idnits 2.17.1 

draft-ietf-pkix-attr-cert-mime-type-03.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (22 February 2010) is 5170 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  ** Obsolete normative reference: RFC 3281 (Obsoleted by RFC 5755)

  -- Obsolete informational reference (is this intentional?): RFC 4288
     (Obsoleted by RFC 6838)


     Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	INTERNET DRAFT                                               R. Housley
3	Intended Status: Informational                           Vigil Security
4	Expires: 22 August 2010                                22 February 2010

6	  The application/pkix-attr-cert Media Type for Attribute Certificates
7	              <draft-ietf-pkix-attr-cert-mime-type-03.txt>

9	Status of this Memo

11	   This Internet-Draft is submitted to IETF in full conformance with the
12	   provisions of BCP 78 and BCP 79.

14	   Internet-Drafts are working documents of the Internet Engineering
15	   Task Force (IETF), its areas, and its working groups. Note that other
16	   groups may also distribute working documents as Internet-Drafts.

18	   Internet-Drafts are draft documents valid for a maximum of six months
19	   and may be updated, replaced, or obsoleted by other documents at any
20	   time. It is inappropriate to use Internet-Drafts as reference
21	   material or to cite them other than as "work in progress."

23	   The list of current Internet-Drafts can be accessed at
24	   http://www.ietf.org/1id-abstracts.html

26	   The list of Internet-Draft Shadow Directories can be accessed at
27	   http://www.ietf.org/shadow.html

29	Copyright Notice

31	   Copyright (c) 2009 IETF Trust and the persons identified as the
32	   document authors.  All rights reserved.

34	   This document is subject to BCP 78 and the IETF Trust's Legal
35	   Provisions Relating to IETF Documents
36	   (http://trustee.ietf.org/license-info) in effect on the date of
37	   publication of this document.  Please review these documents
38	   carefully, as they describe your rights and restrictions with respect
39	   to this document.  Code Components extracted from this document must
40	   include Simplified BSD License text as described in Section 4.e of
41	   the Trust Legal Provisions and are provided without warranty as
42	   described in the Simplified BSD License.

44	Abstract

46	   This document specifies a MIME media type used to carry a single
47	   attribute certificate as defined in RFC 3281.

49	1. Introduction

51	   RFC 2585 [RFC2585] defines the MIME media types for public key
52	   certificates and certificate revocation lists (CRLs).  This document
53	   specifies a MIME media type for use with attribute certificates as
54	   defined in RFC 3281 [RFC3281].

56	   Attribute certificates are ASN.1 encoded [X.680].  RFC 3281 [RFC3281]
57	   tells which portions of the attribute certificate must use the
58	   distinguished encoding rules (DER) [X.690] and which portions are
59	   permitted to use the basic encoding rules (BER) [X.690].  Since DER
60	   is a proper subset of BER, BER decoding all parts of a properly
61	   constructed attribute certificate will be successful.

63	2. IANA Considerations

65	   This document registers with IANA the "application/pkix-attr-cert"
66	   Internet Media Type for use with an attribute certificate as defined
67	   in [RFC3281].  This registration follows the procedures defined in
68	   BCP 13 [RFC4288].

70	      Type name: application

72	      Subtype name: pkix-attr-cert

74	      Required parameters: None

76	      Optional parameters: None

78	      Encoding considerations: binary

80	      Security considerations:
81	        An attribute certificate provides authorization information.  An
82	        attribute certificate is most often used in conjunction with
83	        public key certificate [RFC5280], and the two certificates
84	        should use the same encoding of the distinguished name as
85	        described in the Security Considerations of this document.

87	      Interoperability considerations:
88	        The media type will be used with HTTP to fetch attribute
89	        certificates.  Other uses may emerge in the future.

91	      Published specification: RFC 3281

93	      Applications which use this media type:
94	        The media type is used with a MIME-compliant transport to
95	        transfer an attribute certificate.  Attribute certificates
96	        convey authorization information, and they are most often used
97	        in conjunction with public key certificates as defined in
98	        [RFC5280].

100	      Additional information:
101	        Magic number(s): None
102	        File extension(s): .ac
103	        Macintosh File Type Code(s): none

105	      Person & email address to contact for further information:
106	        Russ Housley
107	        housley@vigilsec.com

109	      Intended usage: COMMON

111	      Restrictions on usage: none

113	      Author:
114	        Russ Housley <housley@vigilsec.com>

116	      Intended usage: COMMON

118	      Change controller:
119	        The IESG <iesg@ietf.org>

121	3. Security Considerations

123	   Attribute certificate issuers must encode the holder entity name in
124	   exactly the same way as the public key certificate distinguished
125	   name.  If they are encoded differently, implementations may fail to
126	   recognize that the attribute certificate and public key certificate
127	   belong to the same entity.

129	4. References

131	4.1. Normative References

133	   [RFC3281]  S. Farrell, S., and R. Housley, "An Internet Attribute
134	              Certificate Profile for Authorization", RFC 3281,
135	              April 2002.

137	4.2. Informative References

139	   [RFC2585]  Housley, R., and P. Hoffman, " Internet X.509 Public Key
140	              Infrastructure Operational Protocols: FTP and HTTP",
141	              RFC 2585, May 1999.

143	   [RFC4288]  Freed, N., and J. Klensin, "Media Type Specifications and
144	              Registration Procedures", BCP 13, RFC 4288, December 2005.

146	   [RFC5280]  Cooper, D., S. Santesson, S. Farrell, S. Boeyen,
147	              R. Housley, W. Polk, "Internet X.509 Public Key
148	              Infrastructure Certificate and Certificate Revocation
149	              List (CRL) Profile", RFC 5280, May 2008.

151	   [X.680]    ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002,
152	              Information technology - Abstract Syntax Notation One
153	              (ASN.1):  Specification of basic notation.

155	   [X.690]    ITU-T Recommendation X.690 (2002) | ISO/IEC 8825-1:2002,
156	              Information technology - ASN.1 encoding rules:
157	              Specification of Basic Encoding Rules (BER), Canonical
158	              Encoding Rules (CER) and Distinguished Encoding Rules
159	              (DER).

161	Authors' Addresses

163	   Russell Housley
164	   Vigil Security, LLC
165	   918 Spring Knoll Drive
166	   Herndon, VA 20170
167	   USA
168	   EMail: housley@vigilsec.com