Network Working GroupB. Kaliski
Request for Comments: 2314RSA Laboratories East
Category: InformationalMarch 1998

PKCS #10: Certification Request Syntax Version 1.5

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Copyright Notice

Copyright © The Internet Society (1998). All Rights Reserved.

1.  Scope

A certification request consists of a distinguished name, a public key, and optionally a set of attributes, collectively signed by the entity requesting certification. Certification requests are sent to a certification authority, who transforms the request to an X.509 public-key certificate, or a PKCS #6 extended certificate. (In what form the certification authority returns the newly signed certificate is outside the scope of this document. A PKCS #7 message is one possibility.)

The intention of including a set of attributes is twofold: to provide other information about a given entity, such as the postal address to which the signed certificate should be returned if electronic mail is not available, or a "challenge password" by which the entity may later request certificate revocation; and to provide attributes for a PKCS #6 extended certificate. A non-exhaustive list of attributes is given in PKCS #9.

Certification authorities may also require non-electronic forms of request and may return non-electronic replies. It is expected that descriptions of such forms, which are outside the scope of this document, will be available from the certification authority. The preliminary intended application of this document is to support PKCS #7 cryptographic messages, but is expected that other applications will be developed.

Author's Address

  Burt Kaliski
  RSA Laboratories East
  20 Crosby Drive
  Bedford, MA 01730
Phone:  (617) 687-7000
Email:  burt@rsa.com

Full Copyright Statement

Intellectual Property