4.1.2.5.2 GeneralizedTime
The generalized time type, GeneralizedTime, is a standard ASN.1 type
for variable precision representation of time. Optionally, the
GeneralizedTime field can include a representation of the time
differential between local and Greenwich Mean Time.
For the purposes of this profile, GeneralizedTime values MUST be
expressed Greenwich Mean Time (Zulu) and MUST include seconds (i.e.,
times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero.
GeneralizedTime values MUST NOT include fractional seconds.
4.1.2.6 Subject
The subject field identifies the entity associated with the public
key stored in the subject public key field. The subject name may be
carried in the subject field and/or the subjectAltName extension. If
the subject is a CA (e.g., the basic constraints extension, as
discussed in 4.2.1.10, is present and the value of cA is TRUE,) then
the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (see sec. 4.1.2.4) in
all certificates issued by the subject CA. If subject naming
information is present only in the subjectAltName extension (e.g., a
key bound only to an email address or URI), then the subject name
MUST be an empty sequence and the subjectAltName extension MUST be
critical.
RFC 2459 Internet X.509 Public Key Infrastructure January 1999
Where it is non-empty, the subject field MUST contain an X.500
distinguished name (DN). The DN MUST be unique for each subject
entity certified by the one CA as defined by the issuer name field. A
CA may issue more than one certificate with the same DN to the same
subject entity.
The subject name field is defined as the X.501 type Name.
Implementation requirements for this field are those defined for the
issuer field (see sec. 4.1.2.4). When encoding attribute values of
type DirectoryString, the encoding rules for the issuer field MUST be
implemented. Implementations of this specification MUST be prepared
to receive subject names containing the attribute types required for
the issuer field. Implementations of this specification SHOULD be
prepared to receive subject names containing the recommended
attribute types for the issuer field. The syntax and associated
object identifiers (OIDs) for these attribute types are provided in
the ASN.1 modules in Appendices A and B. Implementations of this
specification MAY use these comparison rules to process unfamiliar
attribute types (i.e., for name chaining). This allows
implementations to process certificates with unfamiliar attributes in
the subject name.
In addition, legacy implementations exist where an RFC 822 name is
embedded in the subject distinguished name as an EmailAddress
attribute. The attribute value for EmailAddress is of type IA5String
to permit inclusion of the character '@', which is not part of the
PrintableString character set. EmailAddress attribute values are not
case sensitive (e.g., "fanfeedback@redsox.com" is the same as
"FANFEEDBACK@REDSOX.COM").
Conforming implementations generating new certificates with
electronic mail addresses MUST use the rfc822Name in the subject
alternative name field (see sec. 4.2.1.7) to describe such
identities. Simultaneous inclusion of the EmailAddress attribute in
the subject distinguished name to support legacy implementations is
deprecated but permitted.
4.1.2.7 Subject Public Key Info
This field is used to carry the public key and identify the algorithm
with which the key is used. The algorithm is identified using the
AlgorithmIdentifier structure specified in section 4.1.1.2. The
object identifiers for the supported algorithms and the methods for
encoding the public key materials (public key and parameters) are
specified in section 7.3.
RFC 2459 Internet X.509 Public Key Infrastructure January 1999
4.1.2.8 Unique Identifiers
These fields may only appear if the version is 2 or 3 (see sec.
4.1.2.1). The subject and issuer unique identifiers are present in
the certificate to handle the possibility of reuse of subject and/or
issuer names over time. This profile recommends that names not be
=13= |
