[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I-D ACTION:draft-ietf-pkix-new-part1-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
Title : Certificate and CRL Profile
Author(s) : R. Housley, W. Ford, W. Polk, D. Solo
Filename : draft-ietf-pkix-new-part1-00.txt
Pages : 143
Date : 26-Oct-99
This is the first draft of a specification based upon RFC 2459. When
complete, this specification will obsolete RFC 2459. This
specification includes numerous edits and clarifications. The most
notable departures from RFC 2459 are found in Section 6, Path
Validation. In RFC 2459, the reader was expected to augment the path
validation algorithm, which concentrated upon policy processing, with
information embedded in earlier sections. For example, parameter
inheritance is discussed in Section 7, Algorithm Support, and can
certainly affect the validity of a certification path. However,
parameter inheritance was omitted from the path validation algorithm in RFC 2459. In this draft, the path validation algorithm has a
comprehensive and extremely detailed description. Details such as
parameter inheritance are covered thoroughly. In addition, this
draft anticipates certain corrections proposed in the X.509 standard
for the policy processing aspects of path validation.
A new section 6.3, CRL validation, has been added as well. This
section provides a supplement to the path validation algorithm that
determines if a particular CRL may be used to verify the status of a
particular certificate. (The basic path validation algorithm is, by
design, independent of the type and format of status information.)
This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use
in the Internet. An overview of the approach and model are provided
as an introduction. The X.509 v3 certificate format is described in
detail, with additional information regarding the format and
semantics of Internet name forms (e.g., IP addresses). Standard
certificate extensions are described and one new Internet-specific
extension is defined. A required set of certificate extensions is
specified. The X.509 v2 CRL format is described and a required
extension set is defined as well. An algorithm for X.509 certificate
path validation is described. Supplemental infor
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-00.txt
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-pkix-new-part1-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-ietf-pkix-new-part1-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-00.txt>
-