application/pkix-pkipath

Thu May 23 18:08:14 CEST 2002

-----BEGIN PGP SIGNED MESSAGE-----

The following template is from the Standards Track I-D
<draft-ietf-tls-extensions-04.txt>, which has just been submitted
for Last Call in the TLS WG. It's intended to be consistent with the
types application/pkix-{cert,crl} from RFC 2585.

(Note: Reply-To is set to the ietf-types list only.)

   To: ietf-types at iana.org
   Subject: Registration of MIME media type application/pkix-pkipath

   MIME media type name: application

   MIME subtype name: pkix-pkipath

   Required parameters: none

   Optional parameters: version (default value is "1")

   Encoding considerations:
      This MIME type is a DER encoding of the ASN.1 type PkiPath,
      defined as follows:

         PkiPath ::= SEQUENCE OF Certificate

         PkiPath is used to represent a certification path. Within the
         sequence, the order of certificates is such that the subject of
         the first certificate is the issuer of the second certificate,
         etc.

      This is identical to the definition that will be published in
      [X509-4th-TC1]; note that it is different from that in [X509-4th].

      All Certificates MUST conform to [PKIX] (an update to [PKIX] is
      in preparation, and should be followed when it is published).
      DER (as opposed to BER) encoding MUST be used. If this type is
      sent over a 7-bit transport, base64 encoding SHOULD be used.

   Security considerations:
      The security considerations of [X509-4th] and [PKIX] (or any
      updates to them) apply, as well as those of any protocol that uses
      this type (e.g. TLS).

      Note that this type only specifies a certificate chain that
      can be assessed for validity according to the relying party's
      existing configuration of trusted CAs; it is not intended to be
      used to specify any change to that configuration.

   Interoperability considerations:
      No specific interoperability problems are known with this type,
      but for recommendations relating to X.509 certificates in general,
      see [PKIX].

   Published specification: <draft-ietf-tls-extensions-04.txt> and
      [PKIX].

   Applications which use this media type: TLS. It may also be used by
      other protocols, or for general interchange of PKIX certificate
      chains.

   Additional information:
      Magic number(s): DER-encoded ASN.1 can be easily recognised.
         Further parsing is required to distinguish from other ASN.1
         types.
      File extension(s): .pkipath
      Macintosh File Type Code(s): not specified

   Person & email address to contact for further information:
      Magnus Nystrom <magnus at rsasecurity.com>

   Intended usage: COMMON

   Author/Change controller:
      Magnus Nystrom <magnus at rsasecurity.com>

Normative References

   [KEYWORDS] S. Bradner, "Key words for use in RFCs to Indicate
   Requirement Levels," IETF RFC 2119, March 1997.

   [PKIX] R. Housley, W. Ford, W. Polk, and D. Solo, "Internet Public
   Key Infrastructure: Part I: X.509 Certificate and CRL Profile", IETF
   RFC 2459, January 1999.

   [X509-4th] ITU-T Recommendation X.509 (2000) | ISO/IEC 9594-8:2001,
   "Information Systems - Open Systems Interconnection - The Directory:
   Public key and attribute certificate frameworks."

   [X509-4th-TC1] ITU-T Recommendation X.509(2000) Corrigendum 1(2001) |
   ISO/IEC 9594-8:2001/Cor.1:2002, Technical Corrigendum 1 to ISO/IEC
   9594:8:2001.

- -- 
David Hopwood <david.hopwood at zetnet.co.uk>

Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip