Suite B Certificate and Certificate Revocation List (CRL) Profile
RFC 5759
Document | Type |
RFC - Historic
(January 2010; No errata)
Status changed by status-change-suiteb-to-historic
Was draft-solinas-suiteb-cert-profile (individual in sec area)
|
|
---|---|---|---|
Authors | Lydia Zieglar , Jerome Solinas | ||
Last updated | 2018-08-01 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5759 (Historic) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | llziegl@tycho.ncsc.mil, paul.hoffman@vpnc.org |
Internet Engineering Task Force (IETF) J. Solinas Request for Comments: 5759 L. Zieglar Category: Informational NSA ISSN: 2070-1721 January 2010 Suite B Certificate and Certificate Revocation List (CRL) Profile Abstract This document specifies a base profile for X.509 v3 Certificates and X.509 v2 Certificate Revocation Lists (CRLs) for use with the United States National Security Agency's Suite B Cryptography. The reader is assumed to have familiarity with RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile". Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5759. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Solinas & Zieglar Informational [Page 1] RFC 5759 Suite B Certificate and CRL Profile January 2010 Table of Contents 1. Introduction ....................................................2 2. Conventions Used in This Document ...............................3 3. Requirements and Assumptions ....................................3 3.1. Implementing Suite B .......................................3 3.2. Suite B Object Identifiers .................................4 4. Suite B Certificate and Certificate Extensions Profile ..........4 4.1. signatureAlgorithm .........................................4 4.2. signatureValue .............................................5 4.3. Version ....................................................6 4.4. SubjectPublicKeyInfo .......................................6 4.5. Certificate Extensions for Particular Types of Certificates ...............................................7 4.5.1. Suite B Self-Signed CA Certificates .................7 4.5.2. Suite B Non-Self-Signed CA Certificates .............8 4.5.3. Suite B End Entity Signature and Key Establishment Certificates ..........................8 5. Suite B CRL and CRL Extensions Profile ..........................9 6. Security Considerations .........................................9 7. IANA Considerations .............................................9 8. References .....................................................10 8.1. Normative References ......................................10 8.2. Informative References ....................................10 1. Introduction This document specifies a base profile for X.509 v3 Certificates and X.509 v2 Certificate Revocation Lists (CRLs) for use by applications that support the United States National Security Agency's Suite B Cryptography. The reader is assumed to have familiarity with [RFC5280]. This Suite B Certificate and CRL Profile is a profile of RFC 5280. All MUST- level requirements of RFC 5280 apply throughout this profile and are generally not repeated here. In cases where a MUST-level requirement is repeated for emphasis, the text notes the requirement is "in adherence with [RFC5280]". This profile contains changes that elevate some MAY-level options in RFC 5280 to SHOULD-level and MUST- level in this profile; this profile also contains changes that elevate some SHOULD-level options in RFC 5280 to MUST-level for this profile. All options from RFC 5280 that are not listed in this profile remain at the requirement level of RFC 5280. Solinas & Zieglar Informational [Page 2] RFC 5759 Suite B Certificate and CRL Profile January 2010Show full document text