< draft-ietf-pkix-new-part1-01.txt   draft-ietf-pkix-new-part1-02.txt >
PKIX Working Group R. Housley (SPYRUS) PKIX Working Group R. Housley (SPYRUS)
Internet Draft W. Ford (VeriSign) Internet Draft W. Ford (VeriSign)
W. Polk (NIST) W. Polk (NIST)
D. Solo (Citigroup) D. Solo (Citigroup)
expires in six months March 10, 2000 expires in six months July 14, 2000
Internet X.509 Public Key Infrastructure Internet X.509 Public Key Infrastructure
Certificate and CRL Profile Certificate and CRL Profile
<draft-ietf-pkix-new-part1-01.txt> <draft-ietf-pkix-new-part1-02.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 3, line 35 skipping to change at page 3, line 35
4.1.2 TBSCertificate .......................................... 18 4.1.2 TBSCertificate .......................................... 18
4.1.2.1 Version ............................................... 18 4.1.2.1 Version ............................................... 18
4.1.2.2 Serial number ......................................... 18 4.1.2.2 Serial number ......................................... 18
4.1.2.3 Signature ............................................. 19 4.1.2.3 Signature ............................................. 19
4.1.2.4 Issuer ................................................ 19 4.1.2.4 Issuer ................................................ 19
4.1.2.5 Validity .............................................. 22 4.1.2.5 Validity .............................................. 22
4.1.2.5.1 UTCTime ............................................. 23 4.1.2.5.1 UTCTime ............................................. 23
4.1.2.5.2 GeneralizedTime ..................................... 23 4.1.2.5.2 GeneralizedTime ..................................... 23
4.1.2.6 Subject ............................................... 23 4.1.2.6 Subject ............................................... 23
4.1.2.7 Subject Public Key Info ............................... 24 4.1.2.7 Subject Public Key Info ............................... 24
4.1.2.8 Unique Identifiers .................................... 24 4.1.2.8 Unique Identifiers .................................... 25
4.1.2.9 Extensions ............................................. 25 4.1.2.9 Extensions ............................................. 25
4.2 Certificate Extensions .................................... 25 4.2 Certificate Extensions .................................... 26
4.2.1 Standard Extensions ..................................... 26 4.2.1 Standard Extensions ..................................... 26
4.2.1.1 Authority Key Identifier .............................. 26 4.2.1.1 Authority Key Identifier .............................. 26
4.2.1.2 Subject Key Identifier ................................ 27 4.2.1.2 Subject Key Identifier ................................ 27
4.2.1.3 Key Usage ............................................. 28 4.2.1.3 Key Usage ............................................. 28
4.2.1.4 Private Key Usage Period .............................. 30 4.2.1.4 Private Key Usage Period .............................. 30
4.2.1.5 Certificate Policies .................................. 30 4.2.1.5 Certificate Policies .................................. 30
4.2.1.6 Policy Mappings ....................................... 33 4.2.1.6 Policy Mappings ....................................... 33
4.2.1.7 Subject Alternative Name .............................. 33 4.2.1.7 Subject Alternative Name .............................. 33
4.2.1.8 Issuer Alternative Name ............................... 36 4.2.1.8 Issuer Alternative Name ............................... 36
4.2.1.9 Subject Directory Attributes .......................... 36 4.2.1.9 Subject Directory Attributes .......................... 36
4.2.1.10 Basic Constraints .................................... 36 4.2.1.10 Basic Constraints .................................... 36
4.2.1.11 Name Constraints ..................................... 37 4.2.1.11 Name Constraints ..................................... 37
4.2.1.12 Policy Constraints ................................... 39 4.2.1.12 Policy Constraints ................................... 39
4.2.1.13 Extended key usage field ............................. 40 4.2.1.13 Extended key usage field ............................. 40
4.2.1.14 CRL Distribution Points .............................. 42 4.2.1.14 CRL Distribution Points .............................. 41
4.2.1.15 Inhibit Any-Policy ................................... 42 4.2.1.15 Inhibit Any-Policy ................................... 42
4.2.1.16 Freshest CRL ......................................... 43
4.2.2 Internet Certificate Extensions ......................... 43 4.2.2 Internet Certificate Extensions ......................... 43
4.2.2.1 Authority Information Access .......................... 43 4.2.2.1 Authority Information Access .......................... 43
5 CRL and CRL Extensions Profile .............................. 44 5 CRL and CRL Extensions Profile .............................. 45
5.1 CRL Fields ................................................ 45 5.1 CRL Fields ................................................ 45
5.1.1 CertificateList Fields .................................. 46 5.1.1 CertificateList Fields .................................. 46
5.1.1.1 tbsCertList ........................................... 46 5.1.1.1 tbsCertList ........................................... 46
5.1.1.2 signatureAlgorithm .................................... 46 5.1.1.2 signatureAlgorithm .................................... 46
5.1.1.3 signatureValue ........................................ 46 5.1.1.3 signatureValue ........................................ 47
5.1.2 Certificate List "To Be Signed" ......................... 46 5.1.2 Certificate List "To Be Signed" ......................... 47
5.1.2.1 Version ............................................... 47 5.1.2.1 Version ............................................... 47
5.1.2.2 Signature ............................................. 47 5.1.2.2 Signature ............................................. 47
5.1.2.3 Issuer Name ........................................... 47 5.1.2.3 Issuer Name ........................................... 47
5.1.2.4 This Update ........................................... 47 5.1.2.4 This Update ........................................... 48
5.1.2.5 Next Update ........................................... 48 5.1.2.5 Next Update ........................................... 48
5.1.2.6 Revoked Certificates .................................. 48 5.1.2.6 Revoked Certificates .................................. 48
5.1.2.7 Extensions ............................................ 48 5.1.2.7 Extensions ............................................ 49
5.2 CRL Extensions ............................................ 48 5.2 CRL Extensions ............................................ 49
5.2.1 Authority Key Identifier ................................ 49 5.2.1 Authority Key Identifier ................................ 49
5.2.2 Issuer Alternative Name ................................. 49 5.2.2 Issuer Alternative Name ................................. 49
5.2.3 CRL Number .............................................. 49 5.2.3 CRL Number .............................................. 50
5.2.4 Delta CRL Indicator ..................................... 50 5.2.4 Delta CRL Indicator ..................................... 50
5.2.5 Issuing Distribution Point .............................. 51 5.2.5 Issuing Distribution Point .............................. 52
5.3 CRL Entry Extensions ...................................... 52 5.2.6 Freshest CRL ............................................ 53
5.3 CRL Entry Extensions ...................................... 53
5.3.1 Reason Code ............................................. 53 5.3.1 Reason Code ............................................. 53
5.3.2 Hold Instruction Code ................................... 53 5.3.2 Hold Instruction Code ................................... 54
5.3.3 Invalidity Date ......................................... 54 5.3.3 Invalidity Date ......................................... 54
5.3.4 Certificate Issuer ...................................... 54 5.3.4 Certificate Issuer ...................................... 55
6 Certificate Path Validation ................................. 55 6 Certificate Path Validation ................................. 55
6.1 Basic Path Validation ..................................... 55 6.1 Basic Path Validation ..................................... 56
6.1.1 Inputs ................................................... 57 6.1.1 Inputs ................................................... 58
6.1.2 Initialization ........................................... 58 6.1.2 Initialization ........................................... 59
6.1.3 Basic Certificate Processing ............................. 61 6.1.3 Basic Certificate Processing ............................. 62
6.1.4 Preparation for Certificate i+1 .......................... 66 6.1.4 Preparation for Certificate i+1 .......................... 67
6.1.5 Wrap-up procedure ........................................ 69 6.1.5 Wrap-up procedure ........................................ 70
6.1.6 Outputs .................................................. 70 6.1.6 Outputs .................................................. 71
6.2 Extending Path Validation ................................. 70 6.2 Extending Path Validation ................................. 71
6.3 CRL Validation ............................................ 71 6.3 CRL Validation ............................................ 72
6.3.1 Revocation Inputs ....................................... 71 6.3.1 Revocation Inputs ....................................... 72
6.3.2 Initialization and Revocation State Variables ........... 71 6.3.2 Initialization and Revocation State Variables ........... 72
6.3.3 CRL Processing .......................................... 72 6.3.3 CRL Processing .......................................... 73
7 Algorithm Support ........................................... 72 7 References .................................................. 75
7.1 One-way Hash Functions .................................... 74 8 Intellectual Property Rights ................................ 77
7.1.1 MD2 One-way Hash Function ............................... 75 9 Security Considerations ..................................... 77
7.1.2 MD5 One-way Hash Function ............................... 75 Appendix A. ASN.1 Structures and OIDs ......................... 81
7.1.3 SHA-1 One-way Hash Function ............................. 75 A.1 Explicitly Tagged Module, 1988 Syntax ...................... 81
7.2 Signature Algorithms ...................................... 76 A.2 Implicitly Tagged Module, 1988 Syntax ...................... 94
7.2.1 RSA Signature Algorithm ................................. 76 Appendix B. ASN.1 Notes ....................................... 101
7.2.2 DSA Signature Algorithm ................................. 77 Appendix C. Examples .......................................... 102
7.3 Subject Public Key Algorithms ............................. 78 C.1 Certificate ............................................... 103
7.3.1 RSA Keys ................................................ 78 C.2 Certificate ............................................... 106
7.3.2 Diffie-Hellman Key Exchange Key ......................... 79 C.3 End-Entity Certificate Using RSA .......................... 109
7.3.3 DSA Signature Keys ...................................... 80 C.4 Certificate Revocation List ............................... 112
8 References .................................................. 81 Appendix D. Author Addresses .................................. 114
9 Intellectual Property Rights ................................ 83 Appendix E. Full Copyright Statement .......................... 114
10 Security Considerations .................................... 84
Appendix A. ASN.1 Structures and OIDs ......................... 87
A.1 Explicitly Tagged Module, 1988 Syntax ...................... 87
A.2 Implicitly Tagged Module, 1988 Syntax ...................... 101
Appendix B. 1993 ASN.1 Structures and OIDs .................... 108
B.1 Explicitly Tagged Module, 1993 Syntax ...................... 108
B.2 Implicitly Tagged Module, 1993 Syntax ...................... 125
Appendix C. ASN.1 Notes ....................................... 132
Appendix D. Examples .......................................... 134
D.1 Certificate ............................................... 134
D.2 Certificate ............................................... 137
D.3 End-Entity Certificate Using RSA .......................... 140
D.4 Certificate Revocation List ............................... 143
Appendix E. Author Addresses .................................. 145
Appendix F. Full Copyright Statement .......................... 145
1 Introduction 1 Introduction
This specification is one part of a family of standards for the X.509 This specification is one part of a family of standards for the X.509
Public Key Infrastructure (PKI) for the Internet. This specification Public Key Infrastructure (PKI) for the Internet. This specification
is a standalone document; implementations of this standard may is a standalone document; implementations of this standard may
proceed independent from the other parts. proceed independent from the other parts.
This specification profiles the format and semantics of certificates This specification profiles the format and semantics of certificates
and certificate revocation lists for the Internet PKI. Procedures and certificate revocation lists for the Internet PKI. Procedures
skipping to change at page 6, line 28 skipping to change at page 6, line 28
The specification describes the requirements which inspire the crea- The specification describes the requirements which inspire the crea-
tion of this document and the assumptions which affect its scope in tion of this document and the assumptions which affect its scope in
Section 2. Section 3 presents an architectural model and describes Section 2. Section 3 presents an architectural model and describes
its relationship to previous IETF and ISO/IEC/ITU standards. In par- its relationship to previous IETF and ISO/IEC/ITU standards. In par-
ticular, this document's relationship with the IETF PEM specifica- ticular, this document's relationship with the IETF PEM specifica-
tions and the ISO/IEC/ITU X.509 documents are described. tions and the ISO/IEC/ITU X.509 documents are described.
The specification profiles the X.509 version 3 certificate in Section The specification profiles the X.509 version 3 certificate in Section
4, and the X.509 version 2 certificate revocation list (CRL) in Sec- 4, and the X.509 version 2 certificate revocation list (CRL) in Sec-
tion 5. The profiles include the identification of ISO/IEC/ITU and tion 5. The profiles include the identification of ISO/IEC/ITU and
ANSI extensions which may be useful in the Internet PKI. The profiles ANSI extensions which may be useful in the Internet PKI. The profiles
are presented in the 1988 Abstract Syntax Notation One (ASN.1) rather are presented in the 1988 Abstract Syntax Notation One (ASN.1) rather
than the 1994 syntax used in the ISO/IEC/ITU standards. than the 1994 syntax used in the ISO/IEC/ITU standards.
This specification also includes path validation procedures in Sec- This specification also includes path validation procedures in Sec-
tion 6. These procedures are based upon the ISO/IEC/ITU definition, tion 6. These procedures are based upon the ISO/IEC/ITU definition,
but the presentation assumes one or more self-signed trusted CA cer- but the presentation assumes one or more self-signed trusted CA cer-
tificates. Implementations are required to derive the same results tificates. Implementations are required to derive the same results
but are not required to use the specified procedures. but are not required to use the specified procedures.
Section 7 of the specification describes procedures for identifica- Procedures for identification and encoding of public key materials
tion and encoding of public key materials and digital signatures. and digital signatures are defined in [PKIX ALGS]. Implementations of
Implementations are not required to use any particular cryptographic this specification are not required to use any particular crypto-
algorithms. However, conforming implementations which use the iden- graphic algorithms. However, conforming implementations which use
tified algorithms are required to identify and encode the public key the algorithms identified in [PKIX ALGS] are required to identify and
materials and digital signatures as described. encode the public key materials and digital signatures as described
in that specification.
Finally, four appendices are provided to aid implementers. Appendix Finally, three appendices are provided to aid implementers. Appendix
A contains all ASN.1 structures defined or referenced within this A contains all ASN.1 structures defined or referenced within this
specification. As above, the material is presented in the 1988 specification. As above, the material is presented in the 1988
Abstract Syntax Notation One (ASN.1) rather than the 1994 syntax. Abstract Syntax Notation One (ASN.1) rather than the 1994 syntax.
Appendix B contains the same information in the 1994 ASN.1 notation Appendix B contains notes on less familiar features of the ASN.1
as a service to implementers using updated toolsets. However, Appen- notation used within this specification. Appendix C contains
dix A takes precedence in case of conflict. Appendix C contains examples of a conforming certificate and a conforming CRL.
notes on less familiar features of the ASN.1 notation used within
this specification. Appendix D contains examples of a conforming
certificate and a conforming CRL.
2 Requirements and Assumptions 2 Requirements and Assumptions
The goal of this specification is to develop a profile to facilitate The goal of this specification is to develop a profile to facilitate
the use of X.509 certificates within Internet applications for those the use of X.509 certificates within Internet applications for those
communities wishing to make use of X.509 technology. Such applica- communities wishing to make use of X.509 technology. Such applica-
tions may include WWW, electronic mail, user authentication, and tions may include WWW, electronic mail, user authentication, and
IPsec. In order to relieve some of the obstacles to using X.509 cer- IPsec. In order to relieve some of the obstacles to using X.509 cer-
tificates, this document defines a profile to promote the development tificates, this document defines a profile to promote the development
of certificate management systems; development of application tools; of certificate management systems; development of application tools;
skipping to change at page 7, line 51 skipping to change at page 7, line 49
The users of certificates will operate in a wide range of environ- The users of certificates will operate in a wide range of environ-
ments with respect to their communication topology, especially users ments with respect to their communication topology, especially users
of secure electronic mail. This profile supports users without high of secure electronic mail. This profile supports users without high
bandwidth, real-time IP connectivity, or high connection availabil- bandwidth, real-time IP connectivity, or high connection availabil-
ity. In addition, the profile allows for the presence of firewall or ity. In addition, the profile allows for the presence of firewall or
other filtered communication. other filtered communication.
This profile does not assume the deployment of an X.500 Directory This profile does not assume the deployment of an X.500 Directory
system. The profile does not prohibit the use of an X.500 Directory, system. The profile does not prohibit the use of an X.500 Directory,
but other means of distributing certificates and certificate but other means of distributing certificates and certificate revoca-
revocation lists (CRLs) may be used. tion lists (CRLs) may be used.
2.2 Acceptability Criteria 2.2 Acceptability Criteria
The goal of the Internet Public Key Infrastructure (PKI) is to meet The goal of the Internet Public Key Infrastructure (PKI) is to meet
the needs of deterministic, automated identification, authentication, the needs of deterministic, automated identification, authentication,
access control, and authorization functions. Support for these ser- access control, and authorization functions. Support for these ser-
vices determines the attributes contained in the certificate as well vices determines the attributes contained in the certificate as well
as the ancillary control information in the certificate such as pol- as the ancillary control information in the certificate such as pol-
icy data and certification path constraints. icy data and certification path constraints.
skipping to change at page 17, line 37 skipping to change at page 17, line 37
The field contains the names of the subject and issuer, a public key The field contains the names of the subject and issuer, a public key
associated with the subject, a validity period, and other associated associated with the subject, a validity period, and other associated
information. The fields are described in detail in section 4.1.2; information. The fields are described in detail in section 4.1.2;
the tbscertificate may also include extensions which are described in the tbscertificate may also include extensions which are described in
section 4.2. section 4.2.
4.1.1.2 signatureAlgorithm 4.1.1.2 signatureAlgorithm
The signatureAlgorithm field contains the identifier for the crypto- The signatureAlgorithm field contains the identifier for the crypto-
graphic algorithm used by the CA to sign this certificate. Section graphic algorithm used by the CA to sign this certificate. [PKIX
7.2 lists the supported signature algorithms. ALGS] lists the supported signature algorithms.
An algorithm identifier is defined by the following ASN.1 structure: An algorithm identifier is defined by the following ASN.1 structure:
AlgorithmIdentifier ::= SEQUENCE { AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER, algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL } parameters ANY DEFINED BY algorithm OPTIONAL }
The algorithm identifier is used to identify a cryptographic algo- The algorithm identifier is used to identify a cryptographic algo-
rithm. The OBJECT IDENTIFIER component identifies the algorithm rithm. The OBJECT IDENTIFIER component identifies the algorithm
(such as DSA with SHA-1). The contents of the optional parameters (such as DSA with SHA-1). The contents of the optional parameters
field will vary according to the algorithm identified. Section 7.2 field will vary according to the algorithm identified. [PKIX ALGS]
lists the supported algorithms for this specification. lists the supported algorithms for this specification.
This field MUST contain the same algorithm identifier as the This field MUST contain the same algorithm identifier as the
signature field in the sequence tbsCertificate (see sec. 4.1.2.3). signature field in the sequence tbsCertificate (see sec. 4.1.2.3).
4.1.1.3 signatureValue 4.1.1.3 signatureValue
The signatureValue field contains a digital signature computed upon The signatureValue field contains a digital signature computed upon
the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCer- the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCer-
tificate is used as the input to the signature function. This signa- tificate is used as the input to the signature function. This signa-
ture value is then ASN.1 encoded as a BIT STRING and included in the ture value is then ASN.1 encoded as a BIT STRING and included in the
Certificate's signature field. The details of this process are speci- Certificate's signature field. The details of this process are speci-
fied for each of the supported algorithms in Section 7.2. fied for each of the supported algorithms in [PKIX ALGS].
By generating this signature, a CA certifies the validity of the By generating this signature, a CA certifies the validity of the
information in the tbsCertificate field. In particular, the CA cer- information in the tbsCertificate field. In particular, the CA cer-
tifies the binding between the public key material and the subject of tifies the binding between the public key material and the subject of
the certificate. the certificate.
4.1.2 TBSCertificate 4.1.2 TBSCertificate
The sequence TBSCertificate contains information associated with the The sequence TBSCertificate contains information associated with the
subject of the certificate and the CA who issued it. Every TBSCerti- subject of the certificate and the CA who issued it. Every TBSCerti-
skipping to change at page 19, line 14 skipping to change at page 19, line 14
certificate). certificate).
4.1.2.3 Signature 4.1.2.3 Signature
This field contains the algorithm identifier for the algorithm used This field contains the algorithm identifier for the algorithm used
by the CA to sign the certificate. by the CA to sign the certificate.
This field MUST contain the same algorithm identifier as the signa- This field MUST contain the same algorithm identifier as the signa-
tureAlgorithm field in the sequence Certificate (see sec. 4.1.1.2). tureAlgorithm field in the sequence Certificate (see sec. 4.1.1.2).
The contents of the optional parameters field will vary according to The contents of the optional parameters field will vary according to
the algorithm identified. Section 7.2 lists the supported signature the algorithm identified. [PKIX ALGS] lists the supported signature
algorithms. algorithms.
4.1.2.4 Issuer 4.1.2.4 Issuer
The issuer field identifies the entity who has signed and issued the The issuer field identifies the entity who has signed and issued the
certificate. The issuer field MUST contain a non-empty distinguished certificate. The issuer field MUST contain a non-empty distinguished
name (DN). The issuer field is defined as the X.501 type Name. name (DN). The issuer field is defined as the X.501 type Name.
[X.501] Name is defined by the following ASN.1 structures: [X.501] Name is defined by the following ASN.1 structures:
Name ::= CHOICE { Name ::= CHOICE {
skipping to change at page 24, line 48 skipping to change at page 24, line 48
distinguished name to support legacy implementations is deprecated distinguished name to support legacy implementations is deprecated
but permitted. but permitted.
4.1.2.7 Subject Public Key Info 4.1.2.7 Subject Public Key Info
This field is used to carry the public key and identify the algorithm This field is used to carry the public key and identify the algorithm
with which the key is used. The algorithm is identified using the with which the key is used. The algorithm is identified using the
AlgorithmIdentifier structure specified in section 4.1.1.2. The AlgorithmIdentifier structure specified in section 4.1.1.2. The
object identifiers for the supported algorithms and the methods for object identifiers for the supported algorithms and the methods for
encoding the public key materials (public key and parameters) are encoding the public key materials (public key and parameters) are
specified in section 7.3. specified in [PKIX ALGS].
4.1.2.8 Unique Identifiers 4.1.2.8 Unique Identifiers
These fields may only appear if the version is 2 or 3 (see sec. These fields may only appear if the version is 2 or 3 (see sec.
4.1.2.1). The subject and issuer unique identifiers are present in 4.1.2.1). The subject and issuer unique identifiers are present in
the certificate to handle the possibility of reuse of subject and/or the certificate to handle the possibility of reuse of subject and/or
issuer names over time. This profile recommends that names not be issuer names over time. This profile recommends that names not be
reused for different entities and that Internet certificates not make reused for different entities and that Internet certificates not make
use of unique identifiers. CAs conforming to this profile SHOULD NOT use of unique identifiers. CAs conforming to this profile SHOULD NOT
generate certificates with unique identifiers. Applications conform- generate certificates with unique identifiers. Applications conform-
skipping to change at page 30, line 10 skipping to change at page 30, line 10
used only for enciphering data while performing key agreement. used only for enciphering data while performing key agreement.
The meaning of the decipherOnly bit is undefined in the absence of The meaning of the decipherOnly bit is undefined in the absence of
the keyAgreement bit. When the decipherOnly bit is asserted and the keyAgreement bit. When the decipherOnly bit is asserted and
the keyAgreement bit is also set, the subject public key may be the keyAgreement bit is also set, the subject public key may be
used only for deciphering data while performing key agreement. used only for deciphering data while performing key agreement.
This profile does not restrict the combinations of bits that may be This profile does not restrict the combinations of bits that may be
set in an instantiation of the keyUsage extension. However, set in an instantiation of the keyUsage extension. However,
appropriate values for keyUsage extensions for particular algorithms appropriate values for keyUsage extensions for particular algorithms
are specified in section 7.3. are specified in [PKIX ALGS].
4.2.1.4 Private Key Usage Period 4.2.1.4 Private Key Usage Period
This profile recommends against the use of this extension. CAs con- This profile recommends against the use of this extension. CAs con-
forming to this profile MUST NOT generate certificates with critical forming to this profile MUST NOT generate certificates with critical
private key usage period extensions. private key usage period extensions.
The private key usage period extension allows the certificate issuer The private key usage period extension allows the certificate issuer
to specify a different validity period for the private key than the to specify a different validity period for the private key than the
certificate. This extension is intended for use with digital signa- certificate. This extension is intended for use with digital signa-
skipping to change at page 34, line 35 skipping to change at page 34, line 35
label, the domain name MUST be stored in the dNSName (an IA5String). label, the domain name MUST be stored in the dNSName (an IA5String).
The name MUST be in the "preferred name syntax," as specified by RFC The name MUST be in the "preferred name syntax," as specified by RFC
1034 [RFC 1034]. Note that while upper and lower case letters are 1034 [RFC 1034]. Note that while upper and lower case letters are
allowed in domain names, no signifigance is attached to the case. In allowed in domain names, no signifigance is attached to the case. In
addition, while the string " " is a legal domain name, subjectAltName addition, while the string " " is a legal domain name, subjectAltName
extensions with a dNSName " " are not permitted. Finally, the use of extensions with a dNSName " " are not permitted. Finally, the use of
the DNS representation for Internet mail addresses (wpolk.nist.gov the DNS representation for Internet mail addresses (wpolk.nist.gov
instead of wpolk@nist.gov) is not permitted; such identities are to instead of wpolk@nist.gov) is not permitted; such identities are to
be encoded as rfc822Name. be encoded as rfc822Name.
Note: work is currently underway to specify domain names in interna-
tional character sets. This names will likely not be accomodated by
IA5String. Once this work is complete, this profile will be
revisited and the appropriate functionality will be added.
When the subjectAltName extension contains a URI, the name MUST be When the subjectAltName extension contains a URI, the name MUST be
stored in the uniformResourceIdentifier (an IA5String). The name MUST stored in the uniformResourceIdentifier (an IA5String). The name MUST
be a non-relative URL, and MUST follow the URL syntax and encoding be a non-relative URL, and MUST follow the URL syntax and encoding
rules specified in [RFC 1738]. The name must include both a scheme rules specified in [RFC 1738]. The name must include both a scheme
(e.g., "http" or "ftp") and a scheme-specific-part. The scheme- (e.g., "http" or "ftp") and a scheme-specific-part. The scheme-
specific-part must include a fully qualified domain name or IP specific-part must include a fully qualified domain name or IP
address as the host. address as the host.
As specified in [RFC 1738], the scheme name is not case-sensitive As specified in [RFC 1738], the scheme name is not case-sensitive
(e.g., "http" is equivalent to "HTTP"). The host part is also not (e.g., "http" is equivalent to "HTTP"). The host part is also not
case-sensitive, but other components of the scheme-specific-part may case-sensitive, but other components of the scheme-specific-part may
be case-sensitive. When comparing URIs, conforming implementations be case-sensitive. When comparing URIs, conforming implementations
MUST compare the scheme and host without regard to case, but assume MUST compare the scheme and host without regard to case, but assume
the remainder of the scheme-specific-part is case sensitive. the remainder of the scheme-specific-part is case sensitive.
When the subjectAltName extension contains a DN in the directoryName,
the DN MUST be unique for each subject entity certified by the one CA
as defined by the issuer name field. A CA may issue more than one
certificate with the same DN to the same subject entity.
The subjectAltName may carry additional name types through the use of The subjectAltName may carry additional name types through the use of
the otherName field. For example, Kerberos [KRB] format names can be the otherName field. The format and semantics of the name are indi-
encoded into the otherName, using the krb5PrincipalName OID and the cated through the OBJECT IDENTIFIER in the type-id field. The name
KerberosName syntax as defined in [PKINIT]. itself is conveyed as value field in otherName. For example, Ker-
beros [RFC 1510] format names can be encoded into the otherName,
using the krb5PrincipalName OID and the KerberosName syntax as
defined in [PKINIT].
Subject alternative names may be constrained in the same manner as Subject alternative names may be constrained in the same manner as
subject distinguished names using the name constraints extension as subject distinguished names using the name constraints extension as
described in section 4.2.1.11. described in section 4.2.1.11.
If the subjectAltName extension is present, the sequence MUST contain If the subjectAltName extension is present, the sequence MUST contain
at least one entry. Unlike the subject field, conforming CAs MUST at least one entry. Unlike the subject field, conforming CAs MUST
NOT issue certificates with subjectAltNames containing empty General- NOT issue certificates with subjectAltNames containing empty General-
Name fields. For example, an rfc822Name is represented as an Name fields. For example, an rfc822Name is represented as an
IA5String. While an empty string is a valid IA5String, such an IA5String. While an empty string is a valid IA5String, such an
skipping to change at page 36, line 41 skipping to change at page 37, line 4
through that CA. through that CA.
The cA bit indicates if the certified public key may be used to ver- The cA bit indicates if the certified public key may be used to ver-
ify signatures on other certificates. If the cA bit is asserted, then ify signatures on other certificates. If the cA bit is asserted, then
the keyCertSign bit in the key usage extension (see 4.2.1.3) MUST the keyCertSign bit in the key usage extension (see 4.2.1.3) MUST
also be asserted. If the cA bit is not asserted, then the keyCertSign also be asserted. If the cA bit is not asserted, then the keyCertSign
bit in the key usage extension MUST NOT be asserted. bit in the key usage extension MUST NOT be asserted.
The pathLenConstraint field is meaningful only if cA is set to TRUE. The pathLenConstraint field is meaningful only if cA is set to TRUE.
In this case, it gives the maximum number of CA certificates that may In this case, it gives the maximum number of CA certificates that may
follow this certificate in a certification path. A value of zero follow this certificate in a certification path. (Note: One end-
indicates that only an end-entity certificate may follow in the path. entity certificate will follow the final CA certificate in the path.
Where it appears, the pathLenConstraint field MUST be greater than or The last certificate in a path is considered an end-entity certifi-
equal to zero. Where pathLenConstraint does not appear, there is no cate, whether the subject of the certificate is a CA or not.) A
limit to the allowed length of the certification path. pathLenConstrinat of zero indicates that only an end-entity certifi-
cate may follow in the path. Where it appears, the pathLenConstraint
field MUST be greater than or equal to zero. Where pathLenConstraint
does not appear, there is no limit to the allowed length of the cer-
tification path.
This extension MUST appear as a critical extension in all CA certifi- This extension MUST appear as a critical extension in all CA certifi-
cates. This extension MAY appear as a critical or non-critical cates. This extension MAY appear as a critical or non-critical
extension in end entity certificates. extension in end entity certificates.
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE { BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE, cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL } pathLenConstraint INTEGER (0..MAX) OPTIONAL }
4.2.1.11 Name Constraints 4.2.1.11 Name Constraints
The name constraints extension, which MUST be used only in a CA cer- The name constraints extension, which MUST be used only in a CA cer-
tificate, indicates a name space within which all subject names in tificate, indicates a name space within which all subject names in
subsequent certificates in a certification path shall be located. subsequent certificates in a certification path shall be located.
Restrictions may apply to the subject distinguished name or subject Restrictions may apply to the subject distinguished name or subject
skipping to change at page 42, line 45 skipping to change at page 43, line 14
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
InhibitAnyPolicy ::= SkipCerts InhibitAnyPolicy ::= SkipCerts
SkipCerts ::= INTEGER (0..MAX) SkipCerts ::= INTEGER (0..MAX)
4.2.1.16 Freshest CRL (a.k.a. Delta CRL Distribution Point) 4.2.1.16 Freshest CRL (a.k.a. Delta CRL Distribution Point)
The freshest CRL extension identifies how delta-CRL information is The freshest CRL extension identifies how delta-CRL information is
obtained. The extension MUST be non-critical, but this profile obtained. The extension MUST be non-critical. Further discussion of
recommends support for this extension by CAs and applications. CRL management is contained in section 5.
Further discussion of CRL management is contained in section 5.
The same syntax is used for this extension and the The same syntax is used for this extension and the cRLDistribution-
cRLDistributionPoints extension, and is described in section Points extension, and is described in section 4.2.1.14. The same
4.2.1.14. The same conventions apply to both extensions. conventions apply to both extensions.
id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
FreshestCRL ::= CRLDistributionPoints FreshestCRL ::= CRLDistributionPoints
4.2.2 Private Internet Extensions 4.2.2 Private Internet Extensions
This section defines one new extension for use in the Internet Public This section defines one new extension for use in the Internet Public
Key Infrastructure. This extension may be used to direct applica- Key Infrastructure. This extension may be used to direct applica-
tions to identify an on-line validation service supporting the issu- tions to identify an on-line validation service supporting the issu-
skipping to change at page 44, line 17 skipping to change at page 44, line 30
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
Each entry in the sequence AuthorityInfoAccessSyntax describes the Each entry in the sequence AuthorityInfoAccessSyntax describes the
format and location of additional information provided by the CA who format and location of additional information provided by the CA who
issued the certificate in which this extension appears. The type and issued the certificate in which this extension appears. The type and
format of the information is specified by the accessMethod field; the format of the information is specified by the accessMethod field; the
accessLocation field specifies the location of the information. The accessLocation field specifies the location of the information. The
retrieval mechanism may be implied by the accessMethod or specified retrieval mechanism may be implied by the accessMethod or specified
by accessLocation. by accessLocation.
<<add pointer to OCSP>> This profile defines one OID for This profile defines one OID for accessMethod. The id-ad-caIssuers
accessMethod. The id-ad-caIssuers OID is used when the additional OID is used when the additional information lists CAs that have
information lists CAs that have issued certificates superior to the issued certificates superior to the CA that issued the certificate
CA that issued the certificate containing this extension. The refer- containing this extension. The referenced CA Issuers description is
enced CA Issuers description is intended to aid certificate users in intended to aid certificate users in the selection of a certification
the selection of a certification path that terminates at a point path that terminates at a point trusted by the certificate user.
trusted by the certificate user.
When id-ad-caIssuers appears as accessInfoType, the accessLocation When id-ad-caIssuers appears as accessInfoType, the accessLocation
field describes the referenced description server and the access pro- field describes the referenced description server and the access pro-
tocol to obtain the referenced description. The accessLocation field tocol to obtain the referenced description. The accessLocation field
is defined as a GeneralName, which can take several forms. Where the is defined as a GeneralName, which can take several forms. Where the
information is available via http, ftp, or ldap, accessLocation MUST information is available via http, ftp, or ldap, accessLocation MUST
be a uniformResourceIdentifier. Where the information is available be a uniformResourceIdentifier. Where the information is available
via the directory access protocol (dap), accessLocation MUST be a via the directory access protocol (dap), accessLocation MUST be a
directoryName. When the information is available via electronic mail, directoryName. When the information is available via electronic mail,
accessLocation MUST be an rfc822Name. The semantics of other name accessLocation MUST be an rfc822Name. The semantics of other name
forms of accessLocation (when accessMethod is id-ad-caIssuers) are forms of accessLocation (when accessMethod is id-ad-caIssuers) are
not defined by this specification. The information not defined by this specification. The information
Additional access descriptors may be defined in other PKIX specifica- [RFC 2560] defines the access descriptor for the Online Certificate
tions. Status Protocol. Additional access descriptors may be defined in
other PKIX specifications.
5 CRL and CRL Extensions Profile 5 CRL and CRL Extensions Profile
As described above, one goal of this X.509 v2 CRL profile is to As described above, one goal of this X.509 v2 CRL profile is to
foster the creation of an interoperable and reusable Internet PKI. foster the creation of an interoperable and reusable Internet PKI.
To achieve this goal, guidelines for the use of extensions are speci- To achieve this goal, guidelines for the use of extensions are speci-
fied, and some assumptions are made about the nature of information fied, and some assumptions are made about the nature of information
included in the CRL. included in the CRL.
CRLs may be used in a wide range of applications and environments CRLs may be used in a wide range of applications and environments
skipping to change at page 46, line 30 skipping to change at page 46, line 44
ficates, the revoked certificates list is absent. When one or more ficates, the revoked certificates list is absent. When one or more
certificates are revoked, each entry on the revoked certificate list certificates are revoked, each entry on the revoked certificate list
is defined by a sequence of user certificate serial number, revoca- is defined by a sequence of user certificate serial number, revoca-
tion date, and optional CRL entry extensions. tion date, and optional CRL entry extensions.
5.1.1.2 signatureAlgorithm 5.1.1.2 signatureAlgorithm
The signatureAlgorithm field contains the algorithm identifier for The signatureAlgorithm field contains the algorithm identifier for
the algorithm used by the CA to sign the CertificateList. The field the algorithm used by the CA to sign the CertificateList. The field
is of type AlgorithmIdentifier, which is defined in section 4.1.1.2. is of type AlgorithmIdentifier, which is defined in section 4.1.1.2.
Section 7.2 lists the supported algorithms for this specification. [PKIX ALGS] lists the supported algorithms for this specification.
Conforming CAs MUST use the algorithm identifiers presented in sec- Conforming CAs MUST use the algorithm identifiers presented in [PKIX
tion 7.2 when signing with a supported signature algorithm. ALGS] when signing with a supported signature algorithm.
This field MUST contain the same algorithm identifier as the signa- This field MUST contain the same algorithm identifier as the signa-
ture field in the sequence tbsCertList (see sec. 5.1.2.2). ture field in the sequence tbsCertList (see sec. 5.1.2.2).
5.1.1.3 signatureValue 5.1.1.3 signatureValue
The signatureValue field contains a digital signature computed upon The signatureValue field contains a digital signature computed upon
the ASN.1 DER encoded tbsCertList. The ASN.1 DER encoded tbsCertList the ASN.1 DER encoded tbsCertList. The ASN.1 DER encoded tbsCertList
is used as the input to the signature function. This signature value is used as the input to the signature function. This signature value
is then ASN.1 encoded as a BIT STRING and included in the CRL's sig- is then ASN.1 encoded as a BIT STRING and included in the CRL's sig-
natureValue field. The details of this process are specified for each natureValue field. The details of this process are specified for each
of the supported algorithms in section 7.2. of the supported algorithms in [PKIX ALGS].
5.1.2 Certificate List "To Be Signed" 5.1.2 Certificate List "To Be Signed"
The certificate list to be signed, or TBSCertList, is a SEQUENCE of The certificate list to be signed, or TBSCertList, is a SEQUENCE of
required and optional fields. The required fields identify the CRL required and optional fields. The required fields identify the CRL
issuer, the algorithm used to sign the CRL, the date and time the CRL issuer, the algorithm used to sign the CRL, the date and time the CRL
was issued, and the date and time by which the CA will issue the next was issued, and the date and time by which the CA will issue the next
CRL. CRL.
Optional fields include lists of revoked certificates and CRL exten- Optional fields include lists of revoked certificates and CRL exten-
skipping to change at page 47, line 21 skipping to change at page 47, line 37
5.1.2.1 Version 5.1.2.1 Version
This optional field describes the version of the encoded CRL. When This optional field describes the version of the encoded CRL. When
extensions are used, as required by this profile, this field MUST be extensions are used, as required by this profile, this field MUST be
present and MUST specify version 2 (the integer value is 1). present and MUST specify version 2 (the integer value is 1).
5.1.2.2 Signature 5.1.2.2 Signature
This field contains the algorithm identifier for the algorithm used This field contains the algorithm identifier for the algorithm used
to sign the CRL. Section 7.2 lists OIDs for the most popular signa- to sign the CRL. [PKIX ALGS] lists OIDs for the most popular signa-
ture algorithms used in the Internet PKI. ture algorithms used in the Internet PKI.
This field MUST contain the same algorithm identifier as the signa- This field MUST contain the same algorithm identifier as the signa-
tureAlgorithm field in the sequence CertificateList (see section tureAlgorithm field in the sequence CertificateList (see section
5.1.1.2). 5.1.1.2).
5.1.2.3 Issuer Name 5.1.2.3 Issuer Name
The issuer name identifies the entity who has signed and issued the The issuer name identifies the entity who has signed and issued the
CRL. The issuer identity is carried in the issuer name field. Alter- CRL. The issuer identity is carried in the issuer name field. Alter-
skipping to change at page 48, line 37 skipping to change at page 48, line 52
section 4.1.2.5.2. section 4.1.2.5.2.
5.1.2.6 Revoked Certificates 5.1.2.6 Revoked Certificates
When there are no revoked certificates, the revoked certificates list When there are no revoked certificates, the revoked certificates list
is absent. Otherwise, revoked certificates are listed by their is absent. Otherwise, revoked certificates are listed by their
serial numbers. Certificates revoked by the CA are uniquely identi- serial numbers. Certificates revoked by the CA are uniquely identi-
fied by the certificate serial number. The date on which the revoca- fied by the certificate serial number. The date on which the revoca-
tion occurred is specified. The time for revocationDate MUST be tion occurred is specified. The time for revocationDate MUST be
expressed as described in section 5.1.2.4. Additional information may expressed as described in section 5.1.2.4. Additional information may
be supplied in CRL entry extensions; CRL entry extensions are dis- be supplied in CRL entry extensions; CRL entry extensions are
cussed in section 5.3. discussed in section 5.3.
5.1.2.7 Extensions 5.1.2.7 Extensions
This field may only appear if the version is 2 (see sec. 5.1.2.1). This field may only appear if the version is 2 (see sec. 5.1.2.1).
If present, this field is a SEQUENCE of one or more CRL extensions. If present, this field is a SEQUENCE of one or more CRL extensions.
CRL extensions are discussed in section 5.2. CRL extensions are discussed in section 5.2.
5.2 CRL Extensions 5.2 CRL Extensions
The extensions defined by ANSI X9 and ISO/IEC/ITU for X.509 v2 CRLs The extensions defined by ANSI X9 and ISO/IEC/ITU for X.509 v2 CRLs
skipping to change at page 50, line 38 skipping to change at page 51, line 6
that is complete for a given scope (e.g., a set of revocation reasons that is complete for a given scope (e.g., a set of revocation reasons
or a particular distribution point.) The CRL containing the delta CRL or a particular distribution point.) The CRL containing the delta CRL
indicator extension contains all updates to the certificate revoca- indicator extension contains all updates to the certificate revoca-
tion status for that same scope. The combination of a CRL containing tion status for that same scope. The combination of a CRL containing
the delta CRL indicator extension plus the CRL referenced in the the delta CRL indicator extension plus the CRL referenced in the
BaseCRLNumber component of this extension is equivalent to a full BaseCRLNumber component of this extension is equivalent to a full
CRL, for the applicable scope, at the time of publication of the CRL, for the applicable scope, at the time of publication of the
delta CRL. delta CRL.
When a conforming CA issues a delta CRL, the CA MUST also issue a CRL When a conforming CA issues a delta CRL, the CA MUST also issue a CRL
that is complete for the given scope. The CRL number extension in that is complete for the given scope. Both the delta CRL and the
the delta CRL and the complete CRL MUST contain the same value. When complete CRL MUST include the CRL number extension (see sec. 5.2.3).
a delta CRL is issued, it MUST cover the same set of reasons and same The CRL number extension in the delta CRL and the complete CRL MUST
set of certificates that were covered by the base CRL it references. contain the same value. When a delta CRL is issued, it MUST cover
the same set of reasons and same set of certificates that were
covered by the base CRL it references.
An application can construct a CRL that is complete for a given An application can construct a CRL that is complete for a given
scope, at the current time, in either of the following ways: scope, at the current time, in either of the following ways:
(a) by retrieving the current delta CRL for that scope, and com- (a) by retrieving the current delta CRL for that scope, and com-
bining it with an issued CRL that is complete for that scope and bining it with an issued CRL that is complete for that scope and
that has a cRLNumber greater than or equal to the cRLNumber of the that has a cRLNumber greater than or equal to the cRLNumber of the
base CRL referenced in the delta CRL; or base CRL referenced in the delta CRL; or
(b) by retrieving the current delta CRL for that scope and combin- (b) by retrieving the current delta CRL for that scope and combin-
ing it with a locally constructed CRL whose cRLNumber is greater ing it with a locally constructed CRL whose cRLNumber is greater
than or equal to the cRLNumber of the base CRL referenced in the than or equal to the cRLNumber of the base CRL referenced in the
skipping to change at page 52, line 33 skipping to change at page 53, line 5
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
issuingDistributionPoint ::= SEQUENCE { issuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL, distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL, onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE } indirectCRL [4] BOOLEAN DEFAULT FALSE }
5.2.6 Freshest CRL (a.k.a. Delta CRL Distribution Point)
The freshest CRL extension identifies how delta-CRL information for
this CRL is obtained. The extension MUST be non-critical.
The same syntax is used for this extension as the cRLDistribution-
Points certificate extension, and is described in section 4.2.1.14.
The same conventions apply to both extensions.
id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
FreshestCRL ::= CRLDistributionPoints
5.3 CRL Entry Extensions 5.3 CRL Entry Extensions
The CRL entry extensions already defined by ANSI X9 and ISO/IEC/ITU The CRL entry extensions already defined by ANSI X9 and ISO/IEC/ITU
for X.509 v2 CRLs provide methods for associating additional attri- for X.509 v2 CRLs provide methods for associating additional attri-
butes with CRL entries [X.509] [X9.55]. The X.509 v2 CRL format also butes with CRL entries [X.509] [X9.55]. The X.509 v2 CRL format also
allows communities to define private CRL entry extensions to carry allows communities to define private CRL entry extensions to carry
information unique to those communities. Each extension in a CRL information unique to those communities. Each extension in a CRL
entry may be designated as critical or non-critical. A CRL valida- entry may be designated as critical or non-critical. A CRL valida-
tion MUST fail if it encounters a critical CRL entry extension which tion MUST fail if it encounters a critical CRL entry extension which
it does not know how to process. However, an unrecognized non- it does not know how to process. However, an unrecognized non-
skipping to change at page 74, line 36 skipping to change at page 75, line 36
been exhausted, and the reasons_mask is not "all-reasons" and the been exhausted, and the reasons_mask is not "all-reasons" and the
cert_status is still UNREVOKED, the verifier must obtain addi- cert_status is still UNREVOKED, the verifier must obtain addi-
tional CRLs. If the tional CRLs. If the
The verifier must repeat the process above with the additional The verifier must repeat the process above with the additional
CRLs not specified in a distribution point. CRLs not specified in a distribution point.
If all CRLs are exhausted and the reasons_mask is not "all rea- If all CRLs are exhausted and the reasons_mask is not "all rea-
sons" return the cert_status UNDETERMINED. sons" return the cert_status UNDETERMINED.
7 Algorithm Support 7 References
This section describes cryptographic algorithms which may be used
with this profile. The section describes one-way hash functions and
digital signature algorithms which may be used to sign certificates
and CRLs, and identifies OIDs for public keys contained in a certifi-
cate.
Conforming CAs and applications are not required to support the algo-
rithms or algorithm identifiers described in this section. However,
conforming CAs and applications that use the algorithms identified
here MUST support them as specified.
7.1 One-way Hash Functions
This section identifies one-way hash functions for use in the Inter-
net PKI. One-way hash functions are also called message digest algo-
rithms. SHA-1 is the preferred one-way hash function for the Internet
PKI. However, PEM uses MD2 for certificates [RFC 1422] [RFC 1423]
and MD5 is used in other legacy applications. For this reason, MD2
and MD5 are included in this profile.
7.1.1 MD2 One-way Hash Function
MD2 was developed by Ron Rivest for RSA Data Security. RSA Data Secu-
rity has not placed the MD2 algorithm in the public domain. Rather,
RSA Data Security has granted license to use MD2 for non-commercial
Internet Privacy-Enhanced Mail. For this reason, MD2 may continue to
be used with PEM certificates, but SHA-1 is preferred. MD2 produces
a 128-bit "hash" of the input. MD2 is fully described in RFC 1319
[RFC 1319].
At the Selected Areas in Cryptography '95 conference in May 1995,
Rogier and Chauvaud presented an attack on MD2 that can nearly find
collisions [RC95]. Collisions occur when one can find two different
messages that generate the same message digest. A checksum operation
in MD2 is the only remaining obstacle to the success of the attack.
For this reason, the use of MD2 for new applications is discouraged.
It is still reasonable to use MD2 to verify existing signatures, as
the ability to find collisions in MD2 does not enable an attacker to
find new messages having a previously computed hash value.
7.1.2 MD5 One-way Hash Function
MD5 was developed by Ron Rivest for RSA Data Security. RSA Data Secu-
rity has placed the MD5 algorithm in the public domain. MD5 produces
a 128-bit "hash" of the input. MD5 is fully described in RFC 1321
[RFC 1321].
Den Boer and Bosselaers [DB94] have found pseudo-collisions for MD5,
but there are no other known cryptanalytic results. The use of MD5
for new applications is discouraged. It is still reasonable to use
MD5 to verify existing signatures.
7.1.3 SHA-1 One-way Hash Function
SHA-1 was developed by the U.S. Government. SHA-1 produces a 160-bit
"hash" of the input. SHA-1 is fully described in FIPS 180-1 [FIPS
180-1].
SHA-1 is the one-way hash function of choice for use with both the
RSA and DSA signature algorithms (see sec. 7.2).
7.2 Signature Algorithms
Certificates and CRLs described by this standard may be signed with
any public key signature algorithm. The certificate or CRL indicates
the algorithm through an algorithm identifier which appears in the
signatureAlgorithm field in a Certificate or CertificateList. This
algorithm identifier is an OID and has optionally associated parame-
ters. This section identifies algorithm identifiers and parameters
that shall be used in the signatureAlgorithm field in a Certificate
or CertificateList.
RSA and DSA are the most popular signature algorithms used in the
Internet. Signature algorithms are always used in conjunction with a
one-way hash function identified in section 7.1.
The signature algorithm and one-way hash function used to sign a cer-
tificate or CRL is indicated by use of an algorithm identifier. An
algorithm identifier is an OID, and may include associated parame-
ters. This section identifies OIDS for RSA and DSA. The contents of
the parameters component for each algorithm vary; details are pro-
vided for each algorithm.
The data to be signed (e.g., the one-way hash function output value)
is formatted for the signature algorithm to be used. Then, a private
key operation (e.g., RSA encryption) is performed to generate the
signature value. This signature value is then ASN.1 encoded as a BIT
STRING and included in the Certificate or CertificateList in the sig-
nature field.
7.2.1 RSA Signature Algorithm
A patent statement regarding the RSA algorithm can be found at the
end of this profile.
The RSA algorithm is named for its inventors: Rivest, Shamir, and
Adleman. This profile includes three signature algorithms based on
the RSA asymmetric encryption algorithm. The signature algorithms
combine RSA with either the MD2, MD5, or the SHA-1 one-way hash func-
tions.
The signature algorithm with MD2 and the RSA encryption algorithm is
defined in PKCS #1 [RFC 2313]. As defined in RFC 2313, the ASN.1 OID
used to identify this signature algorithm is:
md2WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 2 }
The signature algorithm with MD5 and the RSA encryption algorithm is
defined in PKCS #1 [RFC 2313]. As defined in RFC 2313, the ASN.1 OID
used to identify this signature algorithm is:
md5WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 4 }
The signature algorithm with SHA-1 and the RSA encryption algorithm
is implemented using the padding and encoding conventions described
in PKCS #1 [RFC 2313]. The message digest is computed using the SHA-1
hash algorithm. The ASN.1 object identifier used to identify this
signature algorithm is:
sha-1WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 5 }
When any of these three OIDs appears within the ASN.1 type Algorith-
mIdentifier, the parameters component of that type shall be the ASN.1
type NULL.
The RSA signature generation process and the encoding of the result
is described in detail in RFC 2313.
7.2.2 DSA Signature Algorithm
A patent statement regarding the DSA can be found at the end of this
profile.
The Digital Signature Algorithm (DSA) is also called the Digital Sig-
nature Standard (DSS). DSA was developed by the U.S. Government, and
DSA is used in conjunction with the the SHA-1 one-way hash function.
DSA is fully described in FIPS 186 [FIPS 186]. The ASN.1 OIDs used
to identify this signature algorithm are:
id-dsa-with-sha1 ID ::= {
iso(1) member-body(2) us(840) x9-57 (10040)
x9cm(4) 3 }
Where the id-dsa-with-sha1 algorithm identifier appears as the algo-
rithm field in an AlgorithmIdentifier, the encoding shall omit the
parameters field. That is, the AlgorithmIdentifier shall be a
SEQUENCE of one component - the OBJECT IDENTIFIER id-dsa-with-sha1.
The DSA parameters in the subjectPublicKeyInfo field of the
certificate of the issuer shall apply to the verification of the sig-
nature.
When signing, the DSA algorithm generates two values. These values
are commonly referred to as r and s. To easily transfer these two
values as one signature, they shall be ASN.1 encoded using the fol-
lowing ASN.1 structure:
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
7.3 Subject Public Key Algorithms
Certificates described by this profile may convey a public key for
any public key algorithm. The certificate indicates the algorithm
through an algorithm identifier. This algorithm identifier is an OID
and optionally associated parameters.
This section identifies preferred OIDs and parameters for the RSA,
DSA, and Diffie-Hellman algorithms. Conforming CAs shall use the
identified OIDs when issuing certificates containing public keys for
these algorithms. Conforming applications supporting any of these
algorithms shall, at a minimum, recognize the OID identified in this
section.
7.3.1 RSA Keys
The OID rsaEncryption identifies RSA public keys.
pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 1 }
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1}
The rsaEncryption OID is intended to be used in the algorithm field
of a value of type AlgorithmIdentifier. The parameters field shall
have ASN.1 type NULL for this algorithm identifier.
The RSA public key shall be encoded using the ASN.1 type RSAPub-
licKey:
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e -- }
where modulus is the modulus n, and publicExponent is the public
exponent e. The DER encoded RSAPublicKey is the value of the BIT
STRING subjectPublicKey.
This OID is used in public key certificates for both RSA signature
keys and RSA encryption keys. The intended application for the key
may be indicated in the key usage field (see sec. 4.2.1.3). The use
of a single key for both signature and encryption purposes is not
recommended, but is not forbidden.
If the keyUsage extension is present in an end entity certificate
which conveys an RSA public key, any combination of the following
values may be present: digitalSignature; nonRepudiation; keyEnci-
pherment; and dataEncipherment. If the keyUsage extension is present
in a CA certificate which conveys an RSA public key, any combination
of the following values may be present: digitalSignature; nonRepudi-
ation; keyEncipherment; dataEncipherment; keyCertSign; and cRLSign.
However, this specification RECOMMENDS that if keyCertSign or cRLSign
is present, both keyEncipherment and dataEncipherment should not be
present.
7.3.2 Diffie-Hellman Key Exchange Key
The Diffie-Hellman OID supported by this profile is defined by ANSI
X9.42 [X9.42].
dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) ansi-x942(10046) number-type(2) 1 }
The dhpublicnumber OID is intended to be used in the algorithm field
of a value of type AlgorithmIdentifier. The parameters field of that
type, which has the algorithm-specific syntax ANY DEFINED BY algo-
rithm, have the ASN.1 type GroupParameters for this algorithm.
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
The fields of type DomainParameters have the following meanings:
p identifies the prime p defining the Galois field;
g specifies the generator of the multiplicative subgroup of order
g;
q specifies the prime factor of p-1;
j optionally specifies the value that satisfies the equation
p=jq+1 to support the optional verification of group parameters;
seed optionally specifies the bit string parameter used as the
seed for the system parameter generation process; and
pgenCounter optionally specifies the integer value output as part
of the of the system parameter prime generation process.
If either of the parameter generation components (pgencounter or
seed) is provided, the other shall be present as well.
The Diffie-Hellman public key shall be ASN.1 encoded as an INTEGER;
this encoding shall be used as the contents (i.e., the value) of the
subjectPublicKey component (a BIT STRING) of the subjectPublicKeyInfo
data element.
DHPublicKey ::= INTEGER -- public key, y = g^x mod p
If the keyUsage extension is present in a certificate which conveys a
DH public key, the following values may be present: keyAgreement;
encipherOnly; and decipherOnly. At most one of encipherOnly and
decipherOnly shall be asserted in keyUsage extension.
7.3.3 DSA Signature Keys
The Digital Signature Algorithm (DSA) is also known as the Digital
Signature Standard (DSS). The DSA OID supported by this profile is
id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040)
x9cm(4) 1 }
The id-dsa algorithm syntax includes optional parameters. These
parameters are commonly referred to as p, q, and g. When omitted,
the parameters component shall be omitted entirely. That is, the
AlgorithmIdentifier shall be a SEQUENCE of one component - the OBJECT
IDENTIFIER id-dsa.
If the DSA algorithm parameters are present in the subjectPublicKey-
Info AlgorithmIdentifier, the parameters are included using the fol-
lowing ASN.1 structure:
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
If the DSA algorithm parameters are absent from the subjectPublicKey-
Info AlgorithmIdentifier and the CA signed the subject certificate
using DSA, then the certificate issuer's DSA parameters apply to the
subject's DSA key. If the DSA algorithm parameters are absent from
the subjectPublicKeyInfo AlgorithmIdentifier and the CA signed the
subject certificate using a signature algorithm other than DSA, then
the subject's DSA parameters are distributed by other means. If the
subjectPublicKeyInfo AlgorithmIdentifier field omits the parameters
component and the CA signed the subject with a signature algorithm
other than DSA, then clients shall reject the certificate.
When signing, DSA algorithm generates two values. These values are
commonly referred to as r and s. To easily transfer these two values
as one signature, they are ASN.1 encoded using the following ASN.1
structure:
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
The encoded signature is conveyed as the value of the BIT STRING sig-
nature in a Certificate or CertificateList.
The DSA public key shall be ASN.1 DER encoded as an INTEGER; this
encoding shall be used as the contents (i.e., the value) of the sub-
jectPublicKey component (a BIT STRING) of the SubjectPublicKeyInfo
data element.
DSAPublicKey ::= INTEGER -- public key, Y
If the keyUsage extension is present in an end entity certificate
which conveys a DSA public key, any combination of the following
values may be present: digitalSignature; and nonRepudiation.
If the keyUsage extension is present in an CA certificate which con-
veys a DSA public key, any combination of the following values may be
present: digitalSignature; nonRepudiation; keyCertSign; and cRLSign.
8 References
[FIPS 180-1] Federal Information Processing Standards Publication
(FIPS PUB) 180-1, Secure Hash Standard, 17 April 1995.
[Supersedes FIPS PUB 180 dated 11 May 1993.]
[FIPS 186] Federal Information Processing Standards Publication
(FIPS PUB) 186, Digital Signature Standard, 18 May 1994.
[RC95] Rogier, N. and Chauvaud, P., "The compression function of
MD2 is not collision free," Presented at Selected Areas in
Cryptography '95, May 1995.
[RFC 791] J. Postel, "Internet Protocol", September 1981. [RFC 791] J. Postel, "Internet Protocol", September 1981.
[RFC 822] D. Crocker, "Standard for the format of ARPA Internet text [RFC 822] D. Crocker, "Standard for the format of ARPA Internet text
messages", August 1982. messages", August 1982.
[RFC 1034] P.V. Mockapetris, "Domain names - concepts and [RFC 1034] P.V. Mockapetris, "Domain names - concepts and
facilities", November 1987. facilities", November 1987.
[RFC 1319] Kaliski, B., "The MD2 Message-Digest Algorithm," RFC 1319,
RSA Laboratories, April 1992.
[RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm," RFC 1321,
MIT and RSA Data Security, April 1992.
[RFC 1422] Kent, S., "Privacy Enhancement for Internet Electronic [RFC 1422] Kent, S., "Privacy Enhancement for Internet Electronic
Mail: Part II: Certificate-Based Key Management," RFC Mail: Part II: Certificate-Based Key Management," RFC
1422, BBN Communications, February 1993. 1422, BBN Communications, February 1993.
[RFC 1423] Balenson, D., "Privacy Enhancement for Internet Electronic [RFC 1423] Balenson, D., "Privacy Enhancement for Internet Electronic
Mail: Part III: Algorithms, Modes, and Identifiers," Mail: Part III: Algorithms, Modes, and Identifiers,"
RFC 1423, Trusted Information Systems, February 1993. RFC 1423, Trusted Information Systems, February 1993.
[RFC 1510] Kohl, J., and C. Neuman, "The Kerberos Network
Authentication Service (V5)," RFC 1510, September 1993.
[RFC 1519] V. Fuller, T. Li, J. Yu, and K. Varadhan. "Classless [RFC 1519] V. Fuller, T. Li, J. Yu, and K. Varadhan. "Classless
Inter-Domain Routing (CIDR): an Address Assignment and Inter-Domain Routing (CIDR): an Address Assignment and
Aggregation Strategy", September 1993. Aggregation Strategy", September 1993.
[RFC 1738] Berners-Lee, T., Masinter L., and M. McCahill. [RFC 1738] Berners-Lee, T., Masinter L., and M. McCahill.
"Uniform Resource Locators (URL)", RFC 1738, December 1994. "Uniform Resource Locators (URL)", RFC 1738, December 1994.
[RFC 1778] Howes, T., Kille S., Yeong, W. and C. Robbins. "The [RFC 1778] Howes, T., Kille S., Yeong, W. and C. Robbins. "The
String Representation of Standard Attribute Syntaxes," String Representation of Standard Attribute Syntaxes,"
RFC 1778, March 1995. RFC 1778, March 1995.
skipping to change at page 83, line 12 skipping to change at page 76, line 36
[RFC 2247] Kille, S., Wahl, M., Grimstad, A., Huber, R. and S. [RFC 2247] Kille, S., Wahl, M., Grimstad, A., Huber, R. and S.
Sataluri. "Using Domains in LDAP/X.500 Distinguished Names", Sataluri. "Using Domains in LDAP/X.500 Distinguished Names",
RFC 2247, January 1998. RFC 2247, January 1998.
[RFC 2277] H. Alvestrand, "IETF Policy on Character Sets and [RFC 2277] H. Alvestrand, "IETF Policy on Character Sets and
Languages", January 1998. Languages", January 1998.
[RFC 2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646", [RFC 2279] F. Yergeau, "UTF-8, a transformation format of ISO 10646",
January 1998. January 1998.
[RFC 2313] B. Kaliski, "PKCS #1: RSA Encryption Version 1.5", [RFC 2560] Myers, M., Ankney R., Malpani A., Galperin S., and
March 1998. C. Adams, "Online Certificate Status Protocal - OCSP",
June 1999.
[SDN.701] SDN.701, "Message Security Protocol 4.0", Revision A [SDN.701] SDN.701, "Message Security Protocol 4.0", Revision A
1997-02-06. 1997-02-06.
[X.208] CCITT Recommendation X.208: Specification of Abstract [X.208] CCITT Recommendation X.208: Specification of Abstract
Syntax Notation One (ASN.1), 1988. Syntax Notation One (ASN.1), 1988.
[X.501] ITU-T Recommendation X.501: Information [X.501] ITU-T Recommendation X.501: Information
Technology - Open Systems Interconnection - The Technology - Open Systems Interconnection - The
Directory: Models, 1993. Directory: Models, 1993.
[X.509] ITU-T Recommendation X.509 (1997 E): Information [X.509] ITU-T Recommendation X.509 (1997 E): Information
Technology - Open Systems Interconnection - The Technology - Open Systems Interconnection - The
Directory: Authentication Framework, June 1997. Directory: Authentication Framework, June 1997.
[X.520] ITU-T Recommendation X.520: Information [X.520] ITU-T Recommendation X.520: Information
Technology - Open Systems Interconnection - The Technology - Open Systems Interconnection - The
Directory: Selected Attribute Types, 1993. Directory: Selected Attribute Types, 1993.
[X9.42] ANSI X9.42-199x, Public Key Cryptography for The Financial
Services Industry: Agreement of Symmetric Algorithm Keys
Using Diffie-Hellman (Working Draft), December 1997.
[X9.55] ANSI X9.55-1995, Public Key Cryptography For The Financial [X9.55] ANSI X9.55-1995, Public Key Cryptography For The Financial
Services Industry: Extensions To Public Key Certificates Services Industry: Extensions To Public Key Certificates
And Certificate Revocation Lists, 8 December, 1995. And Certificate Revocation Lists, 8 December, 1995.
[X9.57] ANSI X9.57-199x, Public Key Cryptography For The Financial [PKINIT] Tung, B., Neuman C., Hur M., Medvinsky A., Medvinsky S.,
Services Industry: Certificate Management (Working Draft), Wray J., and J. Trostle, "Public Key Cryptography for
21 June, 1996. Initial Authentciaion in Kerberos,"
draft-ietf-cat-kerberos-pk-init-11.txt, March 15, 2000.
9 Intellectual Property Rights [PKIX ALGS] Bassham, L., Housley, R., and W. Polk, "Internet X.509
Public Key Infrastructure Representation of Public Keys
and Digital Signatures,"
draft-ietf-pkix-ipki-pkalgs-00.txt, July 14, 2000.
8 Intellectual Property Rights
The IETF has been notified of intellectual property rights claimed in The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this docu- regard to some or all of the specification contained in this docu-
ment. For more information consult the online list of claimed ment. For more information consult the online list of claimed
rights. rights.
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to per- intellectual property or other rights that might be claimed to per-
tain to the implementation or use of the technology described in this tain to the implementation or use of the technology described in this
document or the extent to which any license under such rights might document or the extent to which any license under such rights might
or might not be available; neither does it represent that it has made or might not be available; neither does it represent that it has made
any effort to identify any such rights. Information on the IETF's any effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and standards- procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11. Copies of claims of related documentation can be found in BCP-11. Copies of claims of
rights made available for publication and any assurances of licenses rights made available for publication and any assurances of licenses
to be made available, or the result of an attempt made to obtain a to be made available, or the result of an attempt made to obtain a
general license or permission for the use of such proprietary rights general license or permission for the use of such proprietary rights
by implementors or users of this specification can be obtained from by implementors or users of this specification can be obtained from
the IETF Secretariat. the IETF Secretariat.
10 Security Considerations 9 Security Considerations
The majority of this specification is devoted to the format and con- The majority of this specification is devoted to the format and con-
tent of certificates and CRLs. Since certificates and CRLs are digi- tent of certificates and CRLs. Since certificates and CRLs are digi-
tally signed, no additional integrity service is necessary. Neither tally signed, no additional integrity service is necessary. Neither
certificates nor CRLs need be kept secret, and unrestricted and certificates nor CRLs need be kept secret, and unrestricted and
anonymous access to certificates and CRLs has no security implica- anonymous access to certificates and CRLs has no security
tions. implications.
However, security factors outside the scope of this specification However, security factors outside the scope of this specification
will affect the assurance provided to certificate users. This sec- will affect the assurance provided to certificate users. This sec-
tion highlights critical issues that should be considered by imple- tion highlights critical issues that should be considered by imple-
mentors, administrators, and users. mentors, administrators, and users.
The procedures performed by CAs and RAs to validate the binding of The procedures performed by CAs and RAs to validate the binding of
the subject's identity of their public key greatly affect the the subject's identity of their public key greatly affect the
assurance that should be placed in the certificate. Relying parties assurance that should be placed in the certificate. Relying parties
may wish to review the CA's certificate practice statement. This may may wish to review the CA's certificate practice statement. This may
skipping to change at page 85, line 51 skipping to change at page 79, line 31
In addition, where a key compromise or CA failure occurs for a In addition, where a key compromise or CA failure occurs for a
trusted CA, the user will need to modify the information provided to trusted CA, the user will need to modify the information provided to
the path validation routine. Selection of too many trusted CAs will the path validation routine. Selection of too many trusted CAs will
make the trusted CA information difficult to maintain. On the other make the trusted CA information difficult to maintain. On the other
hand, selection of only one trusted CA may limit users to a closed hand, selection of only one trusted CA may limit users to a closed
community of users until a global PKI emerges. community of users until a global PKI emerges.
The quality of implementations that process certificates may also The quality of implementations that process certificates may also
affect the degree of assurance provided. The path validation algo- affect the degree of assurance provided. The path validation algo-
rithm described in section 6 relies upon the integrity of the trusted rithm described in section 6 relies upon the integrity of the trusted
CA information, and especially the integrity of the public keys CA information, and especially the integrity of the public keys asso-
associated with the trusted CAs. By substituting public keys for ciated with the trusted CAs. By substituting public keys for which
which an attacker has the private key, an attacker could trick the an attacker has the private key, an attacker could trick the user
user into accepting false certificates. into accepting false certificates.
The binding between a key and certificate subject cannot be stronger The binding between a key and certificate subject cannot be stronger
than the cryptographic module implementation and algorithms used to than the cryptographic module implementation and algorithms used to
generate the signature. Short key lengths or weak hash algorithms generate the signature. Short key lengths or weak hash algorithms
will limit the utility of a certificate. CAs are encouraged to note will limit the utility of a certificate. CAs are encouraged to note
advances in cryptology so they can employ strong cryptographic tech- advances in cryptology so they can employ strong cryptographic tech-
niques. In addition, CAs should decline to issue certificates to CAs niques. In addition, CAs should decline to issue certificates to CAs
or end entities that generate weak signatures. or end entities that generate weak signatures.
Inconsistent application of name comparison rules may result in Inconsistent application of name comparison rules may result in
skipping to change at page 93, line 24 skipping to change at page 87, line 24
-- Version, Time, CertificateSerialNumber, and Extensions were -- Version, Time, CertificateSerialNumber, and Extensions were
-- defined earlier for use in the certificate structure -- defined earlier for use in the certificate structure
AlgorithmIdentifier ::= SEQUENCE { AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER, algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL } parameters ANY DEFINED BY algorithm OPTIONAL }
-- contains a value of the type -- contains a value of the type
-- registered for use with the -- registered for use with the
-- algorithm object identifier value -- algorithm object identifier value
pkcs-1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
dhpublicnumber OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor, j>= 2
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
id-dsa OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
-- x400 address syntax starts here -- x400 address syntax starts here
-- OR Names -- OR Names
ORAddress ::= SEQUENCE { ORAddress ::= SEQUENCE {
built-in-standard-attributes BuiltInStandardAttributes, built-in-standard-attributes BuiltInStandardAttributes,
built-in-domain-defined-attributes built-in-domain-defined-attributes
BuiltInDomainDefinedAttributes OPTIONAL, BuiltInDomainDefinedAttributes OPTIONAL,
-- see also teletex-domain-defined-attributes -- see also teletex-domain-defined-attributes
extension-attributes ExtensionAttributes OPTIONAL } extension-attributes ExtensionAttributes OPTIONAL }
-- The OR-address is semantically absent from the OR-name if the -- The OR-address is semantically absent from the OR-name if the
skipping to change at page 108, line 4 skipping to change at page 101, line 4
id-holdinstruction-reject OBJECT IDENTIFIER ::= id-holdinstruction-reject OBJECT IDENTIFIER ::=
{holdInstruction 3} {holdInstruction 3}
-- invalidity date CRL entry extension OID and syntax -- invalidity date CRL entry extension OID and syntax
id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
InvalidityDate ::= GeneralizedTime InvalidityDate ::= GeneralizedTime
END END
Appendix B. 1993 ASN.1 Structures and OIDs Appendix B. ASN.1 Notes
B.1 Explicitly Tagged Module, 1993 Syntax
PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)}
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
IMPORTS
authorityKeyIdentifier, subjectKeyIdentifier, keyUsage,
extendedKeyUsage, privateKeyUsagePeriod, certificatePolicies,
policyMappings, subjectAltName, issuerAltName,
basicConstraints, nameConstraints, policyConstraints,
cRLDistributionPoints, subjectDirectoryAttributes,
cRLNumber, reasonCode, instructionCode, invalidityDate,
issuingDistributionPoint, certificateIssuer,
deltaCRLIndicator, authorityInfoAccess, id-ce
FROM PKIX1Implicit93 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-implicit-93(4)} ;
-- Locally defined OIDs --
id-pkix OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) }
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-- arc for policy qualifier types
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
-- OID for CPS qualifier
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
-- OID for user notice qualifier
-- Public Key Certificate --
Certificate ::= SIGNED { SEQUENCE {
version [0] Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL,
---if present, version shall be v2 or v3--
subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL,
---if present, version shall be v2 or v3--
extensions [3] Extensions OPTIONAL
--if present, version shall be v3--} }
UniqueIdentifier ::= BIT STRING
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
SubjectPublicKeyInfo ::= SEQUENCE{
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING}
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId EXTENSION.&id ({ExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
-- contains a DER encoding of a value of type
-- &ExtnType for the
-- extension object identified by extnId --
ExtensionSet EXTENSION ::= { authorityKeyIdentifier |
subjectKeyIdentifier |
keyUsage |
extendedKeyUsage |
privateKeyUsagePeriod |
certificatePolicies |
policyMappings |
subjectAltName |
issuerAltName |
basicConstraints |
nameConstraints |
policyConstraints |
cRLDistributionPoints |
subjectDirectoryAttributes |
authorityInfoAccess }
EXTENSION ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&ExtnType }
WITH SYNTAX {
SYNTAX &ExtnType
IDENTIFIED BY &id }
-- Certificate Revocation List --
CertificateList ::= SIGNED { SEQUENCE {
version Version OPTIONAL, -- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions EntryExtensions OPTIONAL } OPTIONAL,
crlExtensions [0] CRLExtensions OPTIONAL }}
CRLExtensions ::= SEQUENCE SIZE (1..MAX) OF CRLExtension
CRLExtension ::= SEQUENCE {
extnId EXTENSION.&id ({CRLExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
-- contains a DER encoding of a value of type
-- &ExtnType for the
-- extension object identified by extnId --
CRLExtensionSet EXTENSION ::= { authorityKeyIdentifier |
issuerAltName |
cRLNumber |
deltaCRLIndicator |
issuingDistributionPoint }
EntryExtensions ::= SEQUENCE SIZE (1..MAX) OF EntryExtension
EntryExtension ::= SEQUENCE {
extnId EXTENSION.&id ({EntryExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
-- contains a DER encoding of a value of type
-- &ExtnType for the
-- extension object identified by extnId --
EntryExtensionSet EXTENSION ::= { reasonCode |
instructionCode |
invalidityDate |
certificateIssuer }
-- information object classes used in the defintion --
-- of certificates and CRLs --
SIGNED { ToBeSigned } ::= SEQUENCE {
toBeSigned ToBeSigned,
algorithm AlgorithmIdentifier,
signature BIT STRING
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm ALGORITHM-ID.&id({SupportedAlgorithms}),
parameters ALGORITHM-ID.&Type({SupportedAlgorithms}
{ @algorithm}) OPTIONAL }
ALGORITHM-ID ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Type OPTIONAL
}
WITH SYNTAX { OID &id [PARMS &Type] }
SupportedAlgorithms ALGORITHM-ID ::= { ..., -- extensible
rsaPublicKey |
rsaSHA-1 |
rsaMD5 |
rsaMD2 |
dssPublicKey |
dsaSHA-1 |
dhPublicKey }
rsaPublicKey ALGORITHM-ID ::= { OID rsaEncryption PARMS NULL }
rsaSHA-1 ALGORITHM-ID ::= { OID sha1WithRSAEncryption PARMS NULL }
rsaMD5 ALGORITHM-ID ::= { OID md5WithRSAEncryption PARMS NULL }
rsaMD2 ALGORITHM-ID ::= { OID md2WithRSAEncryption PARMS NULL }
dssPublicKey ALGORITHM-ID ::= { OID id-dsa PARMS Dss-Parms }
dsaSHA-1 ALGORITHM-ID ::= { OID id-dsa-with-sha1 }
dhPublicKey ALGORITHM-ID ::= {OID dhpublicnumber PARMS DomainParameters}
pkcs-1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
dhpublicnumber OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor, j>= 2
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
id-dsa OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
-- The ASN.1 in this section supports the Name type
-- and the directoryAttribute extension
Attribute ::= SEQUENCE {
type ATTRIBUTE.&id ({SupportedAttributes}),
values SET SIZE (1 .. MAX) OF ATTRIBUTE.&Type
({SupportedAttributes}{@type})}
AttributeTypeAndValue ::= SEQUENCE {
type ATTRIBUTE.&id ({SupportedAttributes}),
value ATTRIBUTE.&Type ({SupportedAttributes}{@type})}
Name ::= CHOICE { -- only one possibility for now --
rdnSequence RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET SIZE (1 .. MAX) OF AttributeTypeAndValue
ID ::= OBJECT IDENTIFIER
ATTRIBUTE ::= CLASS {
&Type,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
WITH SYNTAX &Type ID &id }
SupportedAttributes ATTRIBUTE ::= {
name | commonName | surname | givenName | initials |
generationQualifier | dnQualifier | countryName |
localityName | stateOrProvinceName | organizationName |
organizationalUnitName | title | pkcs9email }
name ATTRIBUTE ::= {
WITH SYNTAX DirectoryString { ub-name }
ID id-at-name }
commonName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-common-name}
ID id-at-commonName }
surname ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-name}
ID id-at-surname }
givenName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-name}
ID id-at-givenName }
initials ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-name}
ID id-at-initials }
generationQualifier ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-name}
ID id-at-generationQualifier}
dnQualifier ATTRIBUTE ::= {
WITH SYNTAX PrintableString
ID id-at-dnQualifier }
countryName ATTRIBUTE ::= {
WITH SYNTAX PrintableString (SIZE (2))
-- IS 3166 codes only
ID id-at-countryName }
localityName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-locality-name}
ID id-at-localityName }
stateOrProvinceName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-state-name}
ID id-at-stateOrProvinceName }
organizationName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-organization-name}
ID id-at-organizationName }
organizationalUnitName ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-organizational-unit-name}
ID id-at-organizationalUnitName }
title ATTRIBUTE ::= {
WITH SYNTAX DirectoryString {ub-title}
ID id-at-title }
-- domainComponent from RFC 2247
domainComponent ATTRIBUTE ::= {
WITH SYNTAX IA5String
ID id-domaincomponent }
-- Legacy attributes
pkcs9email ATTRIBUTE ::= {
WITH SYNTAX PHGString,
ID emailAddress }
PHGString ::= IA5String (SIZE(1..ub-emailaddress-length))
pkcs-9 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
emailAddress OBJECT IDENTIFIER ::= { pkcs-9 1 }
-- object identifiers for Name type and directory attribute support
id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}
id-at-surname OBJECT IDENTIFIER ::= {id-at 4}
id-at-countryName OBJECT IDENTIFIER ::= {id-at 6}
id-at-localityName OBJECT IDENTIFIER ::= {id-at 7}
id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8}
id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10}
id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11}
id-at-title OBJECT IDENTIFIER ::= {id-at 12}
id-at-name OBJECT IDENTIFIER ::= {id-at 41}
id-at-givenName OBJECT IDENTIFIER ::= {id-at 42}
id-at-initials OBJECT IDENTIFIER ::= {id-at 43}
id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44}
id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46}
id-at-serialNumber OBJECT IDENTIFIER ::= { id-at 5 }
id-domainComponent OBJECT IDENTIFIER :=
{ 0 9 2342 19200300 100 1 25 }
DirectoryString { INTEGER:maxSize } ::= CHOICE {
teletexString TeletexString (SIZE (1..maxSize)),
printableString PrintableString (SIZE (1..maxSize)),
universalString UniversalString (SIZE (1..maxSize)),
bmpString BMPString (SIZE(1..maxSize)),
utf8String UTF8String (SIZE(1..maxSize))
}
-- End of ASN.1 for Name type and directory attribute support --
-- The ASN.1 in this section supports X.400 style names --
-- for implementations that use the x400Address component --
-- of GeneralName. --
ORAddress ::= SEQUENCE {
built-in-standard-attributes BuiltInStandardAttributes,
built-in-domain-defined-attributes
BuiltInDomainDefinedAttributes OPTIONAL,
-- see also teletex-domain-defined-attributes
extension-attributes ExtensionAttributes OPTIONAL }
BuiltInStandardAttributes ::= SEQUENCE {
country-name CountryName OPTIONAL,
administration-domain-name AdministrationDomainName OPTIONAL,
network-address [0] NetworkAddress OPTIONAL,
-- see also extended-network-address
terminal-identifier [1] TerminalIdentifier OPTIONAL,
private-domain-name [2] PrivateDomainName OPTIONAL,
organization-name [3] OrganizationName OPTIONAL,
-- see also teletex-organization-name
numeric-user-identifier [4] NumericUserIdentifier OPTIONAL,
personal-name [5] PersonalName OPTIONAL,
-- see also teletex-personal-name
organizational-unit-names [6] OrganizationalUnitNames OPTIONAL
-- see also teletex-organizational-unit-names -- }
CountryName ::= [APPLICATION 1] CHOICE {
x121-dcc-code NumericString
(SIZE (ub-country-name-numeric-length)),
iso-3166-alpha2-code PrintableString
(SIZE (ub-country-name-alpha-length)) }
AdministrationDomainName ::= [APPLICATION 2] CHOICE {
numeric NumericString (SIZE (0..ub-domain-name-length)),
printable PrintableString (SIZE (0..ub-domain-name-length)) }
NetworkAddress ::= X121Address
X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
PrivateDomainName ::= CHOICE {
numeric NumericString (SIZE (1..ub-domain-name-length)),
printable PrintableString (SIZE (1..ub-domain-name-length)) }
OrganizationName ::= PrintableString
(SIZE (1..ub-organization-name-length))
NumericUserIdentifier ::= NumericString
(SIZE (1..ub-numeric-user-id-length))
PersonalName ::= SET {
surname [0] PrintableString (SIZE (1..ub-surname-length)),
given-name [1] PrintableString
(SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] PrintableString
(SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] PrintableString
(SIZE (1..ub-generation-qualifier-length)) OPTIONAL}
OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
OF OrganizationalUnitName
OrganizationalUnitName ::= PrintableString (SIZE
(1..ub-organizational-unit-name-length))
BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
(1..ub-domain-defined-attributes) OF
BuiltInDomainDefinedAttribute
BuiltInDomainDefinedAttribute ::= SEQUENCE {
type PrintableString (SIZE
(1..ub-domain-defined-attribute-type-length)),
value PrintableString (SIZE
(1..ub-domain-defined-attribute-value-length)) }
ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes)
OF ExtensionAttribute
ExtensionAttribute ::= SEQUENCE {
extension-attribute-type [0] EXTENSION-ATTRIBUTE.&id
({ExtensionAttributeTable}),
extension-attribute-value [1] EXTENSION-ATTRIBUTE.&Type
({ExtensionAttributeTable} {@extension-attribute-type}) }
EXTENSION-ATTRIBUTE ::= CLASS {
&id INTEGER (0..ub-extension-attributes) UNIQUE,
&Type }
WITH SYNTAX {&Type IDENTIFIED BY &id}
ExtensionAttributeTable EXTENSION-ATTRIBUTE ::= {
common-name |
teletex-common-name |
teletex-organization-name |
teletex-personal-name |
teletex-organizational-unit-names |
teletex-domain-defined-attributes |
pds-name |
physical-delivery-country-name |
postal-code |
physical-delivery-office-name |
physical-delivery-office-number |
extension-OR-address-components |
physical-delivery-personal-name |
physical-delivery-organization-name |
extension-physical-delivery-address-components |
unformatted-postal-address |
street-address |
post-office-box-address |
poste-restante-address |
unique-postal-name |
local-postal-attributes |
extended-network-address |
terminal-type }
common-name EXTENSION-ATTRIBUTE ::= {CommonName IDENTIFIED BY 1}
CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
teletex-common-name EXTENSION-ATTRIBUTE ::=
{TeletexCommonName IDENTIFIED BY 2}
TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
teletex-organization-name EXTENSION-ATTRIBUTE ::=
{TeletexOrganizationName IDENTIFIED BY 3}
TeletexOrganizationName ::=
TeletexString (SIZE (1..ub-organization-name-length))
teletex-personal-name EXTENSION-ATTRIBUTE ::=
{TeletexPersonalName IDENTIFIED BY 4}
TeletexPersonalName ::= SET {
surname [0] TeletexString (SIZE (1..ub-surname-length)),
given-name [1] TeletexString
(SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] TeletexString (SIZE
(1..ub-generation-qualifier-length)) OPTIONAL }
teletex-organizational-unit-names EXTENSION-ATTRIBUTE ::=
{TeletexOrganizationalUnitNames IDENTIFIED BY 5}
TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
(1..ub-organizational-units) OF TeletexOrganizationalUnitName
TeletexOrganizationalUnitName ::= TeletexString
(SIZE (1..ub-organizational-unit-name-length))
pds-name EXTENSION-ATTRIBUTE ::= {PDSName IDENTIFIED BY 7}
PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
physical-delivery-country-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryCountryName IDENTIFIED BY 8}
PhysicalDeliveryCountryName ::= CHOICE {
x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
iso-3166-alpha2-code PrintableString
(SIZE (ub-country-name-alpha-length)) }
postal-code EXTENSION-ATTRIBUTE ::= {PostalCode IDENTIFIED BY 9}
PostalCode ::= CHOICE {
numeric-code NumericString (SIZE (1..ub-postal-code-length)),
printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
physical-delivery-office-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryOfficeName IDENTIFIED BY 10}
PhysicalDeliveryOfficeName ::= PDSParameter
physical-delivery-office-number EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryOfficeNumber IDENTIFIED BY 11}
PhysicalDeliveryOfficeNumber ::= PDSParameter
extension-OR-address-components EXTENSION-ATTRIBUTE ::=
{ExtensionORAddressComponents IDENTIFIED BY 12}
ExtensionORAddressComponents ::= PDSParameter
physical-delivery-personal-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryPersonalName IDENTIFIED BY 13}
PhysicalDeliveryPersonalName ::= PDSParameter
physical-delivery-organization-name EXTENSION-ATTRIBUTE ::=
{PhysicalDeliveryOrganizationName IDENTIFIED BY 14}
PhysicalDeliveryOrganizationName ::= PDSParameter
extension-physical-delivery-address-components EXTENSION-ATTRIBUTE ::=
{ExtensionPhysicalDeliveryAddressComponents IDENTIFIED BY 15}
ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
unformatted-postal-address EXTENSION-ATTRIBUTE ::=
{UnformattedPostalAddress IDENTIFIED BY 16}
UnformattedPostalAddress ::= SET {
printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
teletex-string TeletexString (SIZE
(1..ub-unformatted-address-length)) OPTIONAL }
street-address EXTENSION-ATTRIBUTE ::=
{StreetAddress IDENTIFIED BY 17}
StreetAddress ::= PDSParameter
post-office-box-address EXTENSION-ATTRIBUTE ::=
{PostOfficeBoxAddress IDENTIFIED BY 18}
PostOfficeBoxAddress ::= PDSParameter
poste-restante-address EXTENSION-ATTRIBUTE ::=
{PosteRestanteAddress IDENTIFIED BY 19}
PosteRestanteAddress ::= PDSParameter
unique-postal-name EXTENSION-ATTRIBUTE ::=
{UniquePostalName IDENTIFIED BY 20}
UniquePostalName ::= PDSParameter
local-postal-attributes EXTENSION-ATTRIBUTE ::=
{LocalPostalAttributes IDENTIFIED BY 21}
LocalPostalAttributes ::= PDSParameter
PDSParameter ::= SET {
printable-string PrintableString
(SIZE(1..ub-pds-parameter-length)) OPTIONAL,
teletex-string TeletexString
(SIZE(1..ub-pds-parameter-length)) OPTIONAL }
extended-network-address EXTENSION-ATTRIBUTE ::=
{ExtendedNetworkAddress IDENTIFIED BY 22}
ExtendedNetworkAddress ::= CHOICE {
e163-4-address SEQUENCE {
number [0] NumericString
(SIZE (1..ub-e163-4-number-length)),
sub-address [1] NumericString
(SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL},
psap-address [0] PresentationAddress }
PresentationAddress ::= SEQUENCE {
pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING}
terminal-type EXTENSION-ATTRIBUTE ::= {TerminalType IDENTIFIED BY 23}
TerminalType ::= INTEGER {
telex (3),
teletex (4),
g3-facsimile (5),
g4-facsimile (6),
ia5-terminal (7),
videotex (8) } (0..ub-integer-options)
teletex-domain-defined-attributes EXTENSION-ATTRIBUTE ::=
{TeletexDomainDefinedAttributes IDENTIFIED BY 6}
TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
(1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
TeletexDomainDefinedAttribute ::= SEQUENCE {
type TeletexString
(SIZE (1..ub-domain-defined-attribute-type-length)),
value TeletexString
(SIZE (1..ub-domain-defined-attribute-value-length)) }
ub-name INTEGER ::= 32768
ub-common-name INTEGER ::= 64
ub-locality-name INTEGER ::= 128
ub-state-name INTEGER ::= 128
ub-organization-name INTEGER ::= 64
ub-organizational-unit-name INTEGER ::= 64
ub-title INTEGER ::= 64
ub-match INTEGER ::= 128
ub-emailaddress-length INTEGER ::= 128
ub-common-name-length INTEGER ::= 64
ub-country-name-alpha-length INTEGER ::= 2
ub-country-name-numeric-length INTEGER ::= 3
ub-domain-defined-attributes INTEGER ::= 4
ub-domain-defined-attribute-type-length INTEGER ::= 8
ub-domain-defined-attribute-value-length INTEGER ::= 128
ub-domain-name-length INTEGER ::= 16
ub-extension-attributes INTEGER ::= 256
ub-e163-4-number-length INTEGER ::= 15
ub-e163-4-sub-address-length INTEGER ::= 40
ub-generation-qualifier-length INTEGER ::= 3
ub-given-name-length INTEGER ::= 16
ub-initials-length INTEGER ::= 5
ub-integer-options INTEGER ::= 256
ub-numeric-user-id-length INTEGER ::= 32
ub-organization-name-length INTEGER ::= 64
ub-organizational-unit-name-length INTEGER ::= 32
ub-organizational-units INTEGER ::= 4
ub-pds-name-length INTEGER ::= 16
ub-pds-parameter-length INTEGER ::= 30
ub-pds-physical-address-lines INTEGER ::= 6
ub-postal-code-length INTEGER ::= 16
ub-surname-length INTEGER ::= 40
ub-terminal-id-length INTEGER ::= 24
ub-unformatted-address-length INTEGER ::= 180
ub-x121-address-length INTEGER ::= 16
END
B.2 Implicitly Tagged Module, 1993 Syntax
PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)}
DEFINITIONS IMPLICIT TAGS::=
BEGIN
IMPORTS
id-pe, id-qt, id-kp, id-ad, id-qt-unotice,
ORAddress, Name, RelativeDistinguishedName,
CertificateSerialNumber, CertificateList,
AlgorithmIdentifier, ub-name, DirectoryString,
Attribute, EXTENSION
FROM PKIX1Explicit93 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-explicit-93(3)};
authorityKeyIdentifier EXTENSION ::= {
SYNTAX AuthorityKeyIdentifier
IDENTIFIED BY id-ce-authorityKeyIdentifier }
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
( WITH COMPONENTS {..., authorityCertIssuer PRESENT,
authorityCertSerialNumber PRESENT} |
WITH COMPONENTS {..., authorityCertIssuer ABSENT,
authorityCertSerialNumber ABSENT} )
KeyIdentifier ::= OCTET STRING
subjectKeyIdentifier EXTENSION ::= {
SYNTAX SubjectKeyIdentifier
IDENTIFIED BY id-ce-subjectKeyIdentifier }
SubjectKeyIdentifier ::= KeyIdentifier
keyUsage EXTENSION ::= {
SYNTAX KeyUsage
IDENTIFIED BY id-ce-keyUsage }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
extendedKeyUsage EXTENSION ::= {
SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId
IDENTIFIED BY id-ce-extKeyUsage }
KeyPurposeId ::= OBJECT IDENTIFIER
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
privateKeyUsagePeriod EXTENSION ::= {
SYNTAX PrivateKeyUsagePeriod
IDENTIFIED BY { id-ce-privateKeyUsagePeriod } }
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL }
( WITH COMPONENTS {..., notBefore PRESENT} |
WITH COMPONENTS {..., notAfter PRESENT} )
certificatePolicies EXTENSION ::= {
SYNTAX CertificatePoliciesSyntax
IDENTIFIED BY id-ce-certificatePolicies }
CertificatePoliciesSyntax ::=
SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF
PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId CERT-POLICY-QUALIFIER.&id
({SupportedPolicyQualifiers}),
qualifier CERT-POLICY-QUALIFIER.&Qualifier
({SupportedPolicyQualifiers}
{@policyQualifierId})OPTIONAL }
SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { noticeToUser |
pointerToCPS }
CERT-POLICY-QUALIFIER ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Qualifier OPTIONAL }
WITH SYNTAX {
POLICY-QUALIFIER-ID &id
[QUALIFIER-TYPE &Qualifier] }
anyPolicy OBJECT IDENTIFIER ::= {id-ce-certificate-policies 0}
policyMappings EXTENSION ::= {
SYNTAX PolicyMappingsSyntax
IDENTIFIED BY id-ce-policyMappings }
PolicyMappingsSyntax ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId }
subjectAltName EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-subjectAltName }
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] INSTANCE OF OTHER-NAME,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
OTHER-NAME ::= TYPE-IDENTIFIER
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
partyName [1] DirectoryString {ub-name} }
issuerAltName EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-issuerAltName }
subjectDirectoryAttributes EXTENSION ::= {
SYNTAX AttributesSyntax
IDENTIFIED BY id-ce-subjectDirectoryAttributes }
AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute
basicConstraints EXTENSION ::= {
SYNTAX BasicConstraintsSyntax
IDENTIFIED BY id-ce-basicConstraints }
BasicConstraintsSyntax ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
nameConstraints EXTENSION ::= {
SYNTAX NameConstraintsSyntax
IDENTIFIED BY id-ce-nameConstraints }
NameConstraintsSyntax ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL }
BaseDistance ::= INTEGER (0..MAX)
policyConstraints EXTENSION ::= {
SYNTAX PolicyConstraintsSyntax
IDENTIFIED BY id-ce-policyConstraints }
PolicyConstraintsSyntax ::= SEQUENCE {
requireExplicitPolicy [0] SkipCerts OPTIONAL,
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
SkipCerts ::= INTEGER (0..MAX)
inhibitAnyPolicy EXTENSION ::= {
SYNTAX SkipCerts
IDENTIFIED BY id-ce-inhibitAnyPolicy}
cRLNumber EXTENSION ::= {
SYNTAX CRLNumber
IDENTIFIED BY id-ce-cRLNumber }
CRLNumber ::= INTEGER (0..MAX)
reasonCode EXTENSION ::= {
SYNTAX CRLReason
IDENTIFIED BY id-ce-reasonCode }
CRLReason ::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8) }
instructionCode EXTENSION ::= {
SYNTAX HoldInstruction
IDENTIFIED BY id-ce-instructionCode }
HoldInstruction ::= OBJECT IDENTIFIER
holdInstruction OBJECT IDENTIFIER ::= {
joint-iso-ccitt(2) member-body(2) us(840) x9cm(10040) 2}
id-holdinstruction-none OBJECT IDENTIFIER ::= {holdInstruction 1}
id-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2}
id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3}
invalidityDate EXTENSION ::= {
SYNTAX GeneralizedTime
IDENTIFIED BY id-ce-invalidityDate }
cRLDistributionPoints EXTENSION ::= {
SYNTAX CRLDistPointsSyntax
IDENTIFIED BY id-ce-cRLDistributionPoints }
CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL }
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
caCompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6) }
issuingDistributionPoint EXTENSION ::= {
SYNTAX IssuingDistPointSyntax
IDENTIFIED BY id-ce-issuingDistributionPoint }
IssuingDistPointSyntax ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE }
certificateIssuer EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-certificateIssuer }
deltaCRLIndicator EXTENSION ::= {
SYNTAX BaseCRLNumber
IDENTIFIED BY id-ce-deltaCRLIndicator }
BaseCRLNumber ::= CRLNumber
freshestCRL EXTENSION ::= {
SYNTAX CRLDistPointsSyntax
IDENTIFIED BY id-ce-freshestCRL }
id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9}
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14}
id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15}
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16}
id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17}
id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18}
id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19}
id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20}
id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21}
id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23}
id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24}
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27}
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28}
id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29}
id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30}
id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32}
id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33}
id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36}
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35}
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
id-ce-freshestCRL OBJECT IDENTIFIER ::= {id-ce 46}
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54}
authorityInfoAccess EXTENSION ::= {
SYNTAX AuthorityInfoAccessSyntax
IDENTIFIED BY id-pe-authorityInfoAccess }
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
noticeToUser CERT-POLICY-QUALIFIER ::= {
POLICY-QUALIFIER-ID id-qt-cps QUALIFIER-TYPE CPSuri}
pointerToCPS CERT-POLICY-QUALIFIER ::= {
POLICY-QUALIFIER-ID id-qt-unotice QUALIFIER-TYPE UserNotice}
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
CPSuri ::= IA5String
UserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
END
Appendix C. ASN.1 Notes
CAs MUST force the serialNumber to be a positive integer, that is, CAs MUST force the serialNumber to be a positive integer, that is,
the sign bit in the DER encoding of the INTEGER value MUST be zero - the sign bit in the DER encoding of the INTEGER value MUST be zero -
this can be done by adding a leading (leftmost) `00'H octet if neces- this can be done by adding a leading (leftmost) `00'H octet if neces-
sary. This removes a potential ambiguity in mapping between a string sary. This removes a potential ambiguity in mapping between a string
of octets and an integer value. of octets and an integer value.
Given the uniqueness requirements above serial numbers can be Given the uniqueness requirements above serial numbers can be
expected to contain long integers. Certificate users MUST be able to expected to contain long integers. Certificate users MUST be able to
handle serialNumber values longer than 32 bits. Conformant CAs MUST handle serialNumber values longer than 32 bits. Conformant CAs MUST
skipping to change at page 134, line 11 skipping to change at page 102, line 25
This specification mandates support for OIDs which have arc elements This specification mandates support for OIDs which have arc elements
with values that are less than 2^28, i.e. they MUST be between 0 and with values that are less than 2^28, i.e. they MUST be between 0 and
268,435,455 inclusive. This allows each arc element to be represented 268,435,455 inclusive. This allows each arc element to be represented
within a single 32 bit word. Implementations MUST also support OIDs within a single 32 bit word. Implementations MUST also support OIDs
where the length of the dotted decimal (see [LDAP], section 4.1.2) where the length of the dotted decimal (see [LDAP], section 4.1.2)
string representation can be up to 100 bytes (inclusive). Implementa- string representation can be up to 100 bytes (inclusive). Implementa-
tions MUST be able to handle OIDs with up to 20 elements (inclusive). tions MUST be able to handle OIDs with up to 20 elements (inclusive).
CAs SHOULD NOT issue certificates which contain OIDs that breach CAs SHOULD NOT issue certificates which contain OIDs that breach
these requirements. these requirements.
Appendix D. Examples Appendix C. Examples
This section contains four examples: three certificates and a CRL. This section contains four examples: three certificates and a CRL.
The first two certificates and the CRL comprise a minimal certifica- The first two certificates and the CRL comprise a minimal certifica-
tion path. tion path.
Section D.1 contains an annotated hex dump of a "self-signed" certi- Section C.1 contains an annotated hex dump of a "self-signed" certi-
ficate issued by a CA whose distinguished name is ficate issued by a CA whose distinguished name is
cn=us,o=gov,ou=nist. The certificate contains a DSA public key with cn=us,o=gov,ou=nist. The certificate contains a DSA public key with
parameters, and is signed by the corresponding DSA private key. parameters, and is signed by the corresponding DSA private key.
Section D.2 contains an annotated hex dump of an end-entity certifi- Section C.2 contains an annotated hex dump of an end-entity certifi-
cate. The end entity certificate contains a DSA public key, and is cate. The end entity certificate contains a DSA public key, and is
signed by the private key corresponding to the "self-signed" certifi- signed by the private key corresponding to the "self-signed" certifi-
cate in section D.1. cate in section C.1.
Section D.3 contains a dump of an end entity certificate which con- Section C.3 contains a dump of an end entity certificate which con-
tains an RSA public key and is signed with RSA and MD5. This certi- tains an RSA public key and is signed with RSA and MD5. This certi-
ficate is not part of the minimal certification path. ficate is not part of the minimal certification path.
Section D.4 contains an annotated hex dump of a CRL. The CRL is Section C.4 contains an annotated hex dump of a CRL. The CRL is
issued by the CA whose distinguished name is cn=us,o=gov,ou=nist and issued by the CA whose distinguished name is cn=us,o=gov,ou=nist and
the list of revoked certificates includes the end entity certificate the list of revoked certificates includes the end entity certificate
presented in D.2. presented in C.2.
D.1 Certificate The certificates were processed using Peter Gutman's dumpasn1 utility
to generate the output. The source for the dumpasn1 utility is
available at <http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c>. The
binaries for the certificates and CRLs are available at
<http://csrc.nist.gov/pki/pkixtools>.
C.1 Certificate
This section contains an annotated hex dump of a 699 byte version 3 This section contains an annotated hex dump of a 699 byte version 3
certificate. The certificate contains the following information: certificate. The certificate contains the following information:
(a) the serial number is 17 (11 hex); (a) the serial number is 23 (17 hex);
(b) the certificate is signed with DSA and the SHA-1 hash algorithm; (b) the certificate is signed with DSA and the SHA-1 hash algorithm;
(c) the issuer's distinguished name is OU=nist; O=gov; C=US (c) the issuer's distinguished name is OU=NIST; O=gov; C=US
(d) and the subject's distinguished name is OU=nist; O=gov; C=US (d) and the subject's distinguished name is OU=NIST; O=gov; C=US
(e) the certificate was issued on June 30, 1997 and will expire on (e) the certificate was issued on June 30, 1997 and will expire on
December 31, 1997; December 31, 1997;
(f) the certificate contains a 1024 bit DSA public key with parame- (f) the certificate contains a 1024 bit DSA public key with parame-
ters; ters;
(g) the certificate contains a subject key identifier extension; and (g) the certificate contains a subject key identifier extension; and
(h) the certificate is a CA certificate (as indicated through the (h) the certificate is a CA certificate (as indicated through the
basic constraints extension.) basic constraints extension.)
0000 30 82 02 b7 695: SEQUENCE 0 30 701: SEQUENCE {
0004 30 82 02 77 631: . SEQUENCE tbscertificate 4 30 637: SEQUENCE {
0008 a0 03 3: . . [0] 8 A0 3: [0] {
0010 02 01 1: . . . INTEGER 2 10 02 1: INTEGER 2
: 02 : }
0013 02 01 1: . . INTEGER 17 13 02 1: INTEGER 23
: 11 16 30 9: SEQUENCE {
0016 30 09 9: . . SEQUENCE 18 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
0018 06 07 7: . . . OID 1.2.840.10040.4.3: dsa-with-sha : }
: 2a 86 48 ce 38 04 03 27 30 42: SEQUENCE {
0027 30 2a 42: . . SEQUENCE 29 31 11: SET {
0029 31 0b 11: . . . SET 31 30 9: SEQUENCE {
0031 30 09 9: . . . . SEQUENCE 33 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
0033 06 03 3: . . . . . OID 2.5.4.6: C 38 13 2: PrintableString 'US'
: 55 04 06 : }
0038 13 02 2: . . . . . PrintableString 'US' : }
: 55 53 42 31 12: SET {
0042 31 0c 12: . . . SET 44 30 10: SEQUENCE {
0044 30 0a 10: . . . . SEQUENCE 46 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
0046 06 03 3: . . . . . OID 2.5.4.10: O 51 13 3: PrintableString 'gov'
: 55 04 0a : }
0051 13 03 3: . . . . . PrintableString 'gov' : }
: 67 6f 76 56 31 13: SET {
0056 31 0d 13: . . . SET 58 30 11: SEQUENCE {
0058 30 0b 11: . . . . SEQUENCE 60 06 3: OBJECT IDENTIFIER
0060 06 03 3: . . . . . OID 2.5.4.11: OU organizationalUnitName (2 5 4 11)
: 55 04 0b 65 13 4: PrintableString 'NIST'
0065 13 04 4: . . . . . PrintableString 'nist' : }
: 6e 69 73 74 : }
0071 30 1e 30: . . SEQUENCE : }
0073 17 0d 13: . . . UTCTime '970630000000Z' 71 30 30: SEQUENCE {
: 39 37 30 36 33 30 30 30 30 30 30 30 5a 73 17 13: UTCTime '970630000000Z'
0088 17 0d 13: . . . UTCTime '971231000000Z' 88 17 13: UTCTime '971231000000Z'
: 39 37 31 32 33 31 30 30 30 30 30 30 5a : }
0103 30 2a 42: . . SEQUENCE 103 30 42: SEQUENCE {
0105 31 0b 11: . . . SET 105 31 11: SET {
0107 30 09 9: . . . . SEQUENCE 107 30 9: SEQUENCE {
0109 06 03 3: . . . . . OID 2.5.4.6: C 109 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
: 55 04 06 114 13 2: PrintableString 'US'
0114 13 02 2: . . . . . PrintableString 'US' : }
: 55 53 : }
0118 31 0c 12: . . . SET 118 31 12: SET {
0120 30 0a 10: . . . . SEQUENCE 120 30 10: SEQUENCE {
0122 06 03 3: . . . . . OID 2.5.4.10: O 122 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
: 55 04 0a 127 13 3: PrintableString 'gov'
0127 13 03 3: . . . . . PrintableString 'gov' : }
: 67 6f 76 : }
0132 31 0d 13: . . . SET 132 31 13: SET {
0134 30 0b 11: . . . . SEQUENCE 134 30 11: SEQUENCE {
0136 06 03 3: . . . . . OID 2.5.4.11: OU 136 06 3: OBJECT IDENTIFIER
: 55 04 0b organizationalUnitName (2 5 4 11)
0141 13 04 4: . . . . . PrintableString 'nist' 141 13 4: PrintableString 'NIST'
: 6e 69 73 74 : }
0147 30 82 01 b4 436: . . SEQUENCE : }
0151 30 82 01 29 297: . . . SEQUENCE : }
0155 06 07 7: . . . . OID 1.2.840.10040.4.1: dsa 147 30 440: SEQUENCE {
: 2a 86 48 ce 38 04 01 151 30 300: SEQUENCE {
0164 30 82 01 1c 284: . . . . SEQUENCE 155 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
0168 02 81 80 128: . . . . . INTEGER 164 30 287: SEQUENCE {
: d4 38 02 c5 35 7b d5 0b a1 7e 5d 72 59 63 55 d3 168 02 129: INTEGER
: 45 56 ea e2 25 1a 6b c5 a4 ab aa 0b d4 62 b4 d2 : 00 B6 8B 0F 94 2B 9A CE A5 25 C6 F2 ED FC FB 95
: 21 b1 95 a2 c6 01 c9 c3 fa 01 6f 79 86 83 3d 03 : 32 AC 01 12 33 B9 E0 1C AD 90 9B BC 48 54 9E F3
: 61 e1 f1 92 ac bc 03 4e 89 a3 c9 53 4a f7 e2 a6 : 94 77 3C 2C 71 35 55 E6 FE 4F 22 CB D5 D8 3E 89
: 48 cf 42 1e 21 b1 5c 2b 3a 7f ba be 6b 5a f7 0a : 93 33 4D FC BD 4F 41 64 3E A2 98 70 EC 31 B4 50
: 26 d8 8e 1b eb ec bf 1e 5a 3f 45 c0 bd 31 23 be : DE EB F1 98 28 0A C9 3E 44 B3 FD 22 97 96 83 D0
: 69 71 a7 c2 90 fe a5 d6 80 b5 24 dc 44 9c eb 4d : 18 A3 E3 BD 35 5B FF EE A3 21 72 6A 7B 96 DA B9
: f9 da f0 c8 e8 a2 4c 99 07 5c 8e 35 2b 7d 57 8d : 3F 1E 5A 90 AF 24 D6 20 F0 0D 21 A7 D4 02 B9 1A
0299 02 14 20: . . . . . INTEGER : FC AC 21 FB 9E 94 9E 4B 42 45 9E 6A B2 48 63 FE
: a7 83 9b f3 bd 2c 20 07 fc 4c e7 e8 9f f3 39 83 : 43
: 51 0d dc dd 300 02 21: INTEGER
0321 02 81 80 128: . . . . . INTEGER : 00 B2 0D B0 B1 01 DF 0C 66 24 FC 13 92 BA 55 F7
: 0e 3b 46 31 8a 0a 58 86 40 84 e3 a1 22 0d 88 ca : 7D 57 74 81 E5
: 90 88 57 64 9f 01 21 e0 15 05 94 24 82 e2 10 90 323 02 129: INTEGER
: d9 e1 4e 10 5c e7 54 6b d4 0c 2b 1b 59 0a a0 b5 : 00 9A BF 46 B1 F5 3F 44 3D C9 A5 65 FB 91 C0 8E
: a1 7d b5 07 e3 65 7c ea 90 d8 8e 30 42 e4 85 bb : 47 F1 0A C3 01 47 C2 44 42 36 A9 92 81 DE 57 C5
: ac fa 4e 76 4b 78 0e df 6c e5 a6 e1 bd 59 77 7d : E0 68 86 58 00 7B 1F F9 9B 77 A1 C5 10 A5 80 91
: a6 97 59 c5 29 a7 b3 3f 95 3e 9d f1 59 2d f7 42 : 78 51 51 3C F6 FC FC CC 46 C6 81 78 92 84 3D F4
: 87 62 3f f1 b8 6f c7 3d 4b b8 8d 74 c4 ca 44 90 : 93 3D 0C 38 7E 1A 5B 99 4E AB 14 64 F6 0C 21 22
: cf 67 db de 14 60 97 4a d1 f7 6d 9e 09 94 c4 0d : 4E 28 08 9C 92 B9 66 9F 40 E8 95 F6 D5 31 2A EF
0452 03 81 84 132: . . . BIT STRING (0 unused bits) : 39 A2 62 C7 B2 6D 9E 58 C4 3A A8 11 81 84 6D AF
: 02 81 80 aa 98 ea 13 94 a2 db f1 5b 7f 98 2f 78 : F8 B4 19 B4 C2 11 AE D0 22 3B AA 20 7F EE 1E 57
: e7 d8 e3 b9 71 86 f6 80 2f 40 39 c3 da 3b 4b 13 : 18
: 46 26 ee 0d 56 c5 a3 3a 39 b7 7d 33 c2 6b 5c 77 : }
: 92 f2 55 65 90 39 cd 1a 3c 86 e1 32 eb 25 bc 91 : }
: c4 ff 80 4f 36 61 bd cc e2 61 04 e0 7e 60 13 ca 455 03 133: BIT STRING 0 unused bits
: c0 9c dd e0 ea 41 de 33 c1 f1 44 a9 bc 71 de cf : 02 81 81 00 B5 9E 1F 49 04 47 D1 DB F5 3A DD CA
: 59 d4 6e da 44 99 3c 21 64 e4 78 54 9d d0 7b ba : 04 75 E8 DD 75 F6 9B 8A B1 97 D6 59 69 82 D3 03
: 4e f5 18 4d 5e 39 30 bf e0 d1 f6 f4 83 25 4f 14 : 4D FD 3B 36 5F 4A F2 D1 4E C1 07 F5 D1 2A D3 78
: aa 71 e1 : 77 63 56 EA 96 61 4D 42 0B 7A 1D FB AB 91 A4 CE
0587 a3 32 50: . . [3] : DE EF 77 C8 E5 EF 20 AE A6 28 48 AF BE 69 C3 6A
0589 30 30 48: . . . SEQUENCE : A5 30 F2 C2 B9 D9 82 2B 7D D9 C4 84 1F DE 0D E8
0591 30 0f 9: . . . . SEQUENCE : 54 D7 1B 99 2E B3 D0 88 F6 D6 63 9B A7 E2 0E 82
0593 06 03 3: . . . . . OID 2.5.29.19: basicConstraints : D4 3B 8A 68 1B 06 56 31 59 0B 49 EB 99 A5 D5 81
: 55 1d 13 : 41 7B C9 55
0598 01 01 1: . . . . . TRUE : }
: ff 591 A3 52: [3] {
593 30 50: SEQUENCE {
0601 04 05 5: . . . . . OCTET STRING 595 30 31: SEQUENCE {
: 30 03 01 01 ff 597 06 3: OBJECT IDENTIFIER
0608 30 1d 29: . SEQUENCE subjectKeyIdentifier (2 5 29 14)
0610 06 03 3: . . . . . OID 2.5.29.14: subjectKeyIdentifier 602 04 24: OCTET STRING
: 55 1d 0e : 04 16 04 14 E7 26 C5 54 CD 5B A3 6F 35 68 95 AA
0615 04 16 22: . . . . . OCTET STRING : D5 FF 1C 21 E4 22 75 D6
: 04 14 e7 26 c5 54 cd 5b a3 6f 35 68 95 aa d5 ff : }
: 1c 21 e4 22 75 d6 628 30 15: SEQUENCE {
0639 30 09 9: . SEQUENCE 630 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
0641 06 07 7: . . OID 1.2.840.10040.4.3: dsa-with-sha 635 01 1: BOOLEAN TRUE
: 2a 86 48 ce 38 04 03 638 04 5: OCTET STRING
0650 03 2f 47: . BIT STRING (0 unused bits) : 30 03 01 01 FF
: 30 2c 02 14 a0 66 c1 76 33 99 13 51 8d 93 64 2f : }
: ca 13 73 de 79 1a 7d 33 02 14 5d 90 f6 ce 92 4a : }
: bf 29 11 24 80 28 a6 5a 8e 73 b6 76 02 68 : }
: }
645 30 9: SEQUENCE {
647 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: }
656 03 47: BIT STRING 0 unused bits
: 30 2C 02 14 6A F9 3F 72 30 7F 45 DC E5 50 C1 5E
: 94 A0 6D C7 92 4C E5 E1 02 14 6F 61 B8 65 F7 AA
: DF 46 1B F7 39 0D 0D 88 9E FE B6 83 F7 1A
: }
D.2 Certificate C.2 Certificate
This section contains an annotated hex dump of a 730 byte version 3 This section contains an annotated hex dump of a 730 byte version 3
certificate. The certificate contains the following information: certificate. The certificate contains the following information:
(a) the serial number is 18 (12 hex); (a) the serial number is 18 (12 hex);
(b) the certificate is signed with DSA and the SHA-1 hash algorithm; (b) the certificate is signed with DSA and the SHA-1 hash algorithm;
(c) the issuer's distinguished name is OU=nist; O=gov; C=US (c) the issuer's distinguished name is OU=nist; O=gov; C=US
(d) and the subject's distinguished name is CN=Tim Polk; OU=nist; (d) and the subject's distinguished name is CN=Tim Polk; OU=nist;
O=gov; C=US O=gov; C=US
(e) the certificate was valid from July 30, 1997 through December 1, (e) the certificate was valid from July 30, 1997 through December 1,
1997; 1997;
(f) the certificate contains a 1024 bit DSA public key; (f) the certificate contains a 1024 bit DSA public key;
(g) the certificate is an end entity certificate, as the basic con- (g) the certificate is an end entity certificate, as the basic con-
straints extension is not present; straints extension is not present;
(h) the certificate contains an authority key identifier extension; (h) the certificate contains an authority key identifier extension;
and and
(i) the certificate includes one alternative name - an RFC 822 (i) the certificate includes one alternative name - an RFC 822
address. address.
0000 30 82 02 d6 726: SEQUENCE 0 30 734: SEQUENCE {
0004 30 82 02 96 662: . SEQUENCE 4 30 669: SEQUENCE {
0008 a0 03 3: . . [0] 8 A0 3: [0] {
0010 02 01 1: . . . INTEGER 2 10 02 1: INTEGER 2
: 02 : }
0013 02 01 1: . . INTEGER 18 13 02 1: INTEGER 18
: 12 16 30 9: SEQUENCE {
0016 30 09 9: . . SEQUENCE 18 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
0018 06 07 7: . . . OID 1.2.840.10040.4.3: dsa-with-sha : }
: 2a 86 48 ce 38 04 03 27 30 42: SEQUENCE {
0027 30 2a 42: . . SEQUENCE 29 31 11: SET {
0029 31 0b 11: . . . SET 31 30 9: SEQUENCE {
0031 30 09 9: . . . . SEQUENCE 33 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
0033 06 03 3: . . . . . OID 2.5.4.6: C 38 13 2: PrintableString 'US'
: 55 04 06 : }
0038 13 02 2: . . . . . PrintableString 'US' : }
: 55 53 42 31 12: SET {
0042 31 0c 12: . . . SET 44 30 10: SEQUENCE {
0044 30 0a 10: . . . . SEQUENCE 46 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
0046 06 03 3: . . . . . OID 2.5.4.10: O 51 13 3: PrintableString 'gov'
: 55 04 0a : }
0051 13 03 3: . . . . . PrintableString 'gov' : }
: 67 6f 76 56 31 13: SET {
0056 31 0d 13: . . . SET 58 30 11: SEQUENCE {
0058 30 0b 11: . . . . SEQUENCE 60 06 3: OBJECT IDENTIFIER
0060 06 03 3: . . . . . OID 2.5.4.11: OU organizationalUnitName (2 5 4 11)
: 55 04 0b 65 13 4: PrintableString 'NIST'
0065 13 04 4: . . . . . PrintableString 'nist' : }
: 6e 69 73 74 : }
0071 30 1e 30: . . SEQUENCE : }
0073 17 0d 13: . . . UTCTime '970730000000Z' 71 30 30: SEQUENCE {
: 39 37 30 37 33 30 30 30 30 30 30 30 5a 73 17 13: UTCTime '970730000000Z'
0088 17 0d 13: . . . UTCTime '971201000000Z' 88 17 13: UTCTime '971201000000Z'
: 39 37 31 32 30 31 30 30 30 30 30 30 5a : }
0103 30 3d 61: . . SEQUENCE 103 30 61: SEQUENCE {
0105 31 0b 11: . . . SET 105 31 11: SET {
0107 30 09 9: . . . . SEQUENCE 107 30 9: SEQUENCE {
0109 06 03 3: . . . . . OID 2.5.4.6: C 109 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
: 55 04 06 114 13 2: PrintableString 'US'
0114 13 02 2: . . . . . PrintableString 'US' : }
: 55 53 : }
0118 31 0c 12: . . . SET 118 31 12: SET {
0120 30 0a 10: . . . . SEQUENCE 120 30 10: SEQUENCE {
0122 06 03 3: . . . . . OID 2.5.4.10: O 122 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
: 55 04 0a 127 13 3: PrintableString 'gov'
0127 13 03 3: . . . . . PrintableString 'gov' : }
: 67 6f 76 : }
0132 31 0d 13: . . . SET 132 31 13: SET {
0134 30 0b 11: . . . . SEQUENCE 134 30 11: SEQUENCE {
0136 06 03 3: . . . . . OID 2.5.4.11: OU 136 06 3: OBJECT IDENTIFIER
: 55 04 0b organizationalUnitName (2 5 4 11)
0141 13 04 4: . . . . . PrintableString 'nist' 141 13 4: PrintableString 'NIST'
: 6e 69 73 74 : }
0147 31 11 17: . . . SET : }
0149 30 0f 15: . . . . SEQUENCE 147 31 17: SET {
0151 06 03 3: . . . . . OID 2.5.4.3: CN 149 30 15: SEQUENCE {
: 55 04 03 151 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
0156 13 08 8: . . . . . PrintableString 'Tim Polk' 156 13 8: PrintableString 'Tim Polk'
: 54 69 6d 20 50 6f 6c 6b : }
0166 30 82 01 b4 436: . . SEQUENCE : }
0170 30 82 01 29 297: . . . SEQUENCE : }
0174 06 07 7: . . . . OID 1.2.840.10040.4.1: dsa 166 30 439: SEQUENCE {
: 2a 86 48 ce 38 04 01 170 30 300: SEQUENCE {
0183 30 82 01 1c 284: . . . . SEQUENCE 174 06 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
0187 02 81 80 128: . . . . . INTEGER 183 30 287: SEQUENCE {
: d4 38 02 c5 35 7b d5 0b a1 7e 5d 72 59 63 55 d3 187 02 129: INTEGER
: 45 56 ea e2 25 1a 6b c5 a4 ab aa 0b d4 62 b4 d2 : 00 B6 8B 0F 94 2B 9A CE A5 25 C6 F2 ED FC FB 95
: 21 b1 95 a2 c6 01 c9 c3 fa 01 6f 79 86 83 3d 03 : 32 AC 01 12 33 B9 E0 1C AD 90 9B BC 48 54 9E F3
: 61 e1 f1 92 ac bc 03 4e 89 a3 c9 53 4a f7 e2 a6 : 94 77 3C 2C 71 35 55 E6 FE 4F 22 CB D5 D8 3E 89
: 48 cf 42 1e 21 b1 5c 2b 3a 7f ba be 6b 5a f7 0a : 93 33 4D FC BD 4F 41 64 3E A2 98 70 EC 31 B4 50
: 26 d8 8e 1b eb ec bf 1e 5a 3f 45 c0 bd 31 23 be : DE EB F1 98 28 0A C9 3E 44 B3 FD 22 97 96 83 D0
: 69 71 a7 c2 90 fe a5 d6 80 b5 24 dc 44 9c eb 4d : 18 A3 E3 BD 35 5B FF EE A3 21 72 6A 7B 96 DA B9
: f9 da f0 c8 e8 a2 4c 99 07 5c 8e 35 2b 7d 57 8d : 3F 1E 5A 90 AF 24 D6 20 F0 0D 21 A7 D4 02 B9 1A
0318 02 14 20: . . . . . INTEGER : FC AC 21 FB 9E 94 9E 4B 42 45 9E 6A B2 48 63 FE
: a7 83 9b f3 bd 2c 20 07 fc 4c e7 e8 9f f3 39 83 : 43
: 51 0d dc dd 319 02 21: INTEGER
0340 02 81 80 128: . . . . . INTEGER : 00 B2 0D B0 B1 01 DF 0C 66 24 FC 13 92 BA 55 F7
: 0e 3b 46 31 8a 0a 58 86 40 84 e3 a1 22 0d 88 ca : 7D 57 74 81 E5
: 90 88 57 64 9f 01 21 e0 15 05 94 24 82 e2 10 90 342 02 129: INTEGER
: d9 e1 4e 10 5c e7 54 6b d4 0c 2b 1b 59 0a a0 b5 : 00 9A BF 46 B1 F5 3F 44 3D C9 A5 65 FB 91 C0 8E
: a1 7d b5 07 e3 65 7c ea 90 d8 8e 30 42 e4 85 bb : 47 F1 0A C3 01 47 C2 44 42 36 A9 92 81 DE 57 C5
: ac fa 4e 76 4b 78 0e df 6c e5 a6 e1 bd 59 77 7d : E0 68 86 58 00 7B 1F F9 9B 77 A1 C5 10 A5 80 91
: a6 97 59 c5 29 a7 b3 3f 95 3e 9d f1 59 2d f7 42 : 78 51 51 3C F6 FC FC CC 46 C6 81 78 92 84 3D F4
: 87 62 3f f1 b8 6f c7 3d 4b b8 8d 74 c4 ca 44 90 : 93 3D 0C 38 7E 1A 5B 99 4E AB 14 64 F6 0C 21 22
: cf 67 db de 14 60 97 4a d1 f7 6d 9e 09 94 c4 0d : 4E 28 08 9C 92 B9 66 9F 40 E8 95 F6 D5 31 2A EF
0471 03 81 84 132: . . . BIT STRING (0 unused bits) : 39 A2 62 C7 B2 6D 9E 58 C4 3A A8 11 81 84 6D AF
: 02 81 80 a8 63 b1 60 70 94 7e 0b 86 08 93 0c 0d : F8 B4 19 B4 C2 11 AE D0 22 3B AA 20 7F EE 1E 57
: 08 12 4a 58 a9 af 9a 09 38 54 3b 46 82 fb 85 0d : 18
: 18 8b 2a 77 f7 58 e8 f0 1d d2 18 df fe e7 e9 35 : }
: c8 a6 1a db 8d 3d 3d f8 73 14 a9 0b 39 c7 95 f6 : }
: 52 7d 2d 13 8c ae 03 29 3c 4e 8c b0 26 18 b6 d8 474 03 132: BIT STRING 0 unused bits
: 11 1f d4 12 0c 13 ce 3f f1 c7 05 4e df e1 fc 44 : 02 81 80 30 B6 75 F7 7C 20 31 AE 38 BB 7E 0D 2B
: fd 25 34 19 4a 81 0d dd 98 42 ac d3 b6 91 0c 7f : AB A0 9C 4B DF 20 D5 24 13 3C CD 98 E5 5F 6C B7
: 16 72 a3 a0 8a d7 01 7f fb 9c 93 e8 99 92 c8 42 : C1 BA 4A BA A9 95 80 53 F0 0D 72 DC 33 37 F4 01
: 47 c6 43 : 0B F5 04 1F 9D 2E 1F 62 D8 84 3A 9B 25 09 5A 2D
0606 a3 3e 62: . . [3] : C8 46 8E 2B D4 F5 0D 3B C7 2D C6 6C B9 98 C1 25
0608 30 3c 60: . . . SEQUENCE : 3A 44 4E 8E CA 95 61 35 7C CE 15 31 5C 23 13 1E
0610 30 19 25: . . . . SEQUENCE : A2 05 D1 7A 24 1C CB D3 72 09 90 FF 9B 9D 28 C0
0612 06 03 3: . . . . . OID 2.5.29.17: subjectAltName : A1 0A EC 46 9F 0D B8 D0 DC D0 18 A6 2B 5E F9 8F
: 55 1d 11 : B5 95 BE
0617 04 12 18: . . . . . OCTET STRING : }
: 30 10 81 0e 77 70 6f 6c 6b 40 6e 69 73 74 2e 67 609 A3 66: [3] {
: 6f 76 611 30 64: SEQUENCE {
0637 30 1f 31: . . . . SEQUENCE 613 30 25: SEQUENCE {
0639 06 03 3: . . . . . OID 2.5.29.35: subjectAltName 615 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: 55 1d 23 620 04 18: OCTET STRING
0644 04 18 24: . . . . . OCTET STRING : 30 10 81 0E 77 70 6F 6C 6B 40 6E 69 73 74 2E 67
: 30 16 80 14 e7 26 c5 54 cd 5b a3 6f 35 68 95 aa : 6F 76
: d5 ff 1c 21 e4 22 75 d6 : }
640 30 35: SEQUENCE {
0670 30 09 9: . SEQUENCE 642 06 3: OBJECT IDENTIFIER
0672 06 07 7: . . OID 1.2.840.10040.4.3: dsa-with-sha authorityKeyIdentifier (2 5 29 35)
: 2a 86 48 ce 38 04 03 647 04 28: OCTET STRING
0681 03 2f 47: . BIT STRING (0 unused bits) : 30 1A 80 18 04 16 04 14 E7 26 C5 54 CD 5B A3 6F
: 30 2c 02 14 3c 02 e0 ab d9 5d 05 77 75 15 71 58 : 35 68 95 AA D5 FF 1C 21 E4 22 75 D6
: 92 29 48 c4 1c 54 df fc 02 14 5b da 53 98 7f c5 : }
: 33 df c6 09 b2 7a e3 6f 97 70 1e 14 ed 94 : }
: }
: }
677 30 9: SEQUENCE {
679 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: }
688 03 48: BIT STRING 0 unused bits
: 30 2D 02 14 37 FC 44 BF 7F 8D 18 1F 40 04 2F CF
: EA CC 22 B2 16 01 FF 13 02 15 00 97 D0 24 96 0F
: 64 8A C3 8D 41 B2 0E B9 26 D5 31 D1 A0 F1 BC
: }
D.3 End-Entity Certificate Using RSA C.3 End-Entity Certificate Using RSA
This section contains an annotated hex dump of a 675 byte version 3 This section contains an annotated hex dump of a 675 byte version 3
certificate. The certificate contains the following information: certificate. The certificate contains the following information:
(a) the serial number is 256; (a) the serial number is 256;
(b) the certificate is signed with RSA and the MD2 hash algorithm; (b) the certificate is signed with RSA and the MD2 hash algorithm;
(c) the issuer's distinguished name is OU=Dept. Arquitectura de Com- (c) the issuer's distinguished name is OU=Dept. Arquitectura de Com-
putadors; O=Universitat Politecnica de Catalunya; C=ES putadors; O=Universitat Politecnica de Catalunya; C=ES
(d) and the subject's distinguished name is CN=Francisco Jordan; (d) and the subject's distinguished name is CN=Francisco Jordan;
OU=Dept. Arquitectura de Computadors; O=Universitat Politecnica de OU=Dept. Arquitectura de Computadors; O=Universitat Politecnica de
Catalunya; C=ES Catalunya; C=ES
skipping to change at page 140, line 36 skipping to change at page 109, line 30
(f) the certificate contains a 768 bit RSA public key; (f) the certificate contains a 768 bit RSA public key;
(g) the certificate is an end entity certificate (not a CA certifi- (g) the certificate is an end entity certificate (not a CA certifi-
cate); cate);
(h) the certificate includes an alternative subject name and an (h) the certificate includes an alternative subject name and an
alternative issuer name - bothe are URLs; alternative issuer name - bothe are URLs;
(i) the certificate include an authority key identifier and certifi- (i) the certificate include an authority key identifier and certifi-
cate policies extensions; and cate policies extensions; and
(j) the certificate includes a critical key usage extension specify- (j) the certificate includes a critical key usage extension specify-
ing the public is intended for generation of digital signatures. ing the public is intended for generation of digital signatures.
0000 30 80 : SEQUENCE (size undefined) 0 30 654: SEQUENCE {
0002 30 82 02 40 576: . SEQUENCE 4 30 503: SEQUENCE {
0006 a0 03 3: . . [0] 8 A0 3: [0] {
0008 02 01 1: . . . INTEGER 2 10 02 1: INTEGER 2
: 02 : }
0011 02 02 2: . . INTEGER 256 13 02 2: INTEGER 256
: 01 00 17 30 13: SEQUENCE {
0015 30 0d 13: . . SEQUENCE 19 06 9: OBJECT IDENTIFIER
0017 06 09 9: . . . OID 1.2.840.113549.1.1.2: : sha1withRSAEncryption (1 2 840 113549 1 1 5)
MD2WithRSAEncryption 30 05 0: NULL
: 2a 86 48 86 f7 0d 01 01 02 : }
0028 05 00 0: . . . NULL 32 30 42: SEQUENCE {
0030 30 68 88: . . SEQUENCE 34 31 11: SET {
0032 31 0b 11: . . . SET 36 30 9: SEQUENCE {
0034 30 09 9: . . . . SEQUENCE 38 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
0036 06 03 3: . . . . . OID 2.5.4.6: C 43 13 2: PrintableString 'US'
: 55 04 06 : }
: }
47 31 12: SET {
49 30 10: SEQUENCE {
51 06 3: OBJECT IDENTIFIER
organizationalUnitName (2 5 4 11)
0041 13 02 2: . . . . . PrintableString 'ES' 56 13 3: PrintableString 'gov'
: 45 53 : }
0045 31 2d 45: . . . SET : }
0047 30 2b 43: . . . . SEQUENCE 61 31 13: SET {
0049 06 03 3: . . . . . OID 2.5.4.10: O 63 30 11: SEQUENCE {
: 55 04 0a 65 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
0054 13 24 36: . . . . . PrintableString 70 13 4: PrintableString 'NIST'
'Universitat Politecnica de Catalunya' : }
: 55 6e 69 76 65 72 73 69 74 61 74 20 50 6f 6c 69 : }
: 74 65 63 6e 69 63 61 20 64 65 20 43 61 74 61 6c : }
: 75 6e 79 61 76 30 30: SEQUENCE {
0092 31 2a 42: . . . SET 78 17 13: UTCTime '960521095826Z'
0094 30 28 40: . . . . SEQUENCE 93 17 13: UTCTime '970521095826Z'
0096 06 03 3: . . . . . OID 2.5.4.11: OU : }
: 55 04 0b 108 30 61: SEQUENCE {
0101 13 21 33: . . . . . PrintableString 110 31 11: SET {
'OU=Dept. Arquitectura de Computadors' 112 30 9: SEQUENCE {
: 44 65 70 74 2e 20 41 72 71 75 69 74 65 63 74 75 114 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
: 72 61 20 64 65 20 43 6f 6d 70 75 74 61 64 6f 72 119 13 2: PrintableString 'US'
: 73 : }
0136 30 1e 30: . . SEQUENCE : }
0138 17 0d 13: . . . UTCTime '960521095826Z' 123 31 12: SET {
: 39 36 30 37 32 32 31 37 33 38 30 32 5a 125 30 10: SEQUENCE {
0153 17 0d 13: . . . UTCTime '979521095826Z' 127 06 3: OBJECT IDENTIFIER
: 39 37 30 37 32 32 31 37 33 38 30 32 5a organizationalUnitName (2 5 4 11)
0168 30 81 83 112: . . SEQUENCE 132 13 3: PrintableString 'gov'
0171 31 0b 11: . . . SET : }
0173 30 09 9: . . . . SEQUENCE : }
0175 06 03 3: . . . . . OID 2.5.4.6: C 137 31 13: SET {
: 55 04 06 139 30 11: SEQUENCE {
0180 13 02 2: . . . . . PrintableString 'ES' 141 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
: 45 53 146 13 4: PrintableString 'NIST'
0184 31 2d 12: . . . SET : }
0186 30 2b 16: . . . . SEQUENCE : }
0188 06 03 3: . . . . . OID 2.5.4.10: O 152 31 17: SET {
: 55 04 0a 154 30 15: SEQUENCE {
0193 13 24 36: . . . . . PrintableString 156 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
'Universitat Politecnica de Catalunya' 161 13 8: PrintableString 'Tim Polk'
: 55 6e 69 76 65 72 73 69 74 61 74 20 50 6f 6c 69 : }
: 74 65 63 6e 69 63 61 20 64 65 20 43 61 74 61 6c : }
: 75 6e 79 61 : }
0231 31 2a 42: . . . SET 171 30 159: SEQUENCE {
0233 30 28 40: . . . . SEQUENCE 174 30 13: SEQUENCE {
0235 06 03 3: . . . . . OID 2.5.4.11: OU 176 06 9: OBJECT IDENTIFIER
: 55 04 0b rsaEncryption (1 2 840 113549 1 1 1)
0240 13 21 33: . . . . . PrintableString 187 05 0: NULL
'Dept. Arquitectura de Computadors' : }
: 44 65 70 74 2e 20 41 72 71 75 69 74 65 63 74 75 189 03 141: BIT STRING 0 unused bits
: 72 61 20 64 65 20 43 6f 6d 70 75 74 61 64 6f 72 : 30 81 89 02 81 81 00 E1 CE 06 C9 D7 00 DF 65 27
: 73 : 45 1E 63 6A 09 A0 A0 10 4B AF DF 9D 36 1D 44 1F
0275 31 19 22: . . . SET : B7 07 5D 36 92 09 6A 1A 96 C7 4E D9 86 0D 0F 77
0277 30 17 20: . . . . SEQUENCE : 94 F5 82 62 68 9A F2 D7 76 F5 9A 35 C7 B3 7F 4F
0279 06 03 3: . . . . . OID 2.5.4.3: CN : BE 64 CF A3 0C B3 84 32 80 F5 CA 77 29 C9 76 0B
: 55 04 03 : 4C 38 19 EE 61 6F BA 68 E0 03 85 46 34 AB 84 64
0284 13 10 16: . . . . . PrintableString 'Francisco Jordan' : 7F 43 69 02 C0 20 86 BD B1 D4 AD 21 A9 1A 8F CF
: 46 72 61 6e 63 69 73 63 6f 20 4a 6f 72 64 61 6e : 96 83 86 92 57 5B 43 09 28 4C F2 5A 04 AD E5 DE
0302 30 7c 2: . . SEQUENCE : 9E 4F E8 38 3C F0 89 02 03 01 00 01
0304 30 0d 13: . . . SEQUENCE : }
0306 06 09 9: . . . . OID 1.2.840.113549.1.1.1: RSAEncryption 333 A3 175: [3] {
: 2a 86 48 86 f7 0d 01 01 01 336 30 172: SEQUENCE {
0317 05 00 0: . . . . NULL 339 30 63: SEQUENCE {
0319 03 6b 107: . . . BIT STRING 341 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: 00 (0 unused bits) 346 04 56: OCTET STRING
: 30 68 02 61 00 be aa 8b 77 54 a3 af ca 77 9f 2f : 30 36 86 34 68 74 74 70 3A 2F 2F 77 77 77 2E 69
: b0 cf 43 88 ff a6 6d 79 55 5b 61 8c 68 ec 48 1e : 74 6C 2E 6E 69 73 74 2E 67 6F 76 2F 64 69 76 38
: 8a 86 38 a4 fe 19 b8 62 17 1d 9d 0f 47 2c ff 63 : 39 33 2F 73 74 61 66 66 2F 70 6F 6C 6B 2F 69 6E
: 8f 29 91 04 d1 52 bc 7f 67 b6 b2 8f 74 55 c1 33 : 64 65 78 2E 68 74 6D 6C
: 21 6c 8f ab 01 95 24 c8 b2 73 93 9d 22 61 50 a9 : }
: 35 fb 9d 57 50 32 ef 56 52 50 93 ab b1 88 94 78 404 30 31: SEQUENCE {
: 56 15 c6 1c 8b 02 03 01 00 01 406 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
0428 a3 81 97 151: . . [3] 411 04 24: OCTET STRING
0431 30 3c 60: . . . SEQUENCE : 30 16 86 14 68 74 74 70 3A 2F 2F 77 77 77 2E 6E
0433 30 1f 31: . . . . SEQUENCE : 69 73 74 2E 67 6F 76 2F
0435 06 03 3: . . . . . OID 2.5.29.35: authorityKeyIdentifier : }
: 55 1d 23 437 30 31: SEQUENCE {
0440 04 14 22: . . . . . OCTET STRING 439 06 3: OBJECT IDENTIFIER
: 30 12 80 10 0e 6b 3a bf 04 ea 04 c3 0e 6b 3a bf authorityKeyIdentifier (2 5 29 35)
: 04 ea 04 c3 444 04 24: OCTET STRING
0464 30 19 25: . . . . SEQUENCE : 30 16 80 14 30 12 80 10 0E 6B 3A BF 04 EA 04 C3
0466 06 03 3: . . . . . OID 2.5.29.15: keyUsage : 0E 6B 3A BF 04 EA 04 C3
: 55 1d 0f : }
0471 01 01 1: . . . . . TRUE 470 30 23: SEQUENCE {
0474 04 04 4: . . . . . OCTET STRING 472 06 3: OBJECT IDENTIFIER
: 03 02 07 80 certificatePolicies (2 5 29 32)
0480 30 19 25: . . . . SEQUENCE 477 04 16: OCTET STRING
0482 06 03 3: . . . . . OID 2.5.29.32: certificatePolicies : 30 0E 30 0C 06 0A 60 86 48 01 65 03 02 01 30 09
: 55 1d 20 : }
0487 04 21 33: . . . . . OCTET STRING 495 30 14: SEQUENCE {
: 30 1f 30 1d 06 04 2a 84 80 00 30 15 30 07 06 05 497 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
: 2a 84 80 00 01 30 0a 06 05 2a 84 80 00 02 02 01 502 01 1: BOOLEAN TRUE
: 0a 505 04 4: OCTET STRING
0522 30 1c 28: . . . . SEQUENCE : 03 02 07 80
0524 06 03 3: . . . . . OID 2.5.29.17: subjectAltName : }
: 55 1d 11 : }
0529 04 15 21: . . . . . OCTET STRING : }
: 30 13 86 11 68 74 74 70 3a 2f 2f 61 63 2e 75 70 : }
: 63 2e 65 73 2f
0552 30 19 25: . . . . SEQUENCE
0554 06 03 3: . . . . . OID 2.5.29.18: issuerAltName
: 55 1d 12
0559 04 12 18: . . . . . OCTET STRING
: 30 14 86 12 68 74 74 70 3a 2f 2f 77 77 77 2e 75
: 70 63 2e 65
0579 30 80 : . SEQUENCE (indefinite length)
0581 06 07 7: . . OID
0583 05 00 0: . . NULL
0585 00 00 0: . . end of contents marker
0587 03 81 81 47: . BIT STRING
: 00 (0 unused bits)
: 5c 01 bd b5 41 88 87 7a 0e d3 0e 6b 3a bf 04 ea
: 04 cb 5f 61 72 3c a3 bd 78 f5 66 17 fe 37 3a ab
: eb 67 bf b7 da a8 38 f6 33 15 71 75 2f b9 8c 91
: a0 e4 87 ba 4b 43 a0 22 8f d3 a9 86 43 89 e6 50
: 5c 01 bd b5 41 88 87 7a 0e d3 0e 6b 3a bf 04 ea
: 04 cb 5f 61 72 3c a3 bd 78 f5 66 17 fe 37 3a ab
: eb 67 bf b7 da a8 38 f6 33 15 71 75 2f b9 8c 91
: a0 e4 87 ba 4b 43 a0 22 8f d3 a9 86 43 89 e6 50
0637 00 00 0: . . end of contents marker
D.4 Certificate Revocation List 511 30 13: SEQUENCE {
513 06 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
524 05 0: NULL
: }
526 03 129: BIT STRING 0 unused bits
: C1 25 6F AB 72 C0 5D DA E4 2F D5 E1 B0 25 D8 B4
: F1 82 95 D6 0D A5 4E 4F A1 23 E1 13 A4 9C 3D C5
: 7F FD 05 EC 75 06 30 66 97 75 A6 5D 8F 97 BA B4
: EC A9 43 19 8D B7 54 FD E9 AD 43 B8 3C 8B D3 9E
: C7 C7 27 E3 1A AD D3 79 AC 65 5A 52 78 C4 D0 43
: 81 50 F7 8A BA E2 30 1A 6D D0 78 A0 4E AE 2E 79
: 37 0C 93 05 5C D1 9C 1B B2 62 73 D1 EA 50 B7 84
: 29 92 74 34 CF BA AA 2C 4D 43 59 EF 98 0C 41 6C
: }
C.4 Certificate Revocation List
This section contains an annotated hex dump of a version 2 CRL with This section contains an annotated hex dump of a version 2 CRL with
one extension (cRLNumber). The CRL was issued by OU=nist;O=gov;C=us one extension (cRLNumber). The CRL was issued by OU=nist;O=gov;C=us
on July 7, 1996; the next scheduled issuance was August 7, 1996. The on July 7, 1996; the next scheduled issuance was August 7, 1996. The
CRL includes one revoked certificates: serial number 18 (12 hex). CRL includes one revoked certificates: serial number 18 (12 hex).
The CRL itself is number 18, and it was signed with DSA and SHA-1. The CRL itself is number 18, and it was signed with DSA and SHA-1.
0000 30 81 ba 186: SEQUENCE 0 30 203: SEQUENCE {
0003 30 7c 124: . SEQUENCE 3 30 140: SEQUENCE {
0005 02 01 1: . . INTEGER 1 6 02 1: INTEGER 1
: 01 9 30 9: SEQUENCE {
0008 30 09 9: . . SEQUENCE 11 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
0010 06 07 7: . . . OID 1.2.840.10040.4.3: dsa-with-sha : }
: 2a 86 48 ce 38 04 03 20 30 42: SEQUENCE {
0019 30 2a 42: . . SEQUENCE 22 31 11: SET {
0021 31 0b 11: . . . SET 24 30 9: SEQUENCE {
0023 30 09 9: . . . . SEQUENCE 26 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
0025 06 03 3: . . . . . OID 2.5.4.6: C 31 13 2: PrintableString 'US'
: 55 04 06 : }
0030 13 02 2: . . . . . PrintableString 'US' : }
: 55 53 35 31 12: SET {
0034 31 0c 12: . . . SET 37 30 10: SEQUENCE {
0036 30 0a 10: . . . . SEQUENCE 39 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
0038 06 03 3: . . . . . OID 2.5.4.10: O 44 13 3: PrintableString 'gov'
: 55 04 0a : }
0043 13 03 3: . . . . . PrintableString 'gov' : }
: 67 6f 76 49 31 13: SET {
0048 31 0d 13: . . . SET 51 30 11: SEQUENCE {
0050 30 0b 11: . . . . SEQUENCE 53 06 3: OBJECT IDENTIFIER
0052 06 03 3: . . . . . OID 2.5.4.11: OU organizationalUnitName (2 5 4 11)
: 55 04 0b 58 13 4: PrintableString 'NIST'
0057 13 04 4: . . . . . PrintableString 'nist' : }
: 6e 69 73 74 : }
0063 17 0d 13: . . UTCTime '970801000000Z' : }
: 39 37 30 38 30 31 30 30 30 30 30 30 5a 64 17 13: UTCTime '970807000000Z'
0078 17 0d 13: . . UTCTime '970808000000Z' 79 17 13: UTCTime '970907000000Z'
: 39 37 30 38 30 38 30 30 30 30 30 30 5a 94 30 34: SEQUENCE {
0093 30 22 34: . . SEQUENCE 96 30 32: SEQUENCE {
0095 30 20 32: . . . SEQUENCE 98 02 1: INTEGER 18
0097 02 01 1: . . . . INTEGER 18 101 17 13: UTCTime '970731000000Z'
: 12 116 30 12: SEQUENCE {
0100 17 0d 13: . . . . UTCTime '970731000000Z' 118 30 10: SEQUENCE {
: 39 37 30 37 33 31 30 30 30 30 30 30 5a 120 06 3: OBJECT IDENTIFIER cRLReason (2 5 29 21)
0115 30 0c 12: . . . . SEQUENCE 125 04 3: OCTET STRING
0117 30 0a 10: . . . . . SEQUENCE : 0A 01 01
0119 06 03 3: . . . . . . OID 2.5.29.21: reasonCode : }
: 55 1d 15 : }
0124 04 03 3: . . . . . . OCTET STRING : }
: 0a 01 01 : }
0129 30 09 9: . SEQUENCE 130 A0 14: [0] {
0131 06 07 7: . . OID 1.2.840.10040.4.3: dsa-with-sha 132 30 12: SEQUENCE {
: 2a 86 48 ce 38 04 03 134 30 10: SEQUENCE {
0140 03 2f 47: . BIT STRING (0 unused bits) 136 06 3: OBJECT IDENTIFIER cRLNumber (2 5 29 20)
: 30 2c 02 14 9e d8 6b c1 7d c2 c4 02 f5 17 84 f9 141 04 3: OCTET STRING
: 9f 46 7a ca cf b7 05 8a 02 14 9e 43 39 85 dc ea : 02 01 12
: 14 13 72 93 54 5d 44 44 e5 05 fe 73 9a b2 : }
: }
: }
: }
146 30 9: SEQUENCE {
148 06 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: }
157 03 47: BIT STRING 0 unused bits
: 30 2C 02 14 79 1F F6 93 0B 84 06 D6 A0 7C 8D 68
: A7 52 2E 5F 3F 89 9B 4B 02 14 66 D4 B5 2A 68 36
: 9B 72 88 58 E3 89 19 AD 81 89 2E 96 BB CC
: }
Appendix E. Author Addresses: Appendix D. Author Addresses:
Russell Housley Russell Housley
SPYRUS SPYRUS
381 Elden Street 381 Elden Street
Suite 1120 Suite 1120
Herndon, VA 20170 Herndon, VA 20170
USA USA
housley@spyrus.com housley@spyrus.com
Warwick Ford Warwick Ford
skipping to change at page 145, line 36 skipping to change at page 114, line 36
USA USA
wpolk@nist.gov wpolk@nist.gov
David Solo David Solo
Citicorp Citicorp
666 Fifth Ave, 3rd Floor 666 Fifth Ave, 3rd Floor
New York, NY 10103 New York, NY 10103
USA USA
david.solo@citicorp.com david.solo@citicorp.com
Appendix F. Full Copyright Statement Appendix E. Full Copyright Statement
Copyright (C) The Internet Society (date). All Rights Reserved. Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. In addition, the included on all such copies and derivative works. In addition, the
ASN.1 modules presented in Appendices A and B may be used in whole or ASN.1 modules presented in Appendices A and B may be used in whole or
 End of changes. 73 change blocks. 
2031 lines changed or deleted 620 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/