RFC 2528 (rfc2528) - Page 2 of 9
Internet X
Alternative Format: Original Text Document
RFC 2528 PKIX KEA March 1999
Abstract
The Key Exchange Algorithm (KEA) is a classified algorithm for
exchanging keys. This specification profiles the format and
semantics of fields in X.509 V3 certificates containing KEA keys. The
specification addresses the subjectPublicKeyInfo field and the
keyUsage extension.
1. Executive Summary
This specification contains guidance on the use of the Internet
Public Key Infrastructure certificates to convey Key Exchange
Algorithm (KEA) keys. This specification is an addendum to RFC 2459,
"Internet X.509 Public Key Infrastructure: Certificate and CRL
Profile". Implementations of this specification must also conform to
RFC 2459. Implementations of this specification are not required to
conform to other parts from that series.
2. Requirements and Assumptions
The goal is to augment the X.509 certificate profile presented in
Part 1 to facilitate the management of KEA keys for those communities
which use this algorithm.
2.1. Communication and Topology
This profile, as presented in [RFC 2459] and augmented by this
specification, supports users without high bandwidth, real-time IP
connectivity, or high connection availability. In addition, the
profile allows for the presence of firewall or other filtered
communication.
This profile does not assume the deployment of an X.500 Directory
system. The profile does not prohibit the use of an X.500 Directory,
but other means of distributing certificates and certificate
revocation lists (CRLs) are supported.
2.2. Acceptability Criteria
The goal of the Internet Public Key Infrastructure (PKI) is to meet
the needs of deterministic, automated identification, authentication,
access control, and authorization functions. Support for these
services determines the attributes contained in the certificate as
well as the ancillary control information in the certificate such as
policy data and certification path constraints.
Housley & Polk Informational