| < draft-ietf-pkix-attr-cert-mime-type-02.txt | draft-ietf-pkix-attr-cert-mime-type-03.txt > | |||
|---|---|---|---|---|
| INTERNET DRAFT R. Housley | INTERNET DRAFT R. Housley | |||
| Intended Status: Informational Vigil Security | Intended Status: Informational Vigil Security | |||
| Expires: 5 April 2010 5 October 2009 | Expires: 22 August 2010 22 February 2010 | |||
| The application/pkix-attr-cert Content Type for Attribute Certificates | The application/pkix-attr-cert Media Type for Attribute Certificates | |||
| <draft-ietf-pkix-attr-cert-mime-type-02.txt> | <draft-ietf-pkix-attr-cert-mime-type-03.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| groups may also distribute working documents as Internet-Drafts. | groups may also distribute working documents as Internet-Drafts. | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents | |||
| publication of this document (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | ||||
| include Simplified BSD License text as described in Section 4.e of | ||||
| the Trust Legal Provisions and are provided without warranty as | ||||
| described in the Simplified BSD License. | ||||
| Abstract | Abstract | |||
| This document specifies a MIME content type used to carry a single | This document specifies a MIME media type used to carry a single | |||
| attribute certificate as defined in RFC 3281. | attribute certificate as defined in RFC 3281. | |||
| 1. Introduction | 1. Introduction | |||
| RFC 2585 [RFC2585] defines the MIME content types for public key | RFC 2585 [RFC2585] defines the MIME media types for public key | |||
| certificates and certificate revocation lists (CRLs). This document | certificates and certificate revocation lists (CRLs). This document | |||
| specifies a MIME content type for use with attribute certificates as | specifies a MIME media type for use with attribute certificates as | |||
| defined in RFC 3281 [RFC3281]. | defined in RFC 3281 [RFC3281]. | |||
| Attribute certificates are ASN.1 encoded [X.680]. RFC 3281 [RFC3281] | Attribute certificates are ASN.1 encoded [X.680]. RFC 3281 [RFC3281] | |||
| tells which portions of the attribute certificate must use the | tells which portions of the attribute certificate must use the | |||
| distinguished encoding rules (DER) [X.690] and which portions are | distinguished encoding rules (DER) [X.690] and which portions are | |||
| permitted to use the basic encoding rules (BER) [X.690]. Since DER | permitted to use the basic encoding rules (BER) [X.690]. Since DER | |||
| is a proper subset of BER, BER decoding all parts of a properly | is a proper subset of BER, BER decoding all parts of a properly | |||
| constructed attribute certificate will be successful. | constructed attribute certificate will be successful. | |||
| 2. IANA Considerations | 2. IANA Considerations | |||
| The content type for an attribute certificate is | This document registers with IANA the "application/pkix-attr-cert" | |||
| application/pkix-attr-cert. | Internet Media Type for use with an attribute certificate as defined | |||
| in [RFC3281]. This registration follows the procedures defined in | ||||
| BCP 13 [RFC4288]. | ||||
| Type name: application | Type name: application | |||
| Subtype name: pkix-attr-cert | Subtype name: pkix-attr-cert | |||
| Required parameters: None | Required parameters: None | |||
| Optional parameters: None | Optional parameters: None | |||
| Encoding considerations: 8bit | Encoding considerations: binary | |||
| Security considerations: | Security considerations: | |||
| An attribute certificate provides authorization information. An | An attribute certificate provides authorization information. An | |||
| attribute certificate is most often used in conjunction with | attribute certificate is most often used in conjunction with | |||
| public key certificate [RFC5280], and the two certificates | public key certificate [RFC5280], and the two certificates | |||
| should use the same encoding of the distinguished name as | should use the same encoding of the distinguished name as | |||
| described in the Security Considerations of this document. | described in the Security Considerations of this document. | |||
| Interoperability considerations: | Interoperability considerations: | |||
| The content type will be used with HTTP to fetch attribute | The media type will be used with HTTP to fetch attribute | |||
| certificates. Other uses may emerge in the future. | certificates. Other uses may emerge in the future. | |||
| Published specification: RFC 3281 | Published specification: RFC 3281 | |||
| Applications which use this media type: | Applications which use this media type: | |||
| The content type is used with MIME-complaint transport to | The media type is used with a MIME-compliant transport to | |||
| transfer an attribute certificate. Attribute certificates | transfer an attribute certificate. Attribute certificates | |||
| convey authorization information, and they are most often used | convey authorization information, and they are most often used | |||
| in conjunction with public key certificates [RFC5280]. | in conjunction with public key certificates as defined in | |||
| [RFC5280]. | ||||
| Additional information: | Additional information: | |||
| Magic number(s): None | Magic number(s): None | |||
| File extension(s): .ac | File extension(s): .ac | |||
| Macintosh File Type Code(s): none | Macintosh File Type Code(s): none | |||
| Person & email address to contact for further information: | Person & email address to contact for further information: | |||
| Russ Housley | Russ Housley | |||
| housley@vigilsec.com | housley@vigilsec.com | |||
| skipping to change at page 3, line 48 ¶ | skipping to change at page 3, line 50 ¶ | |||
| [RFC3281] S. Farrell, S., and R. Housley, "An Internet Attribute | [RFC3281] S. Farrell, S., and R. Housley, "An Internet Attribute | |||
| Certificate Profile for Authorization", RFC 3281, | Certificate Profile for Authorization", RFC 3281, | |||
| April 2002. | April 2002. | |||
| 4.2. Informative References | 4.2. Informative References | |||
| [RFC2585] Housley, R., and P. Hoffman, " Internet X.509 Public Key | [RFC2585] Housley, R., and P. Hoffman, " Internet X.509 Public Key | |||
| Infrastructure Operational Protocols: FTP and HTTP", | Infrastructure Operational Protocols: FTP and HTTP", | |||
| RFC 2585, May 1999. | RFC 2585, May 1999. | |||
| [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data | [RFC4288] Freed, N., and J. Klensin, "Media Type Specifications and | |||
| Encodings", RFC 4648, October 2006. | Registration Procedures", BCP 13, RFC 4288, December 2005. | |||
| [RFC5280] Cooper, D., S. Santesson, S. Farrell, S. Boeyen, | [RFC5280] Cooper, D., S. Santesson, S. Farrell, S. Boeyen, | |||
| R. Housley, W. Polk, "Internet X.509 Public Key | R. Housley, W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation | Infrastructure Certificate and Certificate Revocation | |||
| List (CRL) Profile", RFC 5280, May 2008. | List (CRL) Profile", RFC 5280, May 2008. | |||
| [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, | [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, | |||
| Information technology - Abstract Syntax Notation One | Information technology - Abstract Syntax Notation One | |||
| (ASN.1): Specification of basic notation. | (ASN.1): Specification of basic notation. | |||
| End of changes. 12 change blocks. | ||||
| 18 lines changed or deleted | 25 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||