Netscape MANAGEMENT SYSTEM 6.01 - PLUG-IN Manual page 329

Introduction to Certificate Extensions
The X.509 v3 standard for certificates also suggests that you can define your own
extensions and include them in certificates you issue. These extensions are called
private, proprietary, or custom extensions and they carry information unique to your
organization or business. Keep in mind that applications may not able to validate
certificates that contain private, critical extensions, thus preventing the use of these
certificates in a general context.
Before the X.509 v3 standard was finalized, Netscape and other companies had to
address some of the most pressing issues listed above with their own extension
definitions. For example, Netscape applications (Netscape Navigator 3.0 or higher,
and Enterprise Server 2.01 or higher) support an extension known as Netscape
Certificate Type Extension that specifies the type of certificate issued, such as
client, server, or object signing. Therefore, to maintain compatibility with older
versions of browsers that were released before the X.509 v3 specification was
finalized, certain kinds of certificates should include some of the Netscape
extensions. For details, see "Recommendations for Certificate Extension Use" on
page 331.
Note that the X.500 and X.509 specifications are controlled by the International
Telecommunication Union (ITU), an international organization that primarily
serves large telecom companies, government organizations, and other entities
concerned with the international telecommunications network. The Internet
Engineering Task Force (IETF), which controls many of the standards that underlie
the Internet, is currently developing public-key infrastructure X.509 (PKIX)
standards. These proposed standards further refine the X.509 v3 approach to
extensions for use on the Internet. The recommendations for certificates and CRLs
have reached proposed standard status and are in a document often referred to as
PKIX Part 1, which can be retrieved from
.
http://www.ietf.org/rfc/rfc2459.txt
Some explanations in this appendix also make reference to Abstract Syntax Notation
One (ASN.1) and Distinguished Encoding Rules (DER). These are specified in the
CCITT Recommendations X.208 and X.209. For a quick summary of ASN.1 and DER,
see A Layman's Guide to a Subset of ASN.1, BER, and DER, which is available at RSA
Laboratories' web site ( ).
http://www.rsa.com
Appendix C Certificate and CRL Extensions 329