RFC 5280
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
Pages: 151
Proposed Standard
→ Errata
Obsoletes: 3280 4325 4630
Updated by: 6818 8398 8399 9549 9598 9608 9618
Proposed Standard
→ Errata
Obsoletes: 3280 4325 4630
Updated by: 6818 8398 8399 9549 9598 9608 9618
Part 7 of 7 – Pages 136 to 151
Appendix C. Examples
This appendix contains four examples: three certificates and a CRL. The first two certificates and the CRL comprise a minimal certification path. Appendix C.1 contains an annotated hex dump of a "self-signed" certificate issued by a CA whose distinguished name is cn=Example CA,dc=example,dc=com. The certificate contains an RSA public key, and is signed by the corresponding RSA private key. Appendix C.2 contains an annotated hex dump of an end entity certificate. The end entity certificate contains an RSA public key, and is signed by the private key corresponding to the "self-signed" certificate in Appendix C.1. Appendix C.3 contains an annotated hex dump of an end entity certificate that contains a DSA public key with parameters, and is signed with DSA and SHA-1. This certificate is not part of the minimal certification path. Appendix C.4 contains an annotated hex dump of a CRL. The CRL is issued by the CA whose distinguished name is cn=Example CA,dc=example,dc=com and the list of revoked certificates includes the end entity certificate presented in Appendix C.2. The certificates were processed using Peter Gutmann's dumpasn1 utility to generate the output. The source for the dumpasn1 utility is available at <http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c>. The binaries for the certificates and CRLs are available at http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/pkixtools.
In places in this appendix where a distinguished name is specified using a string representation, the strings are formatted using the rules specified in [RFC4514].C.1. RSA Self-Signed Certificate
This appendix contains an annotated hex dump of a 578 byte version 3 certificate. The certificate contains the following information: (a) the serial number is 17; (b) the certificate is signed with RSA and the SHA-1 hash algorithm; (c) the issuer's distinguished name is cn=Example CA,dc=example,dc=com; (d) the subject's distinguished name is cn=Example CA,dc=example,dc=com; (e) the certificate was issued on April 30, 2004 and expired on April 30, 2005; (f) the certificate contains a 1024-bit RSA public key; (g) the certificate contains a subject key identifier extension generated using method (1) of Section 4.2.1.2; and (h) the certificate is a CA certificate (as indicated through the basic constraints extension). 0 574: SEQUENCE { 4 423: SEQUENCE { 8 3: [0] { 10 1: INTEGER 2 : } 13 1: INTEGER 17 16 13: SEQUENCE { 18 9: OBJECT IDENTIFIER : sha1withRSAEncryption (1 2 840 113549 1 1 5) 29 0: NULL : } 31 67: SEQUENCE { 33 19: SET { 35 17: SEQUENCE { 37 10: OBJECT IDENTIFIER : domainComponent (0 9 2342 19200300 100 1 25) 49 3: IA5String 'com' : } : } 54 23: SET { 56 21: SEQUENCE { 58 10: OBJECT IDENTIFIER : domainComponent (0 9 2342 19200300 100 1 25) 70 7: IA5String 'example' : }
: }
79 19: SET {
81 17: SEQUENCE {
83 3: OBJECT IDENTIFIER commonName (2 5 4 3)
88 10: PrintableString 'Example CA'
: }
: }
: }
100 30: SEQUENCE {
102 13: UTCTime 30/04/2004 14:25:34 GMT
117 13: UTCTime 30/04/2005 14:25:34 GMT
: }
132 67: SEQUENCE {
134 19: SET {
136 17: SEQUENCE {
138 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
150 3: IA5String 'com'
: }
: }
155 23: SET {
157 21: SEQUENCE {
159 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
171 7: IA5String 'example'
: }
: }
180 19: SET {
182 17: SEQUENCE {
184 3: OBJECT IDENTIFIER commonName (2 5 4 3)
189 10: PrintableString 'Example CA'
: }
: }
: }
201 159: SEQUENCE {
204 13: SEQUENCE {
206 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
217 0: NULL
: }
219 141: BIT STRING, encapsulates {
223 137: SEQUENCE {
226 129: INTEGER
: 00 C2 D7 97 6D 28 70 AA 5B CF 23 2E 80 70 39 EE
: DB 6F D5 2D D5 6A 4F 7A 34 2D F9 22 72 47 70 1D
: EF 80 E9 CA 30 8C 00 C4 9A 6E 5B 45 B4 6E A5 E6
: 6C 94 0D FA 91 E9 40 FC 25 9D C7 B7 68 19 56 8F
: 11 70 6A D7 F1 C9 11 4F 3A 7E 3F 99 8D 6E 76 A5
: 74 5F 5E A4 55 53 E5 C7 68 36 53 C7 1D 3B 12 A6
: 85 FE BD 6E A1 CA DF 35 50 AC 08 D7 B9 B4 7E 5C
: FE E2 A3 2C D1 23 84 AA 98 C0 9B 66 18 9A 68 47
: E9
358 3: INTEGER 65537
: }
: }
: }
363 66: [3] {
365 64: SEQUENCE {
367 29: SEQUENCE {
369 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
374 22: OCTET STRING, encapsulates {
376 20: OCTET STRING
: 08 68 AF 85 33 C8 39 4A 7A F8 82 93 8E 70 6A 4A
: 20 84 2C 32
: }
: }
398 14: SEQUENCE {
400 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
405 1: BOOLEAN TRUE
408 4: OCTET STRING, encapsulates {
410 2: BIT STRING 1 unused bits
: '0000011'B
: }
: }
414 15: SEQUENCE {
416 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
421 1: BOOLEAN TRUE
424 5: OCTET STRING, encapsulates {
426 3: SEQUENCE {
428 1: BOOLEAN TRUE
: }
: }
: }
: }
: }
: }
431 13: SEQUENCE {
433 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
444 0: NULL
: }
446 129: BIT STRING
: 6C F8 02 74 A6 61 E2 64 04 A6 54 0C 6C 72 13 AD
: 3C 47 FB F6 65 13 A9 85 90 33 EA 76 A3 26 D9 FC
: D1 0E 15 5F 28 B7 EF 93 BF 3C F3 E2 3E 7C B9 52
: FC 16 6E 29 AA E1 F4 7A 6F D5 7F EF B3 95 CA F3
: 66 88 83 4E A1 35 45 84 CB BC 9B B8 C8 AD C5 5E
: 46 D9 0B 0E 8D 80 E1 33 2B DC BE 2B 92 7E 4A 43
: A9 6A EF 8A 63 61 B3 6E 47 38 BE E8 0D A3 67 5D
: F3 FA 91 81 3C 92 BB C5 5F 25 25 EB 7C E7 D8 A1
: }
C.2. End Entity Certificate Using RSA
This appendix contains an annotated hex dump of a 629-byte version 3
certificate. The certificate contains the following information:
(a) the serial number is 18;
(b) the certificate is signed with RSA and the SHA-1 hash algorithm;
(c) the issuer's distinguished name is
cn=Example CA,dc=example,dc=com;
(d) the subject's distinguished name is
cn=End Entity,dc=example,dc=com;
(e) the certificate was valid from September 15, 2004 through March
15, 2005;
(f) the certificate contains a 1024-bit RSA public key;
(g) the certificate is an end entity certificate, as the basic
constraints extension is not present;
(h) the certificate contains an authority key identifier extension
matching the subject key identifier of the certificate in
appendix C.1; and
(i) the certificate includes one alternative name -- an electronic
mail address (rfc822Name) of "end.entity@example.com".
0 625: SEQUENCE {
4 474: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 1: INTEGER 18
16 13: SEQUENCE {
18 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
29 0: NULL
: }
31 67: SEQUENCE {
33 19: SET {
35 17: SEQUENCE {
37 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
49 3: IA5String 'com'
: }
: }
54 23: SET {
56 21: SEQUENCE {
58 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
70 7: IA5String 'example'
: }
: }
79 19: SET {
81 17: SEQUENCE {
83 3: OBJECT IDENTIFIER commonName (2 5 4 3)
88 10: PrintableString 'Example CA'
: }
: }
: }
100 30: SEQUENCE {
102 13: UTCTime 15/09/2004 11:48:21 GMT
117 13: UTCTime 15/03/2005 11:48:21 GMT
: }
132 67: SEQUENCE {
134 19: SET {
136 17: SEQUENCE {
138 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
150 3: IA5String 'com'
: }
: }
155 23: SET {
157 21: SEQUENCE {
159 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
171 7: IA5String 'example'
: }
: }
180 19: SET {
182 17: SEQUENCE {
184 3: OBJECT IDENTIFIER commonName (2 5 4 3)
189 10: PrintableString 'End Entity'
: }
: }
: }
201 159: SEQUENCE {
204 13: SEQUENCE {
206 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
217 0: NULL
: }
219 141: BIT STRING, encapsulates {
223 137: SEQUENCE {
226 129: INTEGER
: 00 E1 6A E4 03 30 97 02 3C F4 10 F3 B5 1E 4D 7F
: 14 7B F6 F5 D0 78 E9 A4 8A F0 A3 75 EC ED B6 56
: 96 7F 88 99 85 9A F2 3E 68 77 87 EB 9E D1 9F C0
: B4 17 DC AB 89 23 A4 1D 7E 16 23 4C 4F A8 4D F5
: 31 B8 7C AA E3 1A 49 09 F4 4B 26 DB 27 67 30 82
: 12 01 4A E9 1A B6 C1 0C 53 8B 6C FC 2F 7A 43 EC
: 33 36 7E 32 B2 7B D5 AA CF 01 14 C6 12 EC 13 F2
: 2D 14 7A 8B 21 58 14 13 4C 46 A3 9A F2 16 95 FF
: 23
358 3: INTEGER 65537
: }
: }
: }
363 117: [3] {
365 115: SEQUENCE {
367 33: SEQUENCE {
369 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
374 26: OCTET STRING, encapsulates {
376 24: SEQUENCE {
378 22: [1] 'end.entity@example.com'
: }
: }
: }
402 29: SEQUENCE {
404 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
409 22: OCTET STRING, encapsulates {
411 20: OCTET STRING
: 17 7B 92 30 FF 44 D6 66 E1 90 10 22 6C 16 4F C0
: 8E 41 DD 6D
: }
: }
433 31: SEQUENCE {
435 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
440 24: OCTET STRING, encapsulates {
442 22: SEQUENCE {
444 20: [0]
: 08 68 AF 85 33 C8 39 4A 7A F8 82 93 8E 70 6A
: 4A 20 84 2C 32
: }
: }
: }
466 14: SEQUENCE {
468 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
473 1: BOOLEAN TRUE
476 4: OCTET STRING, encapsulates {
478 2: BIT STRING 6 unused bits
: '11'B
: }
: }
: }
: }
: }
482 13: SEQUENCE {
484 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
495 0: NULL
: }
497 129: BIT STRING
: 00 20 28 34 5B 68 32 01 BB 0A 36 0E AD 71 C5 95
: 1A E1 04 CF AE AD C7 62 14 A4 1B 36 31 C0 E2 0C
: 3D D9 1E C0 00 DC 10 A0 BA 85 6F 41 CB 62 7A B7
: 4C 63 81 26 5E D2 80 45 5E 33 E7 70 45 3B 39 3B
: 26 4A 9C 3B F2 26 36 69 08 79 BB FB 96 43 77 4B
: 61 8B A1 AB 91 64 E0 F3 37 61 3C 1A A3 A4 C9 8A
: B2 BF 73 D4 4D E4 58 E4 62 EA BC 20 74 92 86 0E
: CE 84 60 76 E9 73 BB C7 85 D3 91 45 EA 62 5D CD
: }
C.3. End Entity Certificate Using DSA
This appendix contains an annotated hex dump of a 914-byte version 3
certificate. The certificate contains the following information:
(a) the serial number is 256;
(b) the certificate is signed with DSA and the SHA-1 hash algorithm;
(c) the issuer's distinguished name is cn=Example DSA
CA,dc=example,dc=com;
(d) the subject's distinguished name is cn=DSA End
Entity,dc=example,dc=com;
(e) the certificate was issued on May 2, 2004 and expired on May 2,
2005;
(f) the certificate contains a 1024-bit DSA public key with
parameters;
(g) the certificate is an end entity certificate (not a CA
certificate);
(h) the certificate includes a subject alternative name of
"<http://www.example.com/users/DSAendentity.html>" and an issuer
alternative name of "<http://www.example.com>" -- both are URLs;
(i) the certificate includes an authority key identifier extension
and a certificate policies extension specifying the policy OID
2.16.840.1.101.3.2.1.48.9; and
(j) the certificate includes a critical key usage extension
specifying that the public key is intended for verification of
digital signatures.
0 910: SEQUENCE {
4 846: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 2: INTEGER 256
17 9: SEQUENCE {
19 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: }
28 71: SEQUENCE {
30 19: SET {
32 17: SEQUENCE {
34 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
46 3: IA5String 'com'
: }
: }
51 23: SET {
53 21: SEQUENCE {
55 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
67 7: IA5String 'example'
: }
: }
76 23: SET {
78 21: SEQUENCE {
80 3: OBJECT IDENTIFIER commonName (2 5 4 3)
85 14: PrintableString 'Example DSA CA'
: }
: }
: }
101 30: SEQUENCE {
103 13: UTCTime 02/05/2004 16:47:38 GMT
118 13: UTCTime 02/05/2005 16:47:38 GMT
: }
133 71: SEQUENCE {
135 19: SET {
137 17: SEQUENCE {
139 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
151 3: IA5String 'com'
: }
: }
156 23: SET {
158 21: SEQUENCE {
160 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
172 7: IA5String 'example'
: }
: }
181 23: SET {
183 21: SEQUENCE {
185 3: OBJECT IDENTIFIER commonName (2 5 4 3)
190 14: PrintableString 'DSA End Entity'
: }
: }
: }
206 439: SEQUENCE {
210 300: SEQUENCE {
214 7: OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
223 287: SEQUENCE {
227 129: INTEGER
: 00 B6 8B 0F 94 2B 9A CE A5 25 C6 F2 ED FC FB 95
: 32 AC 01 12 33 B9 E0 1C AD 90 9B BC 48 54 9E F3
: 94 77 3C 2C 71 35 55 E6 FE 4F 22 CB D5 D8 3E 89
: 93 33 4D FC BD 4F 41 64 3E A2 98 70 EC 31 B4 50
: DE EB F1 98 28 0A C9 3E 44 B3 FD 22 97 96 83 D0
: 18 A3 E3 BD 35 5B FF EE A3 21 72 6A 7B 96 DA B9
: 3F 1E 5A 90 AF 24 D6 20 F0 0D 21 A7 D4 02 B9 1A
: FC AC 21 FB 9E 94 9E 4B 42 45 9E 6A B2 48 63 FE
: 43
359 21: INTEGER
: 00 B2 0D B0 B1 01 DF 0C 66 24 FC 13 92 BA 55 F7
: 7D 57 74 81 E5
382 129: INTEGER
: 00 9A BF 46 B1 F5 3F 44 3D C9 A5 65 FB 91 C0 8E
: 47 F1 0A C3 01 47 C2 44 42 36 A9 92 81 DE 57 C5
: E0 68 86 58 00 7B 1F F9 9B 77 A1 C5 10 A5 80 91
: 78 51 51 3C F6 FC FC CC 46 C6 81 78 92 84 3D F4
: 93 3D 0C 38 7E 1A 5B 99 4E AB 14 64 F6 0C 21 22
: 4E 28 08 9C 92 B9 66 9F 40 E8 95 F6 D5 31 2A EF
: 39 A2 62 C7 B2 6D 9E 58 C4 3A A8 11 81 84 6D AF
: F8 B4 19 B4 C2 11 AE D0 22 3B AA 20 7F EE 1E 57
: 18
: }
: }
514 132: BIT STRING, encapsulates {
518 128: INTEGER
: 30 B6 75 F7 7C 20 31 AE 38 BB 7E 0D 2B AB A0 9C
: 4B DF 20 D5 24 13 3C CD 98 E5 5F 6C B7 C1 BA 4A
: BA A9 95 80 53 F0 0D 72 DC 33 37 F4 01 0B F5 04
: 1F 9D 2E 1F 62 D8 84 3A 9B 25 09 5A 2D C8 46 8E
: 2B D4 F5 0D 3B C7 2D C6 6C B9 98 C1 25 3A 44 4E
: 8E CA 95 61 35 7C CE 15 31 5C 23 13 1E A2 05 D1
: 7A 24 1C CB D3 72 09 90 FF 9B 9D 28 C0 A1 0A EC
: 46 9F 0D B8 D0 DC D0 18 A6 2B 5E F9 8F B5 95 BE
: }
: }
649 202: [3] {
652 199: SEQUENCE {
655 57: SEQUENCE {
657 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
662 50: OCTET STRING, encapsulates {
664 48: SEQUENCE {
666 46: [6]
: 'http://www.example.com/users/DSAendentity.'
: 'html'
: }
: }
: }
714 33: SEQUENCE {
716 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
721 26: OCTET STRING, encapsulates {
723 24: SEQUENCE {
725 22: [6] 'http://www.example.com'
: }
: }
: }
749 29: SEQUENCE {
751 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
756 22: OCTET STRING, encapsulates {
758 20: OCTET STRING
: DD 25 66 96 43 AB 78 11 43 44 FE 95 16 F9 D9 B6
: B7 02 66 8D
: }
: }
780 31: SEQUENCE {
782 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
787 24: OCTET STRING, encapsulates {
789 22: SEQUENCE {
791 20: [0]
: 86 CA A5 22 81 62 EF AD 0A 89 BC AD 72 41 2C
: 29 49 F4 86 56
: }
: }
: }
813 23: SEQUENCE {
815 3: OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
820 16: OCTET STRING, encapsulates {
822 14: SEQUENCE {
824 12: SEQUENCE {
826 10: OBJECT IDENTIFIER '2 16 840 1 101 3 2 1 48 9'
: }
: }
: }
: }
838 14: SEQUENCE {
840 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
845 1: BOOLEAN TRUE
848 4: OCTET STRING, encapsulates {
850 2: BIT STRING 7 unused bits
: '1'B (bit 0)
: }
: }
: }
: }
: }
854 9: SEQUENCE {
856 7: OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
: }
865 47: BIT STRING, encapsulates {
868 44: SEQUENCE {
870 20: INTEGER
: 65 57 07 34 DD DC CA CC 5E F4 02 F4 56 42 2C 5E
: E1 B3 3B 80
892 20: INTEGER
: 60 F4 31 17 CA F4 CF FF EE F4 08 A7 D9 B2 61 BE
: B1 C3 DA BF
: }
: }
: }
C.4. Certificate Revocation List
This appendix contains an annotated hex dump of a version 2 CRL with
two extensions (cRLNumber and authorityKeyIdentifier). The CRL was
issued by cn=Example CA,dc=example,dc=com on February 5, 2005; the
next scheduled issuance was February 6, 2005. The CRL includes one
revoked certificate: serial number 18, which was revoked on November
19, 2004 due to keyCompromise. The CRL itself is number 12, and it
was signed with RSA and SHA-1.
0 352: SEQUENCE {
4 202: SEQUENCE {
7 1: INTEGER 1
10 13: SEQUENCE {
12 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
23 0: NULL
: }
25 67: SEQUENCE {
27 19: SET {
29 17: SEQUENCE {
31 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
43 3: IA5String 'com'
: }
: }
48 23: SET {
50 21: SEQUENCE {
52 10: OBJECT IDENTIFIER
: domainComponent (0 9 2342 19200300 100 1 25)
64 7: IA5String 'example'
: }
: }
73 19: SET {
75 17: SEQUENCE {
77 3: OBJECT IDENTIFIER commonName (2 5 4 3)
82 10: PrintableString 'Example CA'
: }
: }
: }
94 13: UTCTime 05/02/2005 12:00:00 GMT
109 13: UTCTime 06/02/2005 12:00:00 GMT
124 34: SEQUENCE {
126 32: SEQUENCE {
128 1: INTEGER 18
131 13: UTCTime 19/11/2004 15:57:03 GMT
146 12: SEQUENCE {
148 10: SEQUENCE {
150 3: OBJECT IDENTIFIER cRLReason (2 5 29 21)
155 3: OCTET STRING, encapsulates {
157 1: ENUMERATED 1
: }
: }
: }
: }
: }
160 47: [0] {
162 45: SEQUENCE {
164 31: SEQUENCE {
166 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
171 24: OCTET STRING, encapsulates {
173 22: SEQUENCE {
175 20: [0]
: 08 68 AF 85 33 C8 39 4A 7A F8 82 93 8E 70 6A
: 4A 20 84 2C 32
: }
: }
: }
197 10: SEQUENCE {
199 3: OBJECT IDENTIFIER cRLNumber (2 5 29 20)
204 3: OCTET STRING, encapsulates {
206 1: INTEGER 12
: }
: }
: }
: }
: }
209 13: SEQUENCE {
211 9: OBJECT IDENTIFIER
: sha1withRSAEncryption (1 2 840 113549 1 1 5)
222 0: NULL
: }
224 129: BIT STRING
: 22 DC 18 7D F7 08 CE CC 75 D0 D0 6A 9B AD 10 F4
: 76 23 B4 81 6E B5 6D BE 0E FB 15 14 6C C8 17 6D
: 1F EE 90 17 A2 6F 60 E4 BD AA 8C 55 DE 8E 84 6F
: 92 F8 9F 10 12 27 AF 4A D4 2F 85 E2 36 44 7D AA
: A3 4C 25 38 15 FF 00 FD 3E 7E EE 3D 26 12 EB D8
: E7 2B 62 E2 2B C3 46 80 EF 78 82 D1 15 C6 D0 9C
: 72 6A CB CE 7A ED 67 99 8B 6E 70 81 7D 43 42 74
: C1 A6 AF C1 55 17 A2 33 4C D6 06 98 2B A4 FC 2E
: }
Authors' Addresses
David Cooper National Institute of Standards and Technology 100 Bureau Drive, Mail Stop 8930 Gaithersburg, MD 20899-8930 USA EMail: david.cooper@nist.gov Stefan Santesson Microsoft One Microsoft Way Redmond, WA 98052 USA EMail: stefans@microsoft.com Stephen Farrell Distributed Systems Group Computer Science Department Trinity College Dublin Ireland EMail: stephen.farrell@cs.tcd.ie Sharon Boeyen Entrust 1000 Innovation Drive Ottawa, Ontario Canada K2K 3E7 EMail: sharon.boeyen@entrust.com Russell Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA EMail: housley@vigilsec.com Tim Polk National Institute of Standards and Technology 100 Bureau Drive, Mail Stop 8930 Gaithersburg, MD 20899-8930 USA EMail: wpolk@nist.gov
Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.