is a replacement for RFC 3280, the standard that
profiles X.509 certificate and CRL syntax for use in the IETF. RFC
3280 needed to be updated to track IETF support for internationalized
names, to correct errors that have been discovered since the
publication of 3280 five years ago. As part of the update, the
specification of the AIA certificate extension (an IETF "private"
extension) was incorporated into the document, instead of being a
standalone RFC. (4325). The document also updates the reference to the
list of supported algorithms used with certificates. The authors made
a minor modification to the text to make clear that hash algorithms
other than SHA-1 can be used in certain places, consistent with
Security Area policy to make all of our standards independent of
specific hash algorithms. The security considerations section was
expanded, to cal attention to more subtle (DoS) concerns that may
arise in some contexts. Despite the numerous tweaks and fixes, most
of the text in this document is unchanged form 3280. The end of the
introduction section of this document clearly summarizes the
differences between it and RFC 3280.
Working Group Summary
The working group had consensus to advance this specification as a
This specification was reviewed for the IESG by Sam Hartman.