application/pkix-pkipath
David Hopwood
david.hopwood at zetnet.co.uk
Thu May 23 18:08:14 CEST 2002
-----BEGIN PGP SIGNED MESSAGE-----
The following template is from the Standards Track I-D
<draft-ietf-tls-extensions-04.txt>, which has just been submitted
for Last Call in the TLS WG. It's intended to be consistent with the
types application/pkix-{cert,crl} from RFC 2585.
(Note: Reply-To is set to the ietf-types list only.)
To: ietf-types at iana.org
Subject: Registration of MIME media type application/pkix-pkipath
MIME media type name: application
MIME subtype name: pkix-pkipath
Required parameters: none
Optional parameters: version (default value is "1")
Encoding considerations:
This MIME type is a DER encoding of the ASN.1 type PkiPath,
defined as follows:
PkiPath ::= SEQUENCE OF Certificate
PkiPath is used to represent a certification path. Within the
sequence, the order of certificates is such that the subject of
the first certificate is the issuer of the second certificate,
etc.
This is identical to the definition that will be published in
[X509-4th-TC1]; note that it is different from that in [X509-4th].
All Certificates MUST conform to [PKIX] (an update to [PKIX] is
in preparation, and should be followed when it is published).
DER (as opposed to BER) encoding MUST be used. If this type is
sent over a 7-bit transport, base64 encoding SHOULD be used.
Security considerations:
The security considerations of [X509-4th] and [PKIX] (or any
updates to them) apply, as well as those of any protocol that uses
this type (e.g. TLS).
Note that this type only specifies a certificate chain that
can be assessed for validity according to the relying party's
existing configuration of trusted CAs; it is not intended to be
used to specify any change to that configuration.
Interoperability considerations:
No specific interoperability problems are known with this type,
but for recommendations relating to X.509 certificates in general,
see [PKIX].
Published specification: <draft-ietf-tls-extensions-04.txt> and
[PKIX].
Applications which use this media type: TLS. It may also be used by
other protocols, or for general interchange of PKIX certificate
chains.
Additional information:
Magic number(s): DER-encoded ASN.1 can be easily recognised.
Further parsing is required to distinguish from other ASN.1
types.
File extension(s): .pkipath
Macintosh File Type Code(s): not specified
Person & email address to contact for further information:
Magnus Nystrom <magnus at rsasecurity.com>
Intended usage: COMMON
Author/Change controller:
Magnus Nystrom <magnus at rsasecurity.com>
Normative References
[KEYWORDS] S. Bradner, "Key words for use in RFCs to Indicate
Requirement Levels," IETF RFC 2119, March 1997.
[PKIX] R. Housley, W. Ford, W. Polk, and D. Solo, "Internet Public
Key Infrastructure: Part I: X.509 Certificate and CRL Profile", IETF
RFC 2459, January 1999.
[X509-4th] ITU-T Recommendation X.509 (2000) | ISO/IEC 9594-8:2001,
"Information Systems - Open Systems Interconnection - The Directory:
Public key and attribute certificate frameworks."
[X509-4th-TC1] ITU-T Recommendation X.509(2000) Corrigendum 1(2001) |
ISO/IEC 9594-8:2001/Cor.1:2002, Technical Corrigendum 1 to ISO/IEC
9594:8:2001.
- --
David Hopwood <david.hopwood at zetnet.co.uk>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBPOrjTTkCAxeYt5gVAQHddQf5ATsJ4D4flPu6Y5JgtazAO/Fc0MxG9Iy6
XJsov+JNMmEwP66eESuSkgk44RWlk+TkHadGnsybRth9aRUumhni8GjnIO4UAn4I
QghOXua2BZ8QoePEcm2i1BqlcTg7jgOHIcVXiRk3l/N3IvZviDy1a/h9B4pmYafV
ZUgKhzwr7qFg63LWQyuSkOzisWpNeC778A6u95G+P0HhGdL77IEqiVz0GfWPuq2A
jTmGP7kOl+WhS1pbjliGqxUNjYyw4fX/rcd5ltzhijY5LRa3jsUq+ixK8uSx4kle
XXI1Aig8NLaX5Vfu2AkojMrcH2/wMFQK/JHwZY2cfs2mhdi7JBPUng==
=6X2a
-----END PGP SIGNATURE-----
More information about the Ietf-types
mailing list