2. Updates to RFC 4210 - Certificate Management Protocol (CMP)

2. Updates to RFC 4210 - Certificate Management Protocol (CMP)

This section contains all updates to RFC 4210.

Subsections

• 2.1. New Section 1.1 - Changes Since RFC 4210
• 2.2. New Section 4.5 - Extended Key Usage
• 2.3. Update Section 5.1.1 - PKI Message Header
• 2.4. New Section 5.1.1.3 - CertProfile
• 2.5. Update Section 5.1.3.1 - Shared Secret Information
• 2.6. Replace Section 5.1.3.4 - Multiple Protection
• 2.7. Replace Section 5.2.2 - Encrypted Values
• 2.8. New Section 5.2.9 - GeneralizedTime
• 2.9. Update Section 5.3.4 - Certification Response
• 2.10. Update Section 5.3.18 - Certificate Confirmation Content
• 2.11. Update Section 5.3.19.2 - Signing Key Pair Types
• 2.12. Update Section 5.3.19.3 - Encryption/Key Agreement Key Pair Types
• 2.13. Replace Section 5.3.19.9 - Revocation Passphrase
• 2.14. New Section 5.3.19.14 - CA Certificates
• 2.15. New Section 5.3.19.15 - Root CA Certificate Update
• 2.16. New Section 5.3.19.16 - Certificate Request Template
• 2.17. New Section 5.3.19.17 - CRL Update Retrieval
• 2.18. Update Section 5.3.21 - Error Message Content
• 2.19. Replace Section 5.3.22 - Polling Request and Response
• 2.20. Update Section 7 - Version Negotiation
• 2.21. Update Section 7.1.1 - Clients Talking to RFC 2510 Servers
• 2.22. Add Section 8.4 - Private Keys for Certificate Signing and CMP Message Protection
• 2.23. Add Section 8.5 - Entropy of Random Numbers, Key Pairs, and Shared Secret Information
• 2.24. Add Section 8.6 - Trust Anchor Provisioning Using CMP Messages
• 2.25. Add Section 8.7 - Authorizing Requests for Certificates with Specific EKUs
• 2.26. Update Appendix B - The Use of Revocation Passphrase
• 2.27. Update Appendix C - Request Message Behavioral Clarifications
• 2.28. Update Appendix D.1. - General Rules for Interpretation of These Profiles
• 2.29. Update Appendix D.2. - Algorithm Use Profile
• 2.30. Update Appendix D.4. - Initial Registration/Certification (Basic Authenticated Scheme)