< draft-nystrom-pkcs9-v2-00.txt   draft-nystrom-pkcs9-v2-01.txt >
INTERNET-DRAFT M. Nystrom INTERNET-DRAFT M. Nystrom
Expires: September 2000 B. Kaliski Expires: January 2001 B. Kaliski
Intended Category: Informational RSA Laboratories Intended Category: Informational RSA Security
March 2000 July 2000
Selected Object Classes and Attribute Types PKCS #9: Selected Object Classes and Attribute Types
PKCS #9 v2.0 Version 2.0
<draft-nystrom-pkcs9-v2-00.txt> <draft-nystrom-pkcs9-v2-01.txt>
Status of this Memo Status of this memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026 except that the right to all provisions of Section 10 of RFC2026, except that the right to
produce derivative works is not granted. This document represents a produce derivative works is not granted.
republication of PKCS#9 v 2.0 from RSA Laboratories' Public-Key
Cryptography Standards (PKCS) series, and change control is retained
within the PKCS process.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
This document provides a selection of object classes and attribute This memo represents a republication of PKCS #9 v2.0 from RSA
types for use in conjunction with public-key cryptography and LDAP Laboratories' Public-Key Cryptography Standards (PKCS) series, and
[LDAP} accessibe directories. It also includes ASN.1 syntax for all change control is retained within the PKCS process. The remainder of
the text is taken from that specification.
This memo provides a selection of object classes and attribute types
for use in conjunction with public-key cryptography and LDAP [LDAP}
accessibe directories. It also includes ASN.1 syntax for all
constructs. constructs.
Table of Contents Table of Contents
1 Introduction .................................................. 3 1. Introduction ................................................. 3
2 Definitions, notation and document convention ................. 3 2. Definitions, notation and document convention ................ 3
2.1 Definitions ................................................. 3 2.1 Definitions ................................................. 3
2.2 Notation and document convention ............................ 4 2.2 Notation and document convention ............................ 4
3 Overview ...................................................... 4 3. Overview ..................................................... 4
4 Auxiliary object classes ...................................... 5 4. Auxiliary object classes ..................................... 5
4.1 The "pkcsEntity" auxiliary object class ..................... 5 4.1 The "pkcsEntity" auxiliary object class ..................... 5
4.2 The "naturalPerson" auxiliary object class .................. 6 4.2 The "naturalPerson" auxiliary object class .................. 6
5 Selected attribute types ...................................... 6 5. Selected attribute types ..................................... 6
5.1 Attribute types for use with the "pkcsEntity" object class .. 6 5.1 Attribute types for use with the "pkcsEntity" object class .. 6
5.2 Attribute types for use with the "naturalPerson" object class 7 5.2 Attribute types for use with the "naturalPerson" object class 7
5.3 Attribute types for use in PKCS #7 data ..................... 12 5.3 Attribute types for use in PKCS #7 data ..................... 12
5.4 Attribute types for use in PKCS #10 certificate requests .... 16 5.4 Attribute types for use in PKCS #10 certificate requests .... 16
5.5 Attribute types for use in PKCS #12 "PFX" PDUs or PKCS #15 5.5 Attribute types for use in PKCS #12 "PFX" PDUs or PKCS #15
tokens ...................................................... 17 tokens ...................................................... 17
5.6 Attributes defined in S/MIMIE ............................... 18 5.6 Attributes defined in S/MIMIE ............................... 18
6 Matching rules ................................................ 19 6. Matching rules ............................................... 19
6.1 Case ignore match ........................................... 19 6.1 Case ignore match ........................................... 19
6.2 Signing time match .......................................... 19 6.2 Signing time match .......................................... 19
7 Security considerations ....................................... 20 7. Security considerations ...................................... 20
8 Author's addresses ............................................ 20 8. Authors' addresses ........................................... 20
Appendices Appendices
A ASN.1 Module .................................................. 21 A. ASN.1 module ................................................. 21
B BNF schema summary ............................................ 29 B. BNF schema summary ........................................... 29
B.1 Syntaxes .................................................... 29 B.1 Syntaxes .................................................... 29
B.2 Object classes .............................................. 30 B.2 Object classes .............................................. 30
B.3 Attribute types ............................................. 30 B.3 Attribute types ............................................. 30
B.4 Matching rules .............................................. 35 B.4 Matching rules .............................................. 35
C Intellectual property considerations .......................... 35 C. Intellectual property considerations ......................... 35
D Revision history .............................................. 35 D. Revision history ............................................. 35
E References .................................................... 36 E. References ................................................... 36
F About PKCS .................................................... 38 F. Contact information & About PKCS ............................. 38
1. Introduction 1. Introduction
This document defines two new auxiliary object classes, pkcsEntity This document defines two new auxiliary object classes, pkcsEntity
and naturalPerson, and selected attribute types for use with these and naturalPerson, and selected attribute types for use with these
classes. It also defines some attribute types for use in conjunction classes. It also defines some attribute types for use in conjunction
with PKCS #7 [14] (and S/MIME CMS [3]) digitally signed messages, with PKCS #7 [14] (and S/MIME CMS [3]) digitally signed messages,
PKCS #10 [16] certificate-signing requests, PKCS #12 [17] personal PKCS #10 [16] certificate-signing requests, PKCS #12 [17] personal
information exchanges and PKCS #15 [18] cryptographic tokens. information exchanges and PKCS #15 [18] cryptographic tokens.
Matching rules for use with these attributes are also defined, Matching rules for use with these attributes are also defined,
skipping to change at page 4, line 15 skipping to change at page 4, line 15
DER Distinguished Encoding Rules for ASN.1, as defined DER Distinguished Encoding Rules for ASN.1, as defined
in [6]. in [6].
UCS Universal Multiple-Octet Coded Character Set, as UCS Universal Multiple-Octet Coded Character Set, as
defined in [11]. defined in [11].
UTF8String UCS Transformation Format encoded string. The UTF-8 UTF8String UCS Transformation Format encoded string. The UTF-8
encoding is defined in [11]. encoding is defined in [11].
2.2 Notation and document conventions 2.2 Notation and document conventions
In this document, all ASN.1 types and values are written in bold In this document, all attribute type and object class definitions are
Helvetica. Attribute type and object class definitions are written in written in the ASN.1 value notation defined in [5]. Appendix B
the ASN.1 value notation defined in [5]. Appendix B contains most of contains most of these definitions written in the augmented BNF
these definitions written in the augmented BNF notation defined in notation defined in [2] as well. This has been done in an attempt to
[2] as well. This has been done in an attempt to simplify the task of simplify the task of integrating this work into LDAP [22] development
integrating this work into LDAP [22] development environments. environments.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [1]. document are to be interpreted as described in [1].
3. Overview 3. Overview
This document specifies two new auxiliary object classes, pkcsEntity This document specifies two new auxiliary object classes, pkcsEntity
and naturalPerson, and some new attribute types and matching rules. and naturalPerson, and some new attribute types and matching rules.
All ASN.1 object classes, attributes, matching rules and types are All ASN.1 object classes, attributes, matching rules and types are
skipping to change at page 20, line 27 skipping to change at page 20, line 27
Users of directory-aware applications making use of attributes Users of directory-aware applications making use of attributes
defined for use with the pkcsEntity object class should make sure defined for use with the pkcsEntity object class should make sure
that the class's attributes are adequately protected, since they may that the class's attributes are adequately protected, since they may
potentially be read by third parties. If a password-protected value potentially be read by third parties. If a password-protected value
is stored (PKCS #8, #12 or #15), the directory should authenticate is stored (PKCS #8, #12 or #15), the directory should authenticate
the requester before delivering the value to prevent an off-line the requester before delivering the value to prevent an off-line
password-search attack. Note that this potentially raises non- password-search attack. Note that this potentially raises non-
repudiation issues since the directory itself can try a password repudiation issues since the directory itself can try a password
search to recover a private value, if stored this way. search to recover a private value, if stored this way.
8. Author's addresses 8. Authors' addresses
Magnus Nystr÷m Magnus Nystr÷m
RSA Laboratories RSA Security
Box 10704 Box 10704
S-121 29 Stockholm S-121 29 Stockholm
Sweden Sweden
Email: magnus@rsasecurity.com Email: magnus@rsasecurity.com
Burt Kaliski Burt Kaliski
RSA Laboratories RSA Security
20 Crosby Drive 20 Crosby Drive
Bedford, MA 01730 USA Bedford, MA 01730 USA
Email: bkaliski@rsasecurity.com Email: bkaliski@rsasecurity.com
APPENDICES APPENDICES
A. ASN.1 module A. ASN.1 module
This appendix includes all of the ASN.1 type and value definitions This appendix includes all of the ASN.1 type and value definitions
skipping to change at page 38, line 10 skipping to change at page 38, line 10
[20] M. Smith. Definition of the inetOrgPerson LDAP Object Class. [20] M. Smith. Definition of the inetOrgPerson LDAP Object Class.
IETF work in progress, January 2000. IETF work in progress, January 2000.
[21] M. Wahl, A. Coulbeck, T. Howes, S. Kille. RFC 2252: Lightweight [21] M. Wahl, A. Coulbeck, T. Howes, S. Kille. RFC 2252: Lightweight
Directory Access Protocol (v3): Attribute Syntax Definitions. IETF, Directory Access Protocol (v3): Attribute Syntax Definitions. IETF,
December 1997. December 1997.
[22] M. Wahl, T. Howes, S. Kille. RFC 2251: Lightweight Directory [22] M. Wahl, T. Howes, S. Kille. RFC 2251: Lightweight Directory
Access Protocol (v3). IETF, December 1997. Access Protocol (v3). IETF, December 1997.
F. About PKCS F. Contact information & About PKCS
The Public-Key Cryptography Standards are specifications produced by The Public-Key Cryptography Standards are specifications produced by
RSA Laboratories in cooperation with secure systems developers RSA Laboratories in cooperation with secure systems developers
worldwide for the purpose of accelerating the deployment of public- worldwide for the purpose of accelerating the deployment of public-
key cryptography. First published in 1991 as a result of meetings key cryptography. First published in 1991 as a result of meetings
with a small group of early adopters of public-key technology, the with a small group of early adopters of public-key technology, the
PKCS documents have become widely referenced and implemented. PKCS documents have become widely referenced and implemented.
Contributions from the PKCS series have become part of many formal Contributions from the PKCS series have become part of many formal
and de facto standards, including ANSI X9 documents, PKIX, SET, and de facto standards, including ANSI X9 documents, PKIX, SET,
S/MIME, and SSL. S/MIME, and SSL.
 End of changes. 17 change blocks. 
39 lines changed or deleted 41 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/