RFC 3850 (rfc3850) - Page 3 of 16


Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3



Alternative Format: Original Text Document



RFC 3850            S/MIME 3.1 Certificate Handling            July 2004


   Certificate Revocation List (CRL): A type that contains information
   about certificates whose validity an issuer has prematurely revoked.
   The information consists of an issuer name, the time of issue, the
   next scheduled time of issue, a list of certificate serial numbers
   and their associated revocation times, and extensions as defined in
   [KEYM].  The CRL is signed by the issuer.  The type intended by this
   specification is the one defined in [KEYM].

   Receiving agent: software that interprets and processes S/MIME CMS
   objects, MIME body parts that contain CMS objects, or both.

   Sending agent: software that creates S/MIME CMS objects, MIME body
   parts that contain CMS objects, or both.

   S/MIME agent: user software that is a receiving agent, a sending
   agent, or both.

1.2.  Compatibility with Prior Practice of S/MIME

   S/MIME version 3.1 agents should attempt to have the greatest
   interoperability possible with agents for prior versions of S/MIME.
   S/MIME version 2 is described in RFC 2311 through RFC 2315, inclusive
   and S/MIME version 3 is described in RFC 2630 through RFC 2634
   inclusive.  RFC 2311 also has historical information about the
   development of S/MIME.

1.3.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [MUSTSHOULD].

1.4.  Changes Since S/MIME v3 (RFC 2632)

   Version 1 and Version 2 CRLs MUST be supported.

   Multiple CA certificates with the same subject and public key, but
   with overlapping validity periods, MUST be supported.

   Version 2 attribute certificates SHOULD be supported, and version 1
   attributes certificates MUST NOT be used.

   The use of the MD2 digest algorithm for certificate signatures is
   discouraged and security language added.

   Clarified use of email address use in certificates.  Certificates
   that do not contain an email address have no requirements for
   verifying the email address associated with the certificate.



Ramsdell                    Standards Track