| < draft-nystrom-pkcs9-v2-00.txt | draft-nystrom-pkcs9-v2-01.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT M. Nystrom | INTERNET-DRAFT M. Nystrom | |||
| Expires: September 2000 B. Kaliski | Expires: January 2001 B. Kaliski | |||
| Intended Category: Informational RSA Laboratories | Intended Category: Informational RSA Security | |||
| March 2000 | July 2000 | |||
| Selected Object Classes and Attribute Types | PKCS #9: Selected Object Classes and Attribute Types | |||
| PKCS #9 v2.0 | Version 2.0 | |||
| <draft-nystrom-pkcs9-v2-00.txt> | <draft-nystrom-pkcs9-v2-01.txt> | |||
| Status of this Memo | Status of this memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026 except that the right to | all provisions of Section 10 of RFC2026, except that the right to | |||
| produce derivative works is not granted. This document represents a | produce derivative works is not granted. | |||
| republication of PKCS#9 v 2.0 from RSA Laboratories' Public-Key | ||||
| Cryptography Standards (PKCS) series, and change control is retained | ||||
| within the PKCS process. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| groups may also distribute working documents as Internet-Drafts. | groups may also distribute working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| Abstract | Abstract | |||
| This document provides a selection of object classes and attribute | This memo represents a republication of PKCS #9 v2.0 from RSA | |||
| types for use in conjunction with public-key cryptography and LDAP | Laboratories' Public-Key Cryptography Standards (PKCS) series, and | |||
| [LDAP} accessibe directories. It also includes ASN.1 syntax for all | change control is retained within the PKCS process. The remainder of | |||
| the text is taken from that specification. | ||||
| This memo provides a selection of object classes and attribute types | ||||
| for use in conjunction with public-key cryptography and LDAP [LDAP} | ||||
| accessibe directories. It also includes ASN.1 syntax for all | ||||
| constructs. | constructs. | |||
| Table of Contents | Table of Contents | |||
| 1 Introduction .................................................. 3 | 1. Introduction ................................................. 3 | |||
| 2 Definitions, notation and document convention ................. 3 | 2. Definitions, notation and document convention ................ 3 | |||
| 2.1 Definitions ................................................. 3 | 2.1 Definitions ................................................. 3 | |||
| 2.2 Notation and document convention ............................ 4 | 2.2 Notation and document convention ............................ 4 | |||
| 3 Overview ...................................................... 4 | 3. Overview ..................................................... 4 | |||
| 4 Auxiliary object classes ...................................... 5 | 4. Auxiliary object classes ..................................... 5 | |||
| 4.1 The "pkcsEntity" auxiliary object class ..................... 5 | 4.1 The "pkcsEntity" auxiliary object class ..................... 5 | |||
| 4.2 The "naturalPerson" auxiliary object class .................. 6 | 4.2 The "naturalPerson" auxiliary object class .................. 6 | |||
| 5 Selected attribute types ...................................... 6 | 5. Selected attribute types ..................................... 6 | |||
| 5.1 Attribute types for use with the "pkcsEntity" object class .. 6 | 5.1 Attribute types for use with the "pkcsEntity" object class .. 6 | |||
| 5.2 Attribute types for use with the "naturalPerson" object class 7 | 5.2 Attribute types for use with the "naturalPerson" object class 7 | |||
| 5.3 Attribute types for use in PKCS #7 data ..................... 12 | 5.3 Attribute types for use in PKCS #7 data ..................... 12 | |||
| 5.4 Attribute types for use in PKCS #10 certificate requests .... 16 | 5.4 Attribute types for use in PKCS #10 certificate requests .... 16 | |||
| 5.5 Attribute types for use in PKCS #12 "PFX" PDUs or PKCS #15 | 5.5 Attribute types for use in PKCS #12 "PFX" PDUs or PKCS #15 | |||
| tokens ...................................................... 17 | tokens ...................................................... 17 | |||
| 5.6 Attributes defined in S/MIMIE ............................... 18 | 5.6 Attributes defined in S/MIMIE ............................... 18 | |||
| 6 Matching rules ................................................ 19 | 6. Matching rules ............................................... 19 | |||
| 6.1 Case ignore match ........................................... 19 | 6.1 Case ignore match ........................................... 19 | |||
| 6.2 Signing time match .......................................... 19 | 6.2 Signing time match .......................................... 19 | |||
| 7 Security considerations ....................................... 20 | 7. Security considerations ...................................... 20 | |||
| 8 Author's addresses ............................................ 20 | 8. Authors' addresses ........................................... 20 | |||
| Appendices | Appendices | |||
| A ASN.1 Module .................................................. 21 | A. ASN.1 module ................................................. 21 | |||
| B BNF schema summary ............................................ 29 | B. BNF schema summary ........................................... 29 | |||
| B.1 Syntaxes .................................................... 29 | B.1 Syntaxes .................................................... 29 | |||
| B.2 Object classes .............................................. 30 | B.2 Object classes .............................................. 30 | |||
| B.3 Attribute types ............................................. 30 | B.3 Attribute types ............................................. 30 | |||
| B.4 Matching rules .............................................. 35 | B.4 Matching rules .............................................. 35 | |||
| C Intellectual property considerations .......................... 35 | C. Intellectual property considerations ......................... 35 | |||
| D Revision history .............................................. 35 | D. Revision history ............................................. 35 | |||
| E References .................................................... 36 | E. References ................................................... 36 | |||
| F About PKCS .................................................... 38 | F. Contact information & About PKCS ............................. 38 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines two new auxiliary object classes, pkcsEntity | This document defines two new auxiliary object classes, pkcsEntity | |||
| and naturalPerson, and selected attribute types for use with these | and naturalPerson, and selected attribute types for use with these | |||
| classes. It also defines some attribute types for use in conjunction | classes. It also defines some attribute types for use in conjunction | |||
| with PKCS #7 [14] (and S/MIME CMS [3]) digitally signed messages, | with PKCS #7 [14] (and S/MIME CMS [3]) digitally signed messages, | |||
| PKCS #10 [16] certificate-signing requests, PKCS #12 [17] personal | PKCS #10 [16] certificate-signing requests, PKCS #12 [17] personal | |||
| information exchanges and PKCS #15 [18] cryptographic tokens. | information exchanges and PKCS #15 [18] cryptographic tokens. | |||
| Matching rules for use with these attributes are also defined, | Matching rules for use with these attributes are also defined, | |||
| skipping to change at page 4, line 15 ¶ | skipping to change at page 4, line 15 ¶ | |||
| DER Distinguished Encoding Rules for ASN.1, as defined | DER Distinguished Encoding Rules for ASN.1, as defined | |||
| in [6]. | in [6]. | |||
| UCS Universal Multiple-Octet Coded Character Set, as | UCS Universal Multiple-Octet Coded Character Set, as | |||
| defined in [11]. | defined in [11]. | |||
| UTF8String UCS Transformation Format encoded string. The UTF-8 | UTF8String UCS Transformation Format encoded string. The UTF-8 | |||
| encoding is defined in [11]. | encoding is defined in [11]. | |||
| 2.2 Notation and document conventions | 2.2 Notation and document conventions | |||
| In this document, all ASN.1 types and values are written in bold | In this document, all attribute type and object class definitions are | |||
| Helvetica. Attribute type and object class definitions are written in | written in the ASN.1 value notation defined in [5]. Appendix B | |||
| the ASN.1 value notation defined in [5]. Appendix B contains most of | contains most of these definitions written in the augmented BNF | |||
| these definitions written in the augmented BNF notation defined in | notation defined in [2] as well. This has been done in an attempt to | |||
| [2] as well. This has been done in an attempt to simplify the task of | simplify the task of integrating this work into LDAP [22] development | |||
| integrating this work into LDAP [22] development environments. | environments. | |||
| The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [1]. | document are to be interpreted as described in [1]. | |||
| 3. Overview | 3. Overview | |||
| This document specifies two new auxiliary object classes, pkcsEntity | This document specifies two new auxiliary object classes, pkcsEntity | |||
| and naturalPerson, and some new attribute types and matching rules. | and naturalPerson, and some new attribute types and matching rules. | |||
| All ASN.1 object classes, attributes, matching rules and types are | All ASN.1 object classes, attributes, matching rules and types are | |||
| skipping to change at page 20, line 27 ¶ | skipping to change at page 20, line 27 ¶ | |||
| Users of directory-aware applications making use of attributes | Users of directory-aware applications making use of attributes | |||
| defined for use with the pkcsEntity object class should make sure | defined for use with the pkcsEntity object class should make sure | |||
| that the class's attributes are adequately protected, since they may | that the class's attributes are adequately protected, since they may | |||
| potentially be read by third parties. If a password-protected value | potentially be read by third parties. If a password-protected value | |||
| is stored (PKCS #8, #12 or #15), the directory should authenticate | is stored (PKCS #8, #12 or #15), the directory should authenticate | |||
| the requester before delivering the value to prevent an off-line | the requester before delivering the value to prevent an off-line | |||
| password-search attack. Note that this potentially raises non- | password-search attack. Note that this potentially raises non- | |||
| repudiation issues since the directory itself can try a password | repudiation issues since the directory itself can try a password | |||
| search to recover a private value, if stored this way. | search to recover a private value, if stored this way. | |||
| 8. Author's addresses | 8. Authors' addresses | |||
| Magnus Nystr÷m | Magnus Nystr÷m | |||
| RSA Laboratories | RSA Security | |||
| Box 10704 | Box 10704 | |||
| S-121 29 Stockholm | S-121 29 Stockholm | |||
| Sweden | Sweden | |||
| Email: magnus@rsasecurity.com | Email: magnus@rsasecurity.com | |||
| Burt Kaliski | Burt Kaliski | |||
| RSA Laboratories | RSA Security | |||
| 20 Crosby Drive | 20 Crosby Drive | |||
| Bedford, MA 01730 USA | Bedford, MA 01730 USA | |||
| Email: bkaliski@rsasecurity.com | Email: bkaliski@rsasecurity.com | |||
| APPENDICES | APPENDICES | |||
| A. ASN.1 module | A. ASN.1 module | |||
| This appendix includes all of the ASN.1 type and value definitions | This appendix includes all of the ASN.1 type and value definitions | |||
| skipping to change at page 38, line 10 ¶ | skipping to change at page 38, line 10 ¶ | |||
| [20] M. Smith. Definition of the inetOrgPerson LDAP Object Class. | [20] M. Smith. Definition of the inetOrgPerson LDAP Object Class. | |||
| IETF work in progress, January 2000. | IETF work in progress, January 2000. | |||
| [21] M. Wahl, A. Coulbeck, T. Howes, S. Kille. RFC 2252: Lightweight | [21] M. Wahl, A. Coulbeck, T. Howes, S. Kille. RFC 2252: Lightweight | |||
| Directory Access Protocol (v3): Attribute Syntax Definitions. IETF, | Directory Access Protocol (v3): Attribute Syntax Definitions. IETF, | |||
| December 1997. | December 1997. | |||
| [22] M. Wahl, T. Howes, S. Kille. RFC 2251: Lightweight Directory | [22] M. Wahl, T. Howes, S. Kille. RFC 2251: Lightweight Directory | |||
| Access Protocol (v3). IETF, December 1997. | Access Protocol (v3). IETF, December 1997. | |||
| F. About PKCS | F. Contact information & About PKCS | |||
| The Public-Key Cryptography Standards are specifications produced by | The Public-Key Cryptography Standards are specifications produced by | |||
| RSA Laboratories in cooperation with secure systems developers | RSA Laboratories in cooperation with secure systems developers | |||
| worldwide for the purpose of accelerating the deployment of public- | worldwide for the purpose of accelerating the deployment of public- | |||
| key cryptography. First published in 1991 as a result of meetings | key cryptography. First published in 1991 as a result of meetings | |||
| with a small group of early adopters of public-key technology, the | with a small group of early adopters of public-key technology, the | |||
| PKCS documents have become widely referenced and implemented. | PKCS documents have become widely referenced and implemented. | |||
| Contributions from the PKCS series have become part of many formal | Contributions from the PKCS series have become part of many formal | |||
| and de facto standards, including ANSI X9 documents, PKIX, SET, | and de facto standards, including ANSI X9 documents, PKIX, SET, | |||
| S/MIME, and SSL. | S/MIME, and SSL. | |||
| End of changes. 17 change blocks. | ||||
| 39 lines changed or deleted | 41 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||