Cryptographic Message Syntax (CMS) Content Constraints X.509 Certificate
Extension
Abstract:
This document specifies the syntax and semantics for the
Cryptographic Message Syntax (CMS) content constraints X.509
certificate extension. This extension is used to determine whether
the public key in an X.509 public key certificate is appropriate to
use in the processing of a protected content. In particular, the CMS
content constraints certificate extension is one part of the
authorization decision; it is used when validating a digital
signature on a CMS SignedData content or validating a message
authentication code (MAC) on a CMS AuthenticatedData content or CMS
AuthEnvelopedData content. The signed or authenticated content type
is identified by an ASN.1 object identifier, and this certificate
extension indicates the content types that the certified public key
is authorized to validate. If the authorization check is successful,
the CMS content constraints certificate extension also provides
default values for absent attributes.
Trust Anchor Management Protocol (TAMP)
Abstract:
This document describes a transport independent protocol for the
management of trust anchors and community identifiers stored in a
trust anchor store. The protocol makes use of the Cryptographic
Message Syntax (CMS), and a digital signature is used to provide
integrity protection and data origin authentication. The protocol
can be used to manage trust anchor stores containing trust anchors
represented as Certificate, TBSCertificate or TrustAnchorInfo
objects.
Trust Anchor Format
Abstract:
This document describes a structure for representing trust anchor
information. A trust anchor is an authoritative entity represented
via a public key and associated data. The public key is used to
verify digital signatures and the associated data is used to
constrain the types of information or actions for which the trust
anchor is authoritative. The structures defined in this document are
intended to satisfy the format-related requirements defined in Trust
Anchor Management Requirements and for use within the context of the
Trust Anchor Management Protocol (TAMP).