datatracker.ietf.org
Sign in
Version 5.3.1, 2014-04-16
Report a bug

Suite B Certificate and Certificate Revocation List (CRL) Profile
RFC 5759

Internet Engineering Task Force (IETF)                        J. Solinas
Request for Comments: 5759                                    L. Zieglar
Category: Informational                                              NSA
ISSN: 2070-1721                                             January 2010

   Suite B Certificate and Certificate Revocation List (CRL) Profile

Abstract

   This document specifies a base profile for X.509 v3 Certificates and
   X.509 v2 Certificate Revocation Lists (CRLs) for use with the United
   States National Security Agency's Suite B Cryptography.  The reader
   is assumed to have familiarity with RFC 5280, "Internet X.509 Public
   Key Infrastructure Certificate and Certificate Revocation List (CRL)
   Profile".

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc5759.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Solinas & Zieglar             Informational                     [Page 1]
RFC 5759           Suite B Certificate and CRL Profile      January 2010

Table of Contents

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................3
   3. Requirements and Assumptions ....................................3
      3.1. Implementing Suite B .......................................3
      3.2. Suite B Object Identifiers .................................4
   4. Suite B Certificate and Certificate Extensions Profile ..........4
      4.1. signatureAlgorithm .........................................4
      4.2. signatureValue .............................................5
      4.3. Version ....................................................6
      4.4. SubjectPublicKeyInfo .......................................6
      4.5. Certificate Extensions for Particular Types of
           Certificates ...............................................7
           4.5.1. Suite B Self-Signed CA Certificates .................7
           4.5.2. Suite B Non-Self-Signed CA Certificates .............8
           4.5.3. Suite B End Entity Signature and Key
                  Establishment Certificates ..........................8
   5. Suite B CRL and CRL Extensions Profile ..........................9
   6. Security Considerations .........................................9
   7. IANA Considerations .............................................9
   8. References .....................................................10
      8.1. Normative References ......................................10
      8.2. Informative References ....................................10

1.  Introduction

   This document specifies a base profile for X.509 v3 Certificates and
   X.509 v2 Certificate Revocation Lists (CRLs) for use by applications
   that support the United States National Security Agency's Suite B
   Cryptography.

   The reader is assumed to have familiarity with [RFC5280].  This Suite
   B Certificate and CRL Profile is a profile of RFC 5280.  All MUST-
   level requirements of RFC 5280 apply throughout this profile and are
   generally not repeated here.  In cases where a MUST-level requirement
   is repeated for emphasis, the text notes the requirement is "in
   adherence with [RFC5280]".  This profile contains changes that
   elevate some MAY-level options in RFC 5280 to SHOULD-level and MUST-
   level in this profile; this profile also contains changes that
   elevate some SHOULD-level options in RFC 5280 to MUST-level for this
   profile.  All options from RFC 5280 that are not listed in this

[include full document text]