1 Introduction

This specification is one part of a family of standards for the X.509 Public Key Infrastructure (PKI) for the Internet.

This specification profiles the format and semantics of certificates and certificate revocation lists (CRLs) for the Internet PKI. Procedures are described for processing of certification paths in the Internet environment. Finally, ASN.1 modules are provided in the appendices for all data structures defined or referenced.

Section 2 describes Internet PKI requirements, and the assumptions which affect the scope of this document. Section 3 presents an architectural model and describes its relationship to previous IETF and ISO/IEC/ITU-T standards. In particular, this document's relationship with the IETF PEM specifications and the ISO/IEC/ITU-T X.509 documents are described.

Section 4 profiles the X.509 version 3 certificate, and section 5 profiles the X.509 version 2 CRL. The profiles include the identification of ISO/IEC/ITU-T and ANSI extensions which may be useful in the Internet PKI. The profiles are presented in the 1988 Abstract Syntax Notation One (ASN.1) rather than the 1997 ASN.1 syntax used in the most recent ISO/IEC/ITU-T standards.

Section 6 includes certification path validation procedures. These procedures are based upon the ISO/IEC/ITU-T definition. Implementations are REQUIRED to derive the same results but are not required to use the specified procedures.

Procedures for identification and encoding of public key materials and digital signatures are defined in [PKIXALGS]. Implementations of this specification are not required to use any particular cryptographic algorithms. However, conforming implementations which use the algorithms identified in [PKIXALGS] MUST identify and encode the public key materials and digital signatures as described in that specification.

Finally, three appendices are provided to aid implementers. Appendix A contains all ASN.1 structures defined or referenced within this specification. As above, the material is presented in the 1988 ASN.1. Appendix B contains notes on less familiar features of the ASN.1 notation used within this specification. Appendix C contains examples of a conforming certificate and a conforming CRL.

This specification obsoletes RFC 2459. This specification differs from RFC 2459 in five basic areas:

* To promote interoperable implementations, a detailed algorithm for certification path validation is included in section 6.1 of this specification; RFC 2459 provided only a high-level description of path validation.

* An algorithm for determining the status of a certificate using CRLs is provided in section 6.3 of this specification. This material was not present in RFC 2459.

* To accommodate new usage models, detailed information describing the use of delta CRLs is provided in Section 5 of this specification.

* Identification and encoding of public key materials and digital signatures are not included in this specification, but are now described in a companion specification [PKIXALGS].

* Four additional extensions are specified: three certificate extensions and one CRL extension. The certificate extensions are subject info access, inhibit any-policy, and freshest CRL. The freshest CRL extension is also defined as a CRL extension.

* Throughout the specification, clarifications have been introduced to enhance consistency with the ITU-T X.509 specification. X.509 defines the certificate and CRL format as well as many of the extensions that appear in this specification. These changes were introduced to improve the likelihood of interoperability between implementations based on this specification with implementations based on the ITU-T specification.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.