Network Working Group                                         R. HousleyRequest for Comments: 2459                                        SPYRUSCategory: Standards Track                                        W. Ford                                                                VeriSign                                                                 W. Polk                                                                    NIST                                                                 D. Solo                                                                Citicorp                                                            January 1999                Internet X.509 Public Key Infrastructure                      Certificate and CRL ProfileStatus of this Memo   This document specifies an Internet standards track protocol for the   Internet community, and requests discussion and suggestions for   improvements.  Please refer to the current edition of the "Internet   Official Protocol Standards" (STD 1) for the standardization state   and status of this protocol.  Distribution of this memo is unlimited.Copyright Notice   Copyright (C) The Internet Society (1999).  All Rights Reserved.Abstract   This memo profiles the X.509 v3 certificate and X.509 v2 CRL for use   in the Internet.  An overview of the approach and model are provided   as an introduction.  The X.509 v3 certificate format is described in   detail, with additional information regarding the format and   semantics of Internet name forms (e.g., IP addresses).  Standard   certificate extensions are described and one new Internet-specific   extension is defined.  A required set of certificate extensions is   specified.  The X.509 v2 CRL format is described and a required   extension set is defined as well.  An algorithm for X.509 certificate   path validation is described. Supplemental information is provided   describing the format of public keys and digital signatures in X.509   certificates for common Internet public key encryption algorithms   (i.e., RSA, DSA, and Diffie-Hellman).  ASN.1 modules and examples are   provided in the appendices.   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this   document are to be interpreted as described in RFC 2119.Housley, et. al.            Standards Track                     [Page 1]RFC 2459        Internet X.509 Public Key Infrastructure    January 1999   Please send comments on this document to the ietf-pkix@imc.org mail   list.                           TTTTaaaabbbblllleeee ooooffff CCCCoooonnnntttteeeennnnttttssss   1  Introduction ................................................    5   2  Requirements and Assumptions ................................    6   2.1  Communication and Topology ................................    6   2.2  Acceptability Criteria ....................................    7   2.3  User Expectations .........................................    7   2.4  Administrator Expectations ................................    7   3  Overview of Approach ........................................    7   3.1  X.509 Version 3 Certificate ...............................    9   3.2  Certification Paths and Trust .............................   10   3.3  Revocation ................................................   12   3.4  Operational Protocols .....................................   13   3.5  Management Protocols ......................................   13   4  Certificate and Certificate Extensions Profile ..............   15   4.1  Basic Certificate Fields ..................................   15   4.1.1  Certificate Fields ......................................   16   4.1.1.1  tbsCertificate ........................................   16   4.1.1.2  signatureAlgorithm ....................................   16   4.1.1.3  signatureValue ........................................   17   4.1.2  TBSCertificate ..........................................   17   4.1.2.1  Version ...............................................   17   4.1.2.2  Serial number .........................................   18   4.1.2.3  Signature .............................................   18   4.1.2.4  Issuer ................................................   18   4.1.2.5  Validity ..............................................   21   4.1.2.5.1  UTCTime .............................................   22   4.1.2.5.2  GeneralizedTime .....................................   22   4.1.2.6  Subject ...............................................   22   4.1.2.7  Subject Public Key Info ...............................   23   4.1.2.8  Unique Identifiers ....................................   24   4.1.2.9 Extensions .............................................   24   4.2  Certificate Extensions ....................................   24   4.2.1  Standard Extensions .....................................   25   4.2.1.1  Authority Key Identifier ..............................   25   4.2.1.2  Subject Key Identifier ................................   26   4.2.1.3  Key Usage .............................................   27   4.2.1.4  Private Key Usage Period ..............................   29   4.2.1.5  Certificate Policies ..................................   29   4.2.1.6  Policy Mappings .......................................   31   4.2.1.7  Subject Alternative Name ..............................   32Housley, et. al.            Standards Track                     [Page 2]RFC 2459        Internet X.509 Public Key Infrastructure    January 1999   4.2.1.8  Issuer Alternative Name ...............................   34   4.2.1.9  Subject Directory Attributes ..........................   34   4.2.1.10  Basic Constraints ....................................   35   4.2.1.11  Name Constraints .....................................   35   4.2.1.12  Policy Constraints ...................................   37   4.2.1.13  Extended key usage field .............................   38   4.2.1.14  CRL Distribution Points ..............................   39   4.2.2  Private Internet Extensions .............................   40   4.2.2.1  Authority Information Access ..........................   41   5  CRL and CRL Extensions Profile ..............................   42   5.1  CRL Fields ................................................   43   5.1.1  CertificateList Fields ..................................   43   5.1.1.1  tbsCertList ...........................................   44   5.1.1.2  signatureAlgorithm ....................................   44   5.1.1.3  signatureValue ........................................   44   5.1.2  Certificate List "To Be Signed" .........................   44   5.1.2.1  Version ...............................................   45   5.1.2.2  Signature .............................................   45   5.1.2.3  Issuer Name ...........................................   45   5.1.2.4  This Update ...........................................   45   5.1.2.5  Next Update ...........................................   45   5.1.2.6  Revoked Certificates ..................................   46   5.1.2.7  Extensions ............................................   46   5.2  CRL Extensions ............................................   46   5.2.1  Authority Key Identifier ................................   47   5.2.2  Issuer Alternative Name .................................   47   5.2.3  CRL Number ..............................................   47   5.2.4  Delta CRL Indicator .....................................   48   5.2.5  Issuing Distribution Point ..............................   48   5.3  CRL Entry Extensions ......................................   49   5.3.1  Reason Code .............................................   50   5.3.2  Hold Instruction Code ...................................   50   5.3.3  Invalidity Date .........................................   51   5.3.4  Certificate Issuer ......................................   51   6  Certificate Path Validation .................................   52   6.1  Basic Path Validation .....................................   52   6.2  Extending Path Validation .................................   56   7  Algorithm Support ...........................................   57   7.1  One-way Hash Functions ....................................   57   7.1.1  MD2 One-way Hash Function ...............................   57   7.1.2  MD5 One-way Hash Function ...............................   58   7.1.3  SHA-1 One-way Hash Function .............................   58   7.2  Signature Algorithms ......................................   58   7.2.1  RSA Signature Algorithm .................................   59   7.2.2  DSA Signature Algorithm .................................   60   7.3  Subject Public Key Algorithms .............................   60   7.3.1  RSA Keys ................................................   61   7.3.2  Diffie-Hellman Key Exchange Key .........................   61Housley, et. al.            Standards Track                     [Page 3]RFC 2459        Internet X.509 Public Key Infrastructure    January 1999   7.3.3  DSA Signature Keys ......................................   63   8  References ..................................................   64   9  Intellectual Property Rights ................................   66   10  Security Considerations ....................................   67   Appendix A.  ASN.1 Structures and OIDs .........................   70   A.1 Explicitly Tagged Module, 1988 Syntax ......................   70   A.2 Implicitly Tagged Module, 1988 Syntax ......................   84   Appendix B.  1993 ASN.1 Structures and OIDs ....................   91   B.1 Explicitly Tagged Module, 1993 Syntax ......................   91   B.2 Implicitly Tagged Module, 1993 Syntax ......................  108   Appendix C.  ASN.1 Notes .......................................  116   Appendix D.  Examples ..........................................  117   D.1  Certificate ...............................................  117   D.2  Certificate ...............................................  120   D.3  End-Entity Certificate Using RSA ..........................  123   D.4  Certificate Revocation List ...............................  126   Appendix E.  Authors' Addresses ................................  128   Appendix F.  Full Copyright Statement ..........................  129Housley, et. al.            Standards Track                     [Page 4]RFC 2459        Internet X.509 Public Key Infrastructure    January 19991  Introduction   This specification is one part of a family of standards for the X.509   Public Key Infrastructure (PKI) for the Internet.  This specification   is a standalone document; implementations of this standard may   proceed independent from the other parts.   This specification profiles the format and semantics of certificates   and certificate revocation lists for the Internet PKI.  Procedures   are described for processing of certification paths in the Internet   environment.  Encoding rules are provided for popular cryptographic   algorithms.  Finally, ASN.1 modules are provided in the appendices   for all data structures defined or referenced.   The specification describes the requirements which inspire the   creation of this document and the assumptions which affect its scope   in Section 2.  Section 3 presents an architectural model and   describes its relationship to previous IETF and ISO/IEC/ITU   standards.  In particular, this document's relationship with the IETF   PEM specifications and the ISO/IEC/ITU X.509 documents are described.   The specification profiles the X.509 version 3 certificate in Section   4, and the X.509 version 2 certificate revocation list (CRL) in   Section 5. The profiles include the identification of ISO/IEC/ITU and   ANSI extensions which may be useful in the Internet PKI. The profiles   are presented in the 1988 Abstract Syntax Notation One (ASN.1) rather   than the 1994 syntax used in the ISO/IEC/ITU standards.   This specification also includes path validation procedures in   Section 6.  These procedures are based upon the ISO/IEC/ITU   definition, but the presentation assumes one or more self-signed   trusted CA certificates.  Implementations are required to derive the   same results but are not required to use the specified procedures.   Section 7 of the specification describes procedures for   identification and encoding of public key materials and digital   signatures.  Implementations are not required to use any particular   cryptographic algorithms.  However, conforming implementations which   use the identified algorithms are required to identify and encode the   public key materials and digital signatures as described.   Finally, four appendices are provided to aid implementers.  Appendix   A contains all ASN.1 structures defined or referenced within this   specification.  As above, the material is presented in the 1988   Abstract Syntax Notation One (ASN.1) rather than the 1994 syntax.   Appendix B contains the same information in the 1994 ASN.1 notation   as a service to implementers using updated toolsets.  However,   Appendix A takes precedence in case of conflict.  Appendix C containsHousley, et. al.            Standards Track                     [Page 5]RFC 2459        Internet X.509 Public Key Infrastructure    January 1999   notes on less familiar features of the ASN.1 notation used within   this specification.  Appendix D contains examples of a conforming   certificate and a conforming CRL.