Tiêu chuẩn quốc tế

Specifies extensions to the definitions of public-key
certificates and certificate revocation lists in Public Key
Cryptography for the Financial Services Industry: Certificate
Management, BSR X9.57. These extensions are in the following areas:
the keys involved, including key identifiers for subject and issuer
keys, indicators of intended or restricted key usage, and
indicators of certificate policy; name forms for a certificate
subject, a certificate issuer, or a CRL issuer, and additional
attribute information about a certificate subject; included in
CA-certificates, i.e., certificates for CAs issued by other CAs, to
facilitate the automated processing of certification paths when
multiple certificate policies are involved, e.g., when policies
vary for different applications in an environment or when
interoperation with external environments occurs; and time at which
the condition causing the revocation occurred; revocation
information from one CA to be partitioned into separate CRLs to
facilitate control of CRL sizes, and CRL extensions to support the
use of partial CRLs indicating only changes since an earlier CRL
issue.