@@ -86,12 +86,12 @@ signature algorithms. In cases where relying party systems cannot be
8686immediately updated to support new algorithms, it is useful to issue
8787certificates to subjects that convey public keys whose algorithm is
8888being phased out to maintain interoperability. However, multiple
89- certificates adds complexity to certificate management and exposes
90- limitations in applications and protocols that support a single
91- certificate chain. For this reason, it is useful to efficiently convey
92- information concerning the elements of two certificates within a single
93- certificate. This information can then be used to construct the paired
94- certificate as needed by relying parties.
89+ certificates adds complexity to certificate management for relying
90+ parties and exposes limitations in applications and protocols that
91+ support a single certificate chain. For this reason, it is useful to
92+ efficiently convey information concerning the elements of two
93+ certificates within a single certificate. This information can then be
94+ used to construct the paired certificate as needed by relying parties.
9595
9696This document specifies an X.509 v3 certificate extension that includes
9797sufficient information for a relying party to construct both paired
@@ -134,21 +134,21 @@ DCD extension.
134134# Relationship between Base Certificates and Delta Certificates
135135
136136In some public key infrastructures, it may be common to issue multiple
137- certificates to the same subject. These certificates generally contain
138- the same (or substantially similar) identity information and generally
139- have identical validity periods. The differences in certificate content
140- generally stem from the certification of different keys, where the named
141- subject may have multiple keys of different algorithms certified by
142- separate certificates. The use of different keys allows for the subject
143- to use the key that is most appropriate for a given operation and
144- intended recipient. For example, as part of an ongoing algorithm
145- migration, it is useful to use stronger algorithms when both of the
146- systems utilized by the subscriber/sender and recipient have been
147- upgraded. However, in the case where systems have not yet been updated,
148- the use of a legacy key algorithm may be required. Additionally,
149- multiple certificates may be issued to the same subject that certify
150- keys for different purposes, such as one key for signing and another
151- key for encryption.
137+ certificates to the same subject. For example, these certificates
138+ generally contain the same (or substantially similar) identity
139+ information and generally have identical validity periods. The
140+ differences in certificate content generally stem from the certification
141+ of different keys, where the named subject may have multiple keys of
142+ different algorithms certified by separate certificates. The use of
143+ different keys allows for the subject to use the key that is most
144+ appropriate for a given operation and intended recipient. For example,
145+ as part of an ongoing algorithm migration, it is useful to use stronger
146+ algorithms when both of the systems utilized by the subscriber/sender
147+ and recipient have been upgraded. However, in the case where systems
148+ have not yet been updated, the use of a legacy key algorithm may be
149+ required. Additionally, multiple certificates may be issued to the same
150+ subject that certify keys for different purposes, such as one key for
151+ signing and another key for encryption.
152152
153153The management of multiple certificates may be complex, and there
154154may be limitations in protocols regarding the handling of multiple
@@ -200,6 +200,20 @@ Certification authorities SHOULD NOT mark this extension as critical so
200200that applications that do not understand the extension will still be
201201able to process the Base Certificate.
202202
203+ The inclusion of the DCD extension within a Base Certificate is not a
204+ statement from the issuing Certification Authority of the Base
205+ Certificate that the contents of the Delta Certificate have been
206+ verified. Conversely, the DCD extension is merely a mechanism to
207+ encode the differences between two Paired Certificates. Given this,
208+ it is possible for the Base Certificate to expire prior to the Delta
209+ Certificate, and vice versa. However, the policies governing a public
210+ key infrastructure may add additional requirements for the content of
211+ the DCD extension or alignment of validity periods for Base Certificates
212+ and Delta Certificates. For example, a policy may require that the
213+ validity periods of the Base Certificate and Delta Certificate be
214+ identical, or that if the Delta Certificate is revoked, the Base
215+ Certificate must also be revoked.
216+
203217# # Delta certificate descriptor content {#dcd-extension-content}
204218
205219The DCD extension is identified with the following object identifier :
@@ -263,18 +277,21 @@ MUST certify different keys.
263277
264278If present, the extensions field contains the extensions whose
265279criticality and/or value are different in the Delta Certificate compared
266- to the Base Certificate. If the extensions field is absent, then all
267- extensions in the Delta Certificate MUST have the same
268- criticality and value as the Base Certificate. This field MUST NOT
269- contain any extension types which do not appear in the Base Certificate.
270- Additionally, the Base Certificate SHALL NOT include any extensions
271- which are not included in the Delta Certificate, with the exception of
272- the DCD extension itself. Therefore, it is not possible to add or remove
273- extensions using the DCD extension. The ordering of extensions in this
274- field MUST be relative to the ordering of the extensions as they are
275- encoded in the Delta Certificate. Maintaining this relative
276- ordering ensures that the Delta Certificate's extensions can be
277- constructed with a single pass.
280+ to the Base Certificate with the exception of the DCD extension itself.
281+ If the extensions field is absent, then all extensions in the Delta
282+ Certificate MUST have the same criticality and value as the Base
283+ Certificate (except for the DCD extension, which MUST be absent from
284+ the Delta Certificate). This field MUST NOT contain any extension types
285+ which do not appear in the Base Certificate, and this field MUST NOT
286+ contain any instance of the DCD extension (recursive Delta Certificates
287+ are not permitted). Additionally, the Base Certificate SHALL NOT include
288+ any extensions which are not included in the Delta Certificate, with the
289+ exception of the DCD extension itself. Therefore, it is not possible to
290+ add or remove extensions using the DCD extension. The ordering of
291+ extensions in this field MUST be relative to the ordering of the
292+ extensions as they are encoded in the Delta Certificate. Maintaining
293+ this relative ordering ensures that the Delta Certificate's extensions
294+ can be constructed with a single pass.
278295
279296The signatureValue field contains the value of the signature field
280297of the Delta Certificate. It MUST be present.
@@ -336,11 +353,22 @@ from a Base Certificate:
336353
337354Using the two attributes that are defined below, it is possible to
338355create Certification Signing Requests for both Base and Delta
339- Certificates within a single PKCS # 10 Certificate Signing Request.
356+ Certificates within a single PKCS # 10 Certificate Signing Request. The
357+ mechanism presented in this section need not be used exclusively by
358+ requestors for the issuance of Paired Certificates; other mechanisms
359+ (such as the submission of two Certificate Signing Requests, etc.) are
360+ also acceptable. Additionally, this document does not place any
361+ restriction on the amount of time that may elapse between the issuance
362+ of a Delta Certificate and the request of a Base Certificate; such
363+ restrictions should be defined by the policy of a particular public key
364+ infrastructure.
340365
341366The delta certificate request attribute is used to convey the requested
342367differences between the request for issuance of the Base Certificate
343- and the requested Delta Certificate.
368+ and the requested Delta Certificate. Similar to the semantics of
369+ Certificate Signing Requests in general, the Certification Authority MAY
370+ add, modify, or selectively ignore information conveyed in the attribute
371+ when issuing the corresponding Delta Certificate.
344372
345373The attribute is identified with the following object identifier :
346374
@@ -359,7 +387,8 @@ The ASN.1 syntax of the attribute is as follows:
359387DeltaCertificateRequestValue ::= SEQUENCE {
360388 subject [0] IMPLICIT Name OPTIONAL,
361389 subjectPKInfo SubjectPublicKeyInfo,
362- extensions [1] IMPLICIT Extensions{CertExtensions} OPTIONAL,
390+ extensions [1] IMPLICIT Extensions{CertExtensions}
391+ OPTIONAL,
363392 signatureAlgorithm [2] IMPLICIT AlgorithmIdentifier
364393 {SIGNATURE_ALGORITHM, {...}} OPTIONAL
365394}
@@ -551,7 +580,8 @@ id-at-deltaCertificateRequest OBJECT IDENTIFIER ::= {
551580DeltaCertificateRequestValue ::= SEQUENCE {
552581 subject [0] IMPLICIT Name OPTIONAL,
553582 subjectPKInfo SubjectPublicKeyInfo,
554- extensions [1] IMPLICIT Extensions{CertExtensions} OPTIONAL,
583+ extensions [1] IMPLICIT Extensions{CertExtensions}
584+ OPTIONAL,
555585 signatureAlgorithm [2] IMPLICIT AlgorithmIdentifier
556586 {SIGNATURE_ALGORITHM, {...}} OPTIONAL
557587}
@@ -766,7 +796,9 @@ GgzGspA2nRph
766796
767797# ## Dilithium root certificate
768798
769- This is the Dilithium root certificate. It contains a Delta Certificate Descriptor extension which includes sufficient information to recreate the ECDSA P-521 root.
799+ This is the Dilithium root certificate. It contains a Delta Certificate
800+ Descriptor extension which includes sufficient information to recreate
801+ the ECDSA P-521 root.
770802
771803~~~
772804-----BEGIN CERTIFICATE-----
@@ -1182,7 +1214,8 @@ GyUp
11821214
11831215# ## Dilithium signing end-entity certificate
11841216
1185- This is an end-entity signing certificate which certifies a Dilithium key.
1217+ This is an end-entity signing certificate which certifies a Dilithium
1218+ key.
11861219
11871220~~~
11881221-----BEGIN CERTIFICATE-----
@@ -1441,7 +1474,10 @@ CxUZH1pqqK4KFj1fY2mv9RooO2OVmxIYGzhFj56go8IbRpWlztcAAAAADRUdIy0z
14411474
14421475# ## EC signing end-entity certificate with encoded Delta Certificate
14431476
1444- This is an end-entity signing certificate which certifies an EC key. It contains a Delta Certificate Descriptor extension which includes sufficient information to recreate the Dilithium signing end-entity certificate.
1477+ This is an end-entity signing certificate which certifies an EC key. It
1478+ contains a Delta Certificate Descriptor extension which includes
1479+ sufficient information to recreate the Dilithium signing end-entity
1480+ certificate.
14451481
14461482~~~
14471483-----BEGIN CERTIFICATE-----
@@ -1963,7 +1999,10 @@ Es40EGEHbEPLIHzW347BR8iZquPCA9wspc6y8edyXcBv/g2Yhw==
19631999
19642000# ## EC dual use end-entity certificate with encoded Delta Certificate
19652001
1966- This is an end-entity key exchange certificate which certifies an EC key. It contains a Delta Certificate Descriptor extension which includes sufficient information to the recreate the EC signing end-entity certificate.
2002+ This is an end-entity key exchange certificate which certifies an EC
2003+ key. It contains a Delta Certificate Descriptor extension which includes
2004+ sufficient information to the recreate the EC signing end-entity
2005+ certificate.
19672006
19682007~~~
19692008-----BEGIN CERTIFICATE-----
0 commit comments