PKCS #10: Certification Request Syntax Specification Version 1.7
RFC 2986

Document Type RFC - Informational (November 2000; No errata)
Updated by RFC 5967
Obsoletes RFC 2314
Was draft-nystrom-pkcs10-v1-7 (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2986 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         M. Nystrom
Request for Comments: 2986                                    B. Kaliski
Obsoletes: 2314                                             RSA Security
Category: Informational                                    November 2000

          PKCS #10: Certification Request Syntax Specification
                              Version 1.7

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This memo represents a republication of PKCS #10 v1.7 from RSA
   Laboratories' Public-Key Cryptography Standards (PKCS) series, and
   change control is retained within the PKCS process.  The body of this
   document, except for the security considerations section, is taken
   directly from the PKCS #9 v2.0 or the PKCS #10 v1.7 document.

   This memo describes a syntax for certification requests.

Table of Contents

   1.  Introduction ................................................. 2
   2.  Definitions and notation ..................................... 2
   2.1  Definitions ................................................. 2
   2.2  Notation .................................................... 4
   3.  Overview ..................................................... 4
   4.  Certification request syntax ................................. 5
   4.1  CertificationRequestInfo .................................... 5
   4.2  CertificationRequest ........................................ 7
   5.  Security Considerations ...................................... 8
   6.  Authors' Addresses ........................................... 8
   A.  ASN.1 module ................................................. 9
   B.  Intellectual property considerations ........................ 10
   C.  Revision history ............................................ 10
   D.  References .................................................. 11
   E.  Contact information & About PKCS ............................ 12
   Full Copyright Statement ........................................ 14

Nystrom & Kaliski            Informational                      [Page 1]
RFC 2986       Certification Request Syntax Specification  November 2000

1. Introduction

   This document describes syntax for certification requests.  A
   certification request consists of a distinguished name, a public key,
   and optionally a set of attributes, collectively signed by the entity
   requesting certification.  Certification requests are sent to a
   certification authority, which transforms the request into an X.509
   [9] public-key certificate.  (In what form the certification
   authority returns the newly signed certificate is outside the scope
   of this document.  A PKCS #7 [2] message is one possibility.)

   The intention of including a set of attributes is twofold: to provide
   other information about a given entity , or a "challenge password" by
   which the entity may later request certificate revocation; and to
   provide attributes for inclusion in X.509 certificates.  A non-
   exhaustive list of attributes is given in PKCS #9 [3].

   Certification authorities may also require non-electronic forms of
   request and may return non-electronic replies.  It is expected that
   descriptions of such forms, which are outside the scope of this
   document, will be available from certification authorities.

   The preliminary intended application of this document is to support
   PKCS #7 cryptographic messages, but it is expected that other
   applications will be developed (see e.g. [4]).

2. Definitions and notation

 2.1 Definitions

   For the purposes of this document, the following definitions apply.

   ALGORITHM       An information object class defined in X.509 to
                   describe objects composed of an algorithm (a unique
                   object identifier) and its parameters (any ASN.1
                   type).  The values of objects in this class can be
                   represented by the ASN.1 type AlgorithmIdentifier{}.
                   ALGORITHM is defined as the "useful" information
                   object class TYPE-IDENTIFIER, specified in [11],
                   Annex A.

   AlgorithmIdentifier{}
                   A useful parameterized version of X.509 type
                   AlgorithmIdentifier is defined in this document.
                   This type tightly binds pairs of algorithm object
                   identifiers to their associated parameter types.
                   When referenced, the single parameter of
                   AlgorithmIdentifier{} specifies a constraint on the
Show full document text