RFC 3850 (rfc3850) - Page 3 of 16
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3
Alternative Format: Original Text Document
RFC 3850 S/MIME 3.1 Certificate Handling July 2004
Certificate Revocation List (CRL): A type that contains information
about certificates whose validity an issuer has prematurely revoked.
The information consists of an issuer name, the time of issue, the
next scheduled time of issue, a list of certificate serial numbers
and their associated revocation times, and extensions as defined in
[KEYM]. The CRL is signed by the issuer. The type intended by this
specification is the one defined in [KEYM].
Receiving agent: software that interprets and processes S/MIME CMS
objects, MIME body parts that contain CMS objects, or both.
Sending agent: software that creates S/MIME CMS objects, MIME body
parts that contain CMS objects, or both.
S/MIME agent: user software that is a receiving agent, a sending
agent, or both.
1.2. Compatibility with Prior Practice of S/MIME
S/MIME version 3.1 agents should attempt to have the greatest
interoperability possible with agents for prior versions of S/MIME.
S/MIME version 2 is described in RFC 2311 through RFC 2315, inclusive
and S/MIME version 3 is described in RFC 2630 through RFC 2634
inclusive. RFC 2311 also has historical information about the
development of S/MIME.
1.3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [MUSTSHOULD].
1.4. Changes Since S/MIME v3 (RFC 2632)
Version 1 and Version 2 CRLs MUST be supported.
Multiple CA certificates with the same subject and public key, but
with overlapping validity periods, MUST be supported.
Version 2 attribute certificates SHOULD be supported, and version 1
attributes certificates MUST NOT be used.
The use of the MD2 digest algorithm for certificate signatures is
discouraged and security language added.
Clarified use of email address use in certificates. Certificates
that do not contain an email address have no requirements for
verifying the email address associated with the certificate.
Ramsdell Standards Track