Table of Contents
Advertisement
Before the X.509 v3 standard was finalized, Netscape and other companies had to
address some of the most pressing issues listed above with their own extension
definitions. For example, Netscape applications (Netscape Navigator 3.0 or higher,
and Enterprise Server 2.01 or higher) support an extension known as Netscape
Certificate Type Extension that specifies the type of certificate issued, such as
client, server, or object signing. Therefore, to maintain compatibility with older
versions of browsers that were released before the X.509 v3 specification was
finalized, certain kinds of certificates should include some of the Netscape
extensions.
Note that the X.500 and X.509 specifications are controlled by the International
Telecommunication Union (ITU), an international organization that primarily
serves large telecom companies, government organizations, and other entities
concerned with the international telecommunications network. The Internet
Engineering Task Force (IETF), which controls many of the standards that underlie
the Internet, is currently developing public-key infrastructure X.509 (PKIX)
standards. These proposed standards further refine the X.509 v3 approach to
extensions for use on the Internet. The recommendations for certificates and CRLs
have reached proposed standard status and are in a document often referred to as
PKIX Part 1.
Some explanations in this appendix also make reference to Abstract Syntax
Notation One (ASN.1) and Distinguished Encoding Rules (DER). These are
specified in the CCITT Recommendations X.208 and X.209. For a quick summary of
ASN.1 and DER, see A Layman's Guide to a Subset of ASN.1, BER, and DER,
which is available at RSA Laboratories' web site
Structure of Certificate Extensions
In RFC 2459, an X.509 certificate extension is defined as follows:
Extension
::=
SEQUENCE
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
Which means, a certificate extension consists of the following:
•
The object identifier (OID) for the extension; see Appendix H, "Object
Identifiers."
(http://www.rsa.com)
{
}
Appendix G
Introduction to Certificate Extensions
.
Certificate and CRL Extensions
719
Advertisement
Table of Contents
