Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 5877                                Vigil Security
Category: Informational                                         May 2010
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 5877                                Vigil Security
Category: Informational                                         May 2010
ISSN: 2070-1721
        

The application/pkix-attr-cert Media Type for Attribute Certificates

属性证书的应用程序/pkix属性证书媒体类型

Abstract

摘要

This document specifies a MIME media type used to carry a single attribute certificate as defined in RFC 5755.

本文档指定用于携带RFC 5755中定义的单属性证书的MIME媒体类型。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5877.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5877.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

1. Introduction
1. 介绍

RFC 2585 [RFC2585] defines the MIME media types for public key certificates and certificate revocation lists (CRLs). This document specifies a MIME media type for use with attribute certificates as defined in RFC 5755 [RFC5755].

RFC 2585[RFC2585]定义公钥证书和证书吊销列表(CRL)的MIME媒体类型。本文档指定用于RFC 5755[RFC5755]中定义的属性证书的MIME媒体类型。

Attribute certificates are ASN.1 encoded [X.680]. RFC 5755 [RFC5755] tells which portions of the attribute certificate must use the distinguished encoding rules (DER) [X.690] and which portions are permitted to use the basic encoding rules (BER) [X.690]. Since DER is a proper subset of BER, BER decoding all parts of a properly constructed attribute certificate will be successful.

属性证书是ASN.1编码的[X.680]。RFC 5755[RFC5755]说明属性证书的哪些部分必须使用可分辨编码规则(DER)[X.690],哪些部分允许使用基本编码规则(BER)[X.690]。由于DER是BER的适当子集,因此BER解码正确构造的属性证书的所有部分都将成功。

2. IANA Considerations
2. IANA考虑

This document registers with IANA the "application/pkix-attr-cert" Internet Media Type for use with an attribute certificate as defined in [RFC5755]. This registration follows the procedures defined in BCP 13 [RFC4288].

本文件向IANA注册“应用程序/pkix attr证书”互联网媒体类型,以便与[RFC5755]中定义的属性证书一起使用。此注册遵循BCP 13[RFC4288]中定义的程序。

Type name: application

类型名称:应用程序

Subtype name: pkix-attr-cert

子类型名称:pkix属性证书

Required parameters: None

所需参数:无

Optional parameters: None

可选参数:无

Encoding considerations: binary

编码注意事项:二进制

Security considerations: An attribute certificate provides authorization information. An attribute certificate is most often used in conjunction with a public key certificate [RFC5280], and the two certificates should use the same encoding of the distinguished name as described in the Security Considerations of this document.

安全注意事项:属性证书提供授权信息。属性证书通常与公钥证书[RFC5280]结合使用,两个证书应使用与本文档安全注意事项中所述相同的可分辨名称编码。

Interoperability considerations: The media type will be used with HTTP to fetch attribute certificates. Other uses may emerge in the future.

互操作性注意事项:媒体类型将与HTTP一起用于获取属性证书。将来可能会出现其他用途。

Published specification: RFC 5755

已发布规范:RFC 5755

Applications that use this media type: The media type is used with a MIME-compliant transport to transfer an attribute certificate. Attribute certificates convey authorization information, and they are most often used in conjunction with public key certificates as defined in [RFC5280].

使用此媒体类型的应用程序:该媒体类型与MIME兼容传输一起用于传输属性证书。属性证书传递授权信息,它们通常与[RFC5280]中定义的公钥证书结合使用。

      Additional information:
        Magic number(s): None
        File extension(s): .ac
        Macintosh File Type Code(s): none
        
      Additional information:
        Magic number(s): None
        File extension(s): .ac
        Macintosh File Type Code(s): none
        

Person & email address to contact for further information: Russ Housley housley@vigilsec.com

联系人和电子邮件地址,以获取更多信息:Russ Housleyhousley@vigilsec.com

Intended usage: COMMON

预期用途:普通

Restrictions on usage: none

使用限制:无

      Author:
        Russ Housley <housley@vigilsec.com>
        
      Author:
        Russ Housley <housley@vigilsec.com>
        

Intended usage: COMMON

预期用途:普通

      Change controller:
        The IESG <iesg@ietf.org>
        
      Change controller:
        The IESG <iesg@ietf.org>
        
3. Security Considerations
3. 安全考虑

Attribute certificate issuers must encode the holder entity name in exactly the same way as the public key certificate distinguished name. If they are encoded differently, implementations may fail to recognize that the attribute certificate and public key certificate belong to the same entity.

属性证书颁发者必须以与公钥证书可分辨名称完全相同的方式对持有者实体名称进行编码。如果编码方式不同,则实现可能无法识别属性证书和公钥证书属于同一实体。

4. References
4. 工具书类
4.1. Normative References
4.1. 规范性引用文件

[RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet Attribute Certificate Profile for Authorization", RFC 5755, January 2010.

[RFC5755]Farrell,S.,Housley,R.,和S.Turner,“用于授权的互联网属性证书配置文件”,RFC 57552010年1月。

4.2. Informative References
4.2. 资料性引用

[RFC2585] Housley, R. and P. Hoffman, "Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP", RFC 2585, May 1999.

[RFC2585]Housley,R.和P.Hoffman,“Internet X.509公钥基础设施操作协议:FTP和HTTP”,RFC 25851999年5月。

[RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and Registration Procedures", BCP 13, RFC 4288, December 2005.

[RFC4288]Freed,N.和J.Klensin,“介质类型规范和注册程序”,BCP 13,RFC 4288,2005年12月。

[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.

[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。

[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation.

[X.680]ITU-T建议X.680(2002)| ISO/IEC 8824-1:2002,信息技术-抽象语法符号1(ASN.1):基本符号规范。

[X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825-1:2002, Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER).

[X.690]ITU-T建议X.690(2002)| ISO/IEC 8825-1:2002,信息技术-ASN.1编码规则:基本编码规则(BER)、规范编码规则(CER)和区分编码规则(DER)规范。

Author's Address

作者地址

Russell Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA EMail: housley@vigilsec.com

Russell Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州20170美国电子邮件:housley@vigilsec.com