Clearance Attribute and Authority Clearance Constraints Certificate Extension

Document Type Replaced Internet-Draft (individual)
Last updated 2012-01-25 (latest revision 2008-11-01)
Replaced by draft-ietf-pkix-authorityclearanceconstraints
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-pkix-authorityclearanceconstraints
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines the syntax and semantics for the Clearance attribute and the Authority Clearance Constraints extension in X.509 certificates. The Clearance attribute is used to indicate the clearance held by the subject. The Clearance attribute may appear in the subject directory attributes extension of a public key certificate or in the attributes field of an attribute certificate. The Authority Clearance Constraints certificate extension values in a Trust Anchor (TA), CA public key certificates, and an Attribute Authority (AA) public key certificate in a public key certification path constrain the effective Clearance of the subject.


Sean Turner (
Santosh Chokhani (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)