Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 7299

Object Identifier Registry for the PKIX Working Group

Pages: 30
Informational
Updated by:  9158
Part 2 of 2 – Pages 16 to 30
First   Prev   None

Top   ToC   RFC7299 - Page 16   prevText

3.16. "SMI Security for PKIX Attribute Certificate Attributes" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Attribute Certificate Attributes (1.3.6.1.5.5.7.10)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-aca-authenticationInfo [RFC3281] 2 id-aca-accessIdentity [RFC3281] 3 id-aca-chargingIdentity [RFC3281] 4 id-aca-group [RFC3281] 5 id-aca-role Reserved and Obsolete 6 id-aca-encAttrs [RFC3281] 7 id-aca-wlanSSID [RFC4334] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.17. "SMI Security for PKIX Qualified Certificate Statements" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Qualified Certificate Statements (1.3.6.1.5.5.7.11)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-qcs-pkixQCSyntax-v1 [RFC3039] 2 id-qcs-pkixQCSyntax-v2 [RFC3739] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.18. "SMI Security for PKIX CMC Content Types" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX CMC Content Types (1.3.6.1.5.5.7.12)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-cct-crs Reserved and Obsolete 2 id-cct-PKIData [RFC2797] 3 id-cct-PKIResponse [RFC2797] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 17

3.19. "SMI Security for PKIX OIDs Used Only for Testing" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX OIDs used Only for Testing (1.3.6.1.5.5.7.13)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-TEST-certPolicyOne [RFC7229] 2 id-TEST-certPolicyTwo [RFC7229] 3 id-TEST-certPolicyThree [RFC7229] 4 id-TEST-certPolicyFour [RFC7229] 5 id-TEST-certPolicyFive [RFC7229] 6 id-TEST-certPolicySix [RFC7229] 7 id-TEST-certPolicySeven [RFC7229] 8 id-TEST-certPolicyEight [RFC7229] Note: The object identifiers in this table should not appear on the public Internet. These object identifiers are ONLY for TESTING. Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.20. "SMI Security for PKIX Certificate Policies" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Certificate Policies (1.3.6.1.5.5.7.14)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-cp-sbgpCertificatePolicy Reserved and Obsolete 2 id-cp-ipAddr-asNumber [RFC6484] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.21. "SMI Security for PKIX CMC Error Types" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX CMC Error Types (1.3.6.1.5.5.7.15)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-cet-skdFailInfo [RFC5275]
Top   ToC   RFC7299 - Page 18
   Future updates to this table are to be made according to the
   Specification Required policy as defined in [RFC5226].

3.22. "SMI Security for PKIX Revocation Information Types" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Revocation Information Types (1.3.6.1.5.5.7.16)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-ri-crl [RFC5940] 2 id-ri-ocsp-response [RFC5940] 3 id-ri-delta-crl [RFC5940] 4 id-ri-scvp [RFC5940] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.23. "SMI Security for PKIX SCVP Check Types" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Check Types (1.3.6.1.5.5.7.17)" table with three columns has been added: Decimal Description References ------- ------------------------------------------------ ---------- 1 id-stc-build-pkc-path [RFC5055] 2 id-stc-build-valid-pkc-path [RFC5055] 3 id-stc-build-status-checked-pkc-path [RFC5055] 4 id-stc-build-aa-path [RFC5055] 5 id-stc-build-valid-aa-path [RFC5055] 6 id-stc-build-status-checked-aa-path [RFC5055] 7 id-stc-status-check-ac-and-build-status-checked-aa-path [RFC5055] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 19

3.24. "SMI Security for PKIX SCVP Want Back Types" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Want Back Types (1.3.6.1.5.5.7.18)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-swb-pkc-best-cert-path [RFC5055] 2 id-swb-pkc-revocation-info [RFC5055] 3 id-swb-pkc-cert-status Reserved and Obsolete 4 id-swb-pkc-public-key-info [RFC5055] 5 id-swb-aa-cert-path [RFC5055] 6 id-swb-aa-revocation-info [RFC5055] 7 id-swb-ac-revocation-info [RFC5055] 8 id-swb-ac-cert-status Reserved and Obsolete 9 id-swb-relayed-responses [RFC5055] 10 id-swb-pkc-cert [RFC5055] 11 id-swb-ac-cert [RFC5055] 12 id-swb-pkc-all-cert-paths [RFC5055] 13 id-swb-pkc-ee-revocation-info [RFC5055] 14 id-swb-pkc-CAs-revocation-info [RFC5055] 15 id-swb-partial-cert-path [RFC5276] 16 id-swb-ers-pkc-cert [RFC5276] 17 id-swb-ers-best-cert-path [RFC5276] 18 id-swb-ers-partial-cert-path [RFC5276] 19 id-swb-ers-revocation-info [RFC5276] 20 id-swb-ers-all [RFC5276] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 20

3.25. "SMI Security for PKIX SCVP Validation Policies and Algorithms" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Validation Policies and Algorithms (1.3.6.1.5.5.7.19)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-svp-defaultValPolicy [RFC5055] 2 id-svp-nameValAlg [RFC5055] 3 id-svp-basicValAlg [RFC5055] 4 id-svp-dnValAlg [RFC5055] Note: id-svp-nameValAlg is also known as id-nvae. Note: id-svp-basicValAlg is also known as id-bvae. Note: id-svp-dnValAlg is also known as id-dnvae and id-nva-dnCompAlg. Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.26. "SMI Security for PKIX SCVP Name Validation Policy Errors" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Name Validation Policy Errors (1.3.6.1.5.5.7.19.2)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-nvae-name-mismatch [RFC5055] 2 id-nvae-no-name [RFC5055] 3 id-nvae-unknown-alg [RFC5055] 4 id-nvae-bad-name [RFC5055] 5 id-nvae-bad-name-type [RFC5055] 6 id-nvae-mixed-names [RFC5055] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 21

3.27. "SMI Security for PKIX SCVP Basic Validation Policy Errors" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Basic Validation Policy Errors (1.3.6.1.5.5.7.19.3)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-bvae-expired [RFC5055] 2 id-bvae-not-yet-valid [RFC5055] 3 id-bvae-wrongTrustAnchor [RFC5055] 4 id-bvae-noValidCertPath [RFC5055] 5 id-bvae-revoked [RFC5055] 9 id-bvae-invalidKeyPurpose [RFC5055] 10 id-bvae-invalidKeyUsage [RFC5055] 11 id-bvae-invalidCertPolicy [RFC5055] 12 id-bvae-invalidName Reserved and Obsolete 13 id-bvae-invalidEntity Reserved and Obsolete 14 id-bvae-invalidPathDepth Reserved and Obsolete Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.28. "SMI Security for PKIX SCVP Distinguished Name Validation Policy Errors" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX SCVP Distinguished Name Validation Policy Errors (1.3.6.1.5.5.7.19.4)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- Note: This table is currently empty. Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 22

3.29. "SMI Security for PKIX Other Logotype Identifiers" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Other Logotype Identifiers (1.3.6.1.5.5.7.20)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-logo-loyalty [RFC3709] 2 id-logo-background [RFC3709] 3 id-logo-certImage [RFC6170] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.30. "SMI Security for PKIX Proxy Certificate Policy Languages" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Proxy Certificate Policy Languages (1.3.6.1.5.5.7.21)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 0 id-ppl-anyLanguage [RFC3820] 1 id-ppl-inheritAll [RFC3820] 2 id-ppl-independent [RFC3820] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.31. "SMI Security for PKIX Proxy Matching Rules" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Proxy Matching Rules (1.3.6.1.5.5.7.22)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-mr-pkix-alphanum-ids Reserved and Obsolete Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 23

3.32. "SMI Security for PKIX Subject Key Identifier Semantics" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Subject Key Identifier Semantics (1.3.6.1.5.5.7.23)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-skis-keyHash Reserved and Obsolete 2 id-skis-4BitKeyHash Reserved and Obsolete 3 id-skis-keyInfoHash Reserved and Obsolete Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

3.33. "SMI Security for PKIX Access Descriptor" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Access Descriptor (1.3.6.1.5.5.7.48)" table with three columns has been added: Decimal Description References ------- ------------------------------ --------------------- 1 id-ad-ocsp [RFC2459] 2 id-ad-caIssuers [RFC2459] 3 id-ad-timestamping [RFC3161] 4 id-ad-dvcs [RFC3029] 5 id-ad-caRepository [RFC3280] 6 id-ad-http-certs [RFC4387] 7 id-ad-http-crls [RFC4387] 8 id-ad-xkms Reserved and Obsolete 9 id-ad-signedObjectRepository Reserved and Obsolete 10 id-ad-rpkiManifest [RFC6487] 11 id-ad-signedObject [RFC6487] 12 id-ad-cmc [RFC6402] Note: id-ad-ocsp is also known as id-pkix-ocsp. Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].
Top   ToC   RFC7299 - Page 24

3.34. "SMI Security for PKIX Online Certificate Status Protocol (OCSP)" Registry

Within the SMI-numbers registry, an "SMI Security for PKIX Online Certificate Status Protocol (OCSP) (1.3.6.1.5.5.7.48.1)" table with three columns has been added: Decimal Description References ------- ------------------------------ ---------- 1 id-pkix-ocsp-basic [RFC2560] 2 id-pkix-ocsp-nonce [RFC2560] 3 id-pkix-ocsp-crl [RFC2560] 4 id-pkix-ocsp-response [RFC2560] 5 id-pkix-ocsp-nocheck [RFC2560] 6 id-pkix-ocsp-archive-cutoff [RFC2560] 7 id-pkix-ocsp-service-locator [RFC2560] 8 id-pkix-ocsp-pref-sig-algs [RFC6277] 9 id-pkix-ocsp-extended-revoke [RFC6960] Future updates to this table are to be made according to the Specification Required policy as defined in [RFC5226].

4. Security Considerations

This document populates an IANA registry, and it raises no new security considerations. The protocols that specify these values include the security considerations associated with their usage. The id-pe-nsa certificate extension should not appear in any certificate that is used on the public Internet.
Top   ToC   RFC7299 - Page 25

5. References

5.1. Normative References

[ASN1-08] International Telecommunication Union, "Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, November 2008. [ASN1-88] International Telephone and Telegraph Consultative Committee, "Specification of Abstract Syntax Notation One (ASN.1)", CCITT Recommendation X.208, 1988. [ASN1-97] International Telecommunication Union, "Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, 1997. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

5.2. Informative References

[Err3860] RFC Errata, Errata ID 3860, RFC 6402, <http://www.rfc-editor.org/>. [Abley] Abley, J., Schlyter, J., and G. Bailey, "DNSSEC Trust Anchor Publication for the Root Zone", Work in Progress, June 2014. [BGPSEC] Reynolds, M., Turner, S., and S. Kent, "A Profile for BGPSEC Router Certificates, Certificate Revocation Lists, and Certification Requests", Work in Progress, March 2014. [RFC2459] Housley, R., Ford, W., Polk, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile", RFC 2459, January 1999. [RFC2510] Adams, C. and S. Farrell, "Internet X.509 Public Key Infrastructure Certificate Management Protocols", RFC 2510, March 1999. [RFC2511] Myers, M., Adams, C., Solo, D., and D. Kemp, "Internet X.509 Certificate Request Message Format", RFC 2511, March 1999.
Top   ToC   RFC7299 - Page 26
   [RFC2528]  Housley, R. and W. Polk, "Internet X.509 Public Key
              Infrastructure Representation of Key Exchange Algorithm
              (KEA) Keys in Internet X.509 Public Key Infrastructure
              Certificates", RFC 2528, March 1999.

   [RFC2560]  Myers, M., Ankney, R., Malpani, A., Galperin, S., and C.
              Adams, "X.509 Internet Public Key Infrastructure Online
              Certificate Status Protocol - OCSP", RFC 2560, June 1999.

   [RFC2797]  Myers, M., Liu, X., Schaad, J., and J. Weinstein,
              "Certificate Management Messages over CMS", RFC 2797,
              April 2000.

   [RFC2875]  Prafullchandra, H. and J. Schaad, "Diffie-Hellman
              Proof-of-Possession Algorithms", RFC 2875, July 2000.

   [RFC3029]  Adams, C., Sylvester, P., Zolotarev, M., and R.
              Zuccherato, "Internet X.509 Public Key Infrastructure Data
              Validation and Certification Server Protocols", RFC 3029,
              February 2001.

   [RFC3039]  Santesson, S., Polk, W., Barzin, P., and M. Nystrom,
              "Internet X.509 Public Key Infrastructure Qualified
              Certificates Profile", RFC 3039, January 2001.

   [RFC3161]  Adams, C., Cain, P., Pinkas, D., and R. Zuccherato,
              "Internet X.509 Public Key Infrastructure Time-Stamp
              Protocol (TSP)", RFC 3161, August 2001.

   [RFC3279]  Bassham, L., Polk, W., and R. Housley, "Algorithms and
              Identifiers for the Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 3279, April 2002.

   [RFC3280]  Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
              X.509 Public Key Infrastructure Certificate and
              Certificate Revocation List (CRL) Profile", RFC 3280,
              April 2002.

   [RFC3281]  Farrell, S. and R. Housley, "An Internet Attribute
              Certificate Profile for Authorization", RFC 3281,
              April 2002.

   [RFC3709]  Santesson, S., Housley, R., and T. Freeman, "Internet
              X.509 Public Key Infrastructure: Logotypes in X.509
              Certificates", RFC 3709, February 2004.
Top   ToC   RFC7299 - Page 27
   [RFC3739]  Santesson, S., Nystrom, M., and T. Polk, "Internet X.509
              Public Key Infrastructure: Qualified Certificates
              Profile", RFC 3739, March 2004.

   [RFC3770]  Housley, R. and T. Moore, "Certificate Extensions and
              Attributes Supporting Authentication in Point-to-Point
              Protocol (PPP) and Wireless Local Area Networks (WLAN)",
              RFC 3770, May 2004.

   [RFC3779]  Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP
              Addresses and AS Identifiers", RFC 3779, June 2004.

   [RFC3820]  Tuecke, S., Welch, V., Engert, D., Pearlman, L., and M.
              Thompson, "Internet X.509 Public Key Infrastructure (PKI)
              Proxy Certificate Profile", RFC 3820, June 2004.

   [RFC3920]  Saint-Andre, P., Ed., "Extensible Messaging and Presence
              Protocol (XMPP): Core", RFC 3920, October 2004.

   [RFC4043]  Pinkas, D. and T. Gindin, "Internet X.509 Public Key
              Infrastructure Permanent Identifier", RFC 4043, May 2005.

   [RFC4055]  Schaad, J., Kaliski, B., and R. Housley, "Additional
              Algorithms and Identifiers for RSA Cryptography for use in
              the Internet X.509 Public Key Infrastructure Certificate
              and Certificate Revocation List (CRL) Profile", RFC 4055,
              June 2005.

   [RFC4059]  Linsenbardt, D., Pontius, S., and A. Sturgeon, "Internet
              X.509 Public Key Infrastructure Warranty Certificate
              Extension", RFC 4059, May 2005.

   [RFC4108]  Housley, R., "Using Cryptographic Message Syntax (CMS) to
              Protect Firmware Packages", RFC 4108, August 2005.

   [RFC4210]  Adams, C., Farrell, S., Kause, T., and T. Mononen,
              "Internet X.509 Public Key Infrastructure Certificate
              Management Protocol (CMP)", RFC 4210, September 2005.

   [RFC4306]  Kaufman, C., Ed., "Internet Key Exchange (IKEv2)
              Protocol", RFC 4306, December 2005.

   [RFC4334]  Housley, R. and T. Moore, "Certificate Extensions and
              Attributes Supporting Authentication in Point-to-Point
              Protocol (PPP) and Wireless Local Area Networks (WLAN)",
              RFC 4334, February 2006.
Top   ToC   RFC7299 - Page 28
   [RFC4387]  Gutmann, P., Ed., "Internet X.509 Public Key
              Infrastructure Operational Protocols: Certificate Store
              Access via HTTP", RFC 4387, February 2006.

   [RFC4476]  Francis, C. and D. Pinkas, "Attribute Certificate (AC)
              Policies Extension", RFC 4476, May 2006.

   [RFC4683]  Park, J., Lee, J., . Lee, H., Park, S., and T. Polk,
              "Internet X.509 Public Key Infrastructure Subject
              Identification Method (SIM)", RFC 4683, October 2006.

   [RFC4945]  Korver, B., "The Internet IP Security PKI Profile of
              IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007.

   [RFC4985]  Santesson, S., "Internet X.509 Public Key Infrastructure
              Subject Alternative Name for Expression of Service Name",
              RFC 4985, August 2007.

   [RFC5055]  Freeman, T., Housley, R., Malpani, A., Cooper, D., and W.
              Polk, "Server-Based Certificate Validation Protocol
              (SCVP)", RFC 5055, December 2007.

   [RFC5272]  Schaad, J. and M. Myers, "Certificate Management over CMS
              (CMC)", RFC 5272, June 2008.

   [RFC5275]  Turner, S., "CMS Symmetric Key Management and
              Distribution", RFC 5275, June 2008.

   [RFC5276]  Wallace, C., "Using the Server-Based Certificate
              Validation Protocol (SCVP) to Convey Long-Term Evidence
              Records", RFC 5276, August 2008.

   [RFC5415]  Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley,
              Ed., "Control And Provisioning of Wireless Access Points
              (CAPWAP) Protocol Specification", RFC 5415, March 2009.

   [RFC5480]  Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk,
              "Elliptic Curve Cryptography Subject Public Key
              Information", RFC 5480, March 2009.

   [RFC5697]  Farrell, S., "Other Certificates Extension", RFC 5697,
              November 2009.

   [RFC5755]  Farrell, S., Housley, R., and S. Turner, "An Internet
              Attribute Certificate Profile for Authorization",
              RFC 5755, January 2010.
Top   ToC   RFC7299 - Page 29
   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
              June 2010.

   [RFC5913]  Turner, S. and S. Chokhani, "Clearance Attribute and
              Authority Clearance Constraints Certificate Extension",
              RFC 5913, June 2010.

   [RFC5915]  Turner, S. and D. Brown, "Elliptic Curve Private Key
              Structure", RFC 5915, June 2010.

   [RFC5924]  Lawrence, S. and V. Gurbani, "Extended Key Usage (EKU) for
              Session Initiation Protocol (SIP) X.509 Certificates",
              RFC 5924, June 2010.

   [RFC5934]  Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
              Management Protocol (TAMP)", RFC 5934, August 2010.

   [RFC5940]  Turner, S. and R. Housley, "Additional Cryptographic
              Message Syntax (CMS) Revocation Information Choices",
              RFC 5940, August 2010.

   [RFC6010]  Housley, R., Ashmore, S., and C. Wallace, "Cryptographic
              Message Syntax (CMS) Content Constraints Extension",
              RFC 6010, September 2010.

   [RFC6170]  Santesson, S., Housley, R., Bajaj, S., and L. Rosenthol,
              "Internet X.509 Public Key Infrastructure -- Certificate
              Image", RFC 6170, May 2011.

   [RFC6187]  Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure
              Shell Authentication", RFC 6187, March 2011.

   [RFC6268]  Schaad, J. and S. Turner, "Additional New ASN.1 Modules
              for the Cryptographic Message Syntax (CMS) and the Public
              Key Infrastructure Using X.509 (PKIX)", RFC 6268,
              July 2011.

   [RFC6277]  Santesson, S. and P. Hallam-Baker, "Online Certificate
              Status Protocol Algorithm Agility", RFC 6277, June 2011.

   [RFC6402]  Schaad, J., "Certificate Management over CMS (CMC)
              Updates", RFC 6402, November 2011.

   [RFC6484]  Kent, S., Kong, D., Seo, K., and R. Watro, "Certificate
              Policy (CP) for the Resource Public Key Infrastructure
              (RPKI)", BCP 173, RFC 6484, February 2012.
Top   ToC   RFC7299 - Page 30
   [RFC6487]  Huston, G., Michaelson, G., and R. Loomans, "A Profile for
              X.509 PKIX Resource Certificates", RFC 6487,
              February 2012.

   [RFC6494]  Gagliano, R., Krishnan, S., and A. Kukec, "Certificate
              Profile and Certificate Management for SEcure Neighbor
              Discovery (SEND)", RFC 6494, February 2012.

   [RFC6664]  Schaad, J., "S/MIME Capabilities for Public Key
              Definitions", RFC 6664, July 2012.

   [RFC6955]  Schaad, J. and H. Prafullchandra, "Diffie-Hellman
              Proof-of-Possession Algorithms", RFC 6955, May 2013.

   [RFC6960]  Santesson, S., Myers, M., Ankney, R., Malpani, A.,
              Galperin, S., and C. Adams, "X.509 Internet Public Key
              Infrastructure Online Certificate Status Protocol - OCSP",
              RFC 6960, June 2013.

   [RFC7169]  Turner, S., "The NSA (No Secrecy Afforded) Certificate
              Extension", RFC 7169, April 1 2014.

   [RFC7229]  Housley, R., "Object Identifiers for Test Certificate
              Policies", RFC 7229, May 2014.

Acknowledgements

Many thanks to Lynne Bartholomew, David Cooper, Jim Schaad, and Sean Turner for their careful review and comments.

Author's Address

Russ Housley 918 Spring Knoll Drive Herndon, VA 20170 USA EMail: housley@vigilsec.com