X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities

Santesson, Stefan

doi:10.17487/rfc4262

Cited by 5 publications

(7 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the server is configured with an ECDSA signature certificate, either curve P-256 or curve P-384 should be used for the public key in the certificate. 12 TLS servers shall be configured with certificates issued by a CA that publishes revocation information in Online Certificate Status Protocol (OCSP) [63] responses. The CA may additionally publish revocation information in a certificate revocation list (CRL) [19].…”

Section: Server Keys and Certificatesmentioning

confidence: 99%

“…In addition, the revocation status of each certificate in the certification path shall be validated using the Online Certificate Status Protocol (OCSP) or a certificate revocation list (CRL). OCSP checking shall be in compliance with RFC 6960 [63]. 26 The CertificateVerify handshake message is sent to explicitly verify a client certificate that has a signing capability.…”

Section: Path Validationmentioning

confidence: 99%

See 1 more Smart Citation

Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations

McKay¹,

Cooper²

2019

View full text Add to dashboard Cite

AuthorityThis publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130.Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. The Special Publication 800-series reports on ITL's research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations. AbstractTransport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. It requires that TLS 1.2 configured with FIPS-based cipher suites be supported by all government TLS servers and clients and requires support for TLS 1.3 by January 1, 2024. This Special Publication also provides guidance on certificates and TLS extensions that impact security.

show abstract

Section: Server Keys and Certificatesmentioning

confidence: 99%

Section: Path Validationmentioning

confidence: 99%

Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations

McKay¹,

Cooper²

2019

View full text Add to dashboard Cite

show abstract

“…S/MIME MUAs conforming to this specification MUST be able to interpret any S/MIME capabilities (defined in [RFC4262]) in any certificates that it receives through SMIMEA records.…”

Section: Email Address Variants and Internationalization Considerationsmentioning

confidence: 99%

Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Schlyter¹,

Hoffman²

2017

View full text Add to dashboard Cite

show abstract

“…When placed in an S/MIME message [SMIME-MSG] or in a certificate [RFC4262], it is always placed in a sequence of capabilities. This means that one could place the identifier for RSASSA-PSS in the sequence along with the identifier for MD5, SHA-1, and SHA-256.…”

Section: Rsassa-pss Signature Algorithm Capabilitymentioning

confidence: 99%

S/MIME Capabilities for Public Key Definitions

Schaad¹

2012

View full text Add to dashboard Cite

show abstract

X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities

Cited by 5 publications

References 2 publications

Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations

Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations

Using Secure DNS to Associate Certificates with Domain Names for S/MIME

S/MIME Capabilities for Public Key Definitions

Contact Info

Product

Resources

About