Role Names in X.509 Certificates

Document Type Expired Internet-Draft (individual)
Author Blake Ramsdell 
Last updated 1998-04-30
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The subjectAltName X.509 extension described in [KEYM] provides a mechanism where information regarding the entity that signed and/or encrypted some data can be identified. However, there is a case where the subject may not be a concrete entity, but may be a 'role' within an organization or network. This document will specify a set of these roles and their definitions.


Blake Ramsdell (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)