RFC 3850 (rfc3850) - Page 1 of 16


Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3



Alternative Format: Original Text Document



Network Working Group                                B. Ramsdell, Editor
Request for Comments: 3850                                Sendmail, Inc.
Obsoletes: 2632                                                July 2004
Category: Standards Track


   Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
                          Certificate Handling

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document specifies conventions for X.509 certificate usage by
   Secure/Multipurpose Internet Mail Extensions (S/MIME) agents.  S/MIME
   provides a method to send and receive secure MIME messages, and
   certificates are an integral part of S/MIME agent processing.  S/MIME
   agents validate certificates as described in RFC 3280, the Internet
   X.509 Public Key Infrastructure Certificate and CRL Profile.  S/MIME
   agents must meet the certificate processing requirements in this
   document as well as those in RFC 3280.

Table of Contents

   1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Definitions. . . . . . . . . . . . . . . . . . . . . . .  2
       1.2.  Compatibility with Prior Practice of S/MIME. . . . . . .  3
       1.3.  Terminology. . . . . . . . . . . . . . . . . . . . . . .  3
       1.4.  Changes Since S/MIME v3 (RFC 2632) . . . . . . . . . . .  3
   2.  CMS Options. . . . . . . . . . . . . . . . . . . . . . . . . .  4
       2.1 . CertificateRevocationLists . . . . . . . . . . . . . . .  4
       2.2.  CertificateChoices . . . . . . . . . . . . . . . . . . .  4
       2.3.  CertificateSet . . . . . . . . . . . . . . . . . . . . .  5
   3. Using Distinguished Names for Internet Mail . . . . . . . . . .  6
   4.  Certificate Processing . . . . . . . . . . . . . . . . . . . .  7
       4.1.  Certificate Revocation Lists . . . . . . . . . . . . . .  8
       4.2.  Certification Path Validation. . . . . . . . . . . . . .  8
       4.3.  Certificate and CRL Signing Algorithms . . . . . . . . .  9



Ramsdell                    Standards Track