Cryptographic Message Syntax Content Constraints Extension
RFC 6010, “Cryptographic Message Syntax Content Constraints Extension”, is a Proposed Standard document published in September 2010 by R. Housley, S. Ashmore, C. Wallace. The canonical text is published by the RFC Editor.
Abstract
This document specifies the syntax and semantics for the Cryptographic Message Syntax (CMS) content constraints extension. This extension is used to determine whether a public key is appropriate to use in the processing of a protected content. In particular, the CMS content constraints extension is one part of the authorization decision; it is used when validating a digital signature on a CMS SignedData content or validating a message authentication code (MAC) on a CMS AuthenticatedData content or CMS AuthEnvelopedData content. The signed or authenticated content type is identified by an ASN.1 object identifier, and this extension indicates the content types that the public key is authorized to validate. If the authorization check is successful, the CMS content constraints extension also provides default values for absent attributes. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6010 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6009 Sieve Email Filtering: Delivery Status Notifications and Deliver-By Extensions
- RFC 6011 Session Initiation Protocol User Agent Configuration
- RFC 6008 Authentication-Results Registration for Differentiating among Cryptographic Results
- RFC 6012 Datagram Transport Layer Security Transport Mapping for Syslog
- RFC 6007 Use of the Synchronization VECtor List for Synchronized Dependent Path Computations
- RFC 6006 Extensions to the Path Computation Element Communication Protocol for Point-to-Multipoint Traffic Engineering Label Switched Paths
- RFC 6014 Cryptographic Algorithm Identifier Allocation for DNSSEC
- RFC 6005 Generalized MPLS Support for Metro Ethernet Forum and G.8011 User Network Interface