RFC 3280 (rfc3280) - Page 1 of 129
Internet X
Alternative Format: Original Text Document
Network Working Group R. Housley
Request for Comments: 3280 RSA Laboratories
Obsoletes: 2459 W. Polk
Category: Standards Track NIST
W. Ford
VeriSign
D. Solo
Citigroup
April 2002
Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Profile
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This memo profiles the X.509 v3 certificate and X.509 v2 Certificate
Revocation List (CRL) for use in the Internet. An overview of this
approach and model are provided as an introduction. The X.509 v3
certificate format is described in detail, with additional
information regarding the format and semantics of Internet name
forms. Standard certificate extensions are described and two
Internet-specific extensions are defined. A set of required
certificate extensions is specified. The X.509 v2 CRL format is
described in detail, and required extensions are defined. An
algorithm for X.509 certification path validation is described. An
ASN.1 module and examples are provided in the appendices.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . 4
2 Requirements and Assumptions . . . . . . . . . . . . . . 5
2.1 Communication and Topology . . . . . . . . . . . . . . 6
2.2 Acceptability Criteria . . . . . . . . . . . . . . . . 6
2.3 User Expectations . . . . . . . . . . . . . . . . . . . 7
2.4 Administrator Expectations . . . . . . . . . . . . . . 7
3 Overview of Approach . . . . . . . . . . . . . . . . . . 7
Housley, et. al. Standards Track