Newer
Older
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
</ul>
<p class="class_28">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_3e04d28f-0401-4b5c-ba33-b47d0e63946b">
<a class="requality_id" id="id_3e04d28f-0401-4b5c-ba33-b47d0e63946b" name="3e04d28f-0401-4b5c-ba33-b47d0e63946b"/>
None of the possible
</span>
<font style="font-family: Courier New;">
<span class="requality_text id_3e04d28f-0401-4b5c-ba33-b47d0e63946b">HeaderField</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3e04d28f-0401-4b5c-ba33-b47d0e63946b">cases shall be included more than once</span>
.
<span class="requality_text id_9f584669-0edc-4cd5-9e25-979e66b5e955"><a class="requality_id" id="id_9f584669-0edc-4cd5-9e25-979e66b5e955" name="9f584669-0edc-4cd5-9e25-979e66b5e955"/>
Additional HeaderField types are allowed.
</span>
</font>
</font>
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7"><a class="requality_id" id="id_327f9109-fdf6-4271-ad73-dde8a50590b7" name="327f9109-fdf6-4271-ad73-dde8a50590b7"/>
A
</span>
<a href="type">
<font style="font-family: Courier New;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">Payload</span>
</font>
</a>
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">element of type</span>
<font style="font-family: Courier New;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">signed</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">,</span>
<font style="font-family: Courier New;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">signed_external</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">or</span>
<font style="font-family: Courier New;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">signed_and_encrypted</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_327f9109-fdf6-4271-ad73-dde8a50590b7">shall be included.</span>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_b92fccca-032f-4a3c-8b7d-89e0cd966e8d"><a class="requality_id" id="id_b92fccca-032f-4a3c-8b7d-89e0cd966e8d" name="b92fccca-032f-4a3c-8b7d-89e0cd966e8d"/>
These
</span>
<a href="type">
<font style="font-family: Courier New;">
<span class="requality_text id_b92fccca-032f-4a3c-8b7d-89e0cd966e8d">TrailerField</span>
</font>
</a>
<span class="requality_text id_b92fccca-032f-4a3c-8b7d-89e0cd966e8d">elements shall be included:</span>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c"><a class="requality_id" id="id_3545ac20-454c-4f8b-8447-af4d7d3eb03c" name="3545ac20-454c-4f8b-8447-af4d7d3eb03c"/>
signature
</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">: this field shall contain a signature calculated over these fields of the</span>
<a href="type">
<font style="font-family: Courier New;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">SecuredMessage</span>
</font>
</a>
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">data structure:</span>
</font>
</font>
</li>
</p>
</ul>
<ul style="margin: 0in 0in 0in 0.827083in; padding: 0pt; text-indent: -0.315278in; text-align: left;">
<p class="class_45 b2+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">protocol_version</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">.</span>
</font>
</font>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">The variable-length vector</span>
<font style="font-family: Courier New;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">header_fields</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">including its length.</span>
</font>
</font>
</font>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">The complete</span>
<font style="font-family: Courier New;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">payload_field</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">field. If the payload is marked as external, its contents shall be included in the hash as well, at the position where a non-external payload would be.</span>
</font>
</font>
</font>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">The length of the variable-length vector</span>
<font style="font-family: Courier New;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">trailer_fields</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">and the type of the</span>
<font style="font-family: Courier New;">
<span class="requality_text id_3545ac20-454c-4f8b-8447-af4d7d3eb03c">signature</span>
<font style="font-family: Times New Roman;">trailer field.</font>
</font>
</font>
</font>
</font>
</li>
</p>
</ul>
<h2 class="class_25">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786205">7.</a>
4
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
<span class="requality_text id_967d4b57-1e68-438c-b9e2-e20c3877f499"><a class="requality_id" id="id_967d4b57-1e68-438c-b9e2-e20c3877f499" name="967d4b57-1e68-438c-b9e2-e20c3877f499"/>
Profiles for certificates
</span>
</font>
</h2>
<h3 class="class_33">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786206">
7.4.1
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
Introduction
</a>
</font>
</h3>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Clause 7.4 defines which types of variable fields shall always be included in certificates.</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_783519e9-a067-4deb-b103-46fa94db39bf"><a class="requality_id" id="id_783519e9-a067-4deb-b103-46fa94db39bf" name="783519e9-a067-4deb-b103-46fa94db39bf"/>
The
</span>
<font style="font-family: Courier New;">version</font>
field of a certificate shall be set according to clause 6.1.
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c9c4983f-ff2c-40f3-892c-638f7091bf6b">
<a class="requality_id" id="id_c9c4983f-ff2c-40f3-892c-638f7091bf6b" name="c9c4983f-ff2c-40f3-892c-638f7091bf6b"/>
The following
</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c9c4983f-ff2c-40f3-892c-638f7091bf6b">SubjectAttribute</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_c9c4983f-ff2c-40f3-892c-638f7091bf6b">elements shall be included:</span>
</font>
</font>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_31d476e6-b809-400a-a06b-25bb659cc453"><a class="requality_id" id="id_31d476e6-b809-400a-a06b-25bb659cc453" name="31d476e6-b809-400a-a06b-25bb659cc453"/>
verification_key
</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_31d476e6-b809-400a-a06b-25bb659cc453">: this field shall contain the public key of the key pair that is used to sign and verify message or certificate signatures.</span>
</font>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Times New Roman; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_25ae8b7b-7dc7-4009-b85b-fa59fc9c2af9"><a class="requality_id" id="id_25ae8b7b-7dc7-4009-b85b-fa59fc9c2af9" name="25ae8b7b-7dc7-4009-b85b-fa59fc9c2af9"/>
<font style="font-family: Courier New;">assurance_level</font>
: this field shall contain the assurance level of the sender or certificate authority
</span>.
<span class="requality_text id_a5aaa3b8-fe7b-4f50-8dff-a3674829fa6f">
<a class="requality_id" id="id_a5aaa3b8-fe7b-4f50-8dff-a3674829fa6f" name="a5aaa3b8-fe7b-4f50-8dff-a3674829fa6f"/>
A certificate shall contain an assurance level that is equal to or lower than the assurance level of the certificate referenced by the
<font style="font-family: Courier New;">signer_info</font>
.
</span>
<span class="requality_text id_0c378b8d-b7f5-4102-92db-50cd3f458166">
<a class="requality_id" id="id_0c378b8d-b7f5-4102-92db-50cd3f458166" name="0c378b8d-b7f5-4102-92db-50cd3f458166"/>
If the assurance level is unknown for the certificate then the default assurance level 0 shall be used.
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<a class="requality_id" id="id_089844af-89f2-46be-8524-0c02924bcf88" name="089844af-89f2-46be-8524-0c02924bcf88"/>
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">
<a class="requality_id" id="id_c3923a06-7523-4d02-b1e2-54db898f3d76" name="c3923a06-7523-4d02-b1e2-54db898f3d76"/>
Exactly one of the following
</span>
</span>
<a href="type">
<font style="font-family: Courier New;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">ValidityRestriction</span>
</span>
</font>
</a>
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">fields shall be included:</span>
</span>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">time_end</span>
</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">: this field shall contain the end of validity of the certificate.</span>
</span>
</font>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">time_start_and_end</span>
</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">: this field shall contain the validity period of the certificate.</span>
</span>
</font>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">time_start_and_duration</span>
</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_089844af-89f2-46be-8524-0c02924bcf88">
<span class="requality_text id_c3923a06-7523-4d02-b1e2-54db898f3d76">: this field shall contain the validity period of the certificate.</span>
</span>
</font>
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
The options
<font style="font-family: Courier New;">time_start_and_end</font>
or
<font style="font-family: Courier New;">time_start_and_duration</font>
should be preferred.
<span class="requality_text id_99a86360-2aa2-4fad-82d3-015c9fa9345d">
<a class="requality_id" id="id_99a86360-2aa2-4fad-82d3-015c9fa9345d" name="99a86360-2aa2-4fad-82d3-015c9fa9345d"/>
If the
<font style="font-family: Courier New;">signer_info</font>
is different from
<font style="font-family: Courier New;">self</font>
, then the validity period defined by
<font style="font-family: Courier New;">time_end</font>
,
<font style="font-family: Courier New;">time_start_and_end</font>
or
<font style="font-family: Courier New;">time_start_and duration</font>
shall be within the validity period of the certificate referenced by the
<font style="font-family: Courier New;">signer_info</font>
.
</span>
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_5e9ae933-303e-4fa9-8a48-436757e98ab9">
<a class="requality_id" id="id_5e9ae933-303e-4fa9-8a48-436757e98ab9" name="5e9ae933-303e-4fa9-8a48-436757e98ab9"/>
A certificate shall contain a validity restriction of type
<font style="font-family: Courier New;">region</font>
, if the certificate referenced by the
<font style="font-family: Courier New;">signer_info</font>
contains a validity restriction of type
<font style="font-family: Courier New;">region</font>
.
</span>
<span class="requality_text id_69c806d3-882e-43b1-b8fe-6dc0c8d1da4c">
<a class="requality_id" id="id_69c806d3-882e-43b1-b8fe-6dc0c8d1da4c" name="69c806d3-882e-43b1-b8fe-6dc0c8d1da4c"/>
Every certificate with a validity restriction of type
<font style="font-family: Courier New;">region</font>
shall contain a region that is covered by the certificate referenced by the
<font style="font-family: Courier New;">signer_info</font>
.
</span>
<span class="requality_text id_c223fe50-65bf-48d8-970d-3bd4538c8e94">
<a class="requality_id" id="id_c223fe50-65bf-48d8-970d-3bd4538c8e94" name="c223fe50-65bf-48d8-970d-3bd4538c8e94"/>
For the field
<font style="font-family: Courier New;">signer_info</font>
, exactly one of the following types shall be included:
</span>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c223fe50-65bf-48d8-970d-3bd4538c8e94">certificate_digest_with_sha256</span>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c223fe50-65bf-48d8-970d-3bd4538c8e94">certificate_digest_with_other_algorithm</span>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c223fe50-65bf-48d8-970d-3bd4538c8e94">self</span>
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">Apart from these fields, certificate contents may be extended depending on the purpose of the certificate.</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_b661365c-ed7a-410c-803f-e9702b195a7e"><a class="requality_id" id="id_b661365c-ed7a-410c-803f-e9702b195a7e" name="b661365c-ed7a-410c-803f-e9702b195a7e"/>
All certificates shall contain a
<font style="font-family: Courier New;">Signature</font>
field
</span>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"><a class="requality_id" id="id_c68a4e76-9564-42d2-934a-a889713923b8" name="c68a4e76-9564-42d2-934a-a889713923b8"/>
containing a signature calculated over these fields of the
</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">Certificate</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">data structure:</span>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</p>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.315278in; text-align: left;">
<p class="class_44 b2+">
<li class="class_36">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">The</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">version</span>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">The</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">signer_info</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">The</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">subject_info</span>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">The</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">subject_attributes</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">vector including its length</span>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</font>
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
</li>
</p>
<p class="class_44 b2+">
<li class="class_36">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8"/>
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">The</span>
<font style="font-family: Courier New;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">validity_restrictions</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_c68a4e76-9564-42d2-934a-a889713923b8">vector including its length</span>
</font>
</font>
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_71f5a0ef-5322-4268-8b01-1335de1d68d1"><a class="requality_id" id="id_71f5a0ef-5322-4268-8b01-1335de1d68d1" name="71f5a0ef-5322-4268-8b01-1335de1d68d1"/>Every certificate containing an
</span><font style="font-family: Courier New;"><span class="requality_text id_71f5a0ef-5322-4268-8b01-1335de1d68d1">
</span><font style="font-family: Times New Roman;"><span class="requality_text id_71f5a0ef-5322-4268-8b01-1335de1d68d1">
</span><font style="font-family: Courier New;"><span class="requality_text id_71f5a0ef-5322-4268-8b01-1335de1d68d1">
</span><font style="font-family: Times New Roman;"><span class="requality_text id_71f5a0ef-5322-4268-8b01-1335de1d68d1">
subject attribute shall contain a subset of the permissions that are contained in the certificate referenced by the
</span><font style="font-family: Courier New;"><span class="requality_text id_71f5a0ef-5322-4268-8b01-1335de1d68d1">
signer_info</span>
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
<font style="font-family: Times New Roman;">
. An
<font style="font-family: Courier New;">
its_aid
<font style="font-family: Times New Roman;">
in an
<font style="font-family: Courier New;">
its_aid_list
<font style="font-family: Times New Roman;">
shall be interpreted as containing a superset of all possible service specific permissions of this
<font style="font-family: Courier New;">
its_aid
<font style="font-family: Times New Roman;">.</font>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</font>
</p>
<h3 class="class_33">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786207">
7.4.2
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
<span class="requality_text id_b2391447-465b-4447-aa98-bad8ca9aa5cb">
<a class="requality_id" id="id_b2391447-465b-4447-aa98-bad8ca9aa5cb" name="b2391447-465b-4447-aa98-bad8ca9aa5cb"/>
Authorization tickets (pseudonymous certificates)
</span>
</a>
</font>
</h3>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
This clause defines additional aspects of authorization tickets (i.e. pseudonymous certificates) as defined in ETSI TS 102 940 [
<a href="ref">6</a>
].
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_076915cc-c9b3-460d-8ba4-388037396737">
<a class="requality_id" id="id_076915cc-c9b3-460d-8ba4-388037396737" name="076915cc-c9b3-460d-8ba4-388037396737"/>
For the field
</span>
<font style="font-family: Courier New;">
<span class="requality_text id_076915cc-c9b3-460d-8ba4-388037396737">signer_info</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_076915cc-c9b3-460d-8ba4-388037396737">, exactly one of the following types shall be included:</span>
</font>
</font>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_076915cc-c9b3-460d-8ba4-388037396737">certificate_digest_with_sha256</span>
.
</font>
</li>
</p>
</ul>
<p class="class_28">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
The
<a href="type">
<font style="font-family: Courier New;">SubjectInfo</font>
</a>
field of the authorization ticket shall be set to these values:
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_1d5a3fa4-b7ea-4b56-9ff7-2f1b08592a0a">
<a class="requality_id" id="id_1d5a3fa4-b7ea-4b56-9ff7-2f1b08592a0a" name="1d5a3fa4-b7ea-4b56-9ff7-2f1b08592a0a"/>
subject_type
</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_1d5a3fa4-b7ea-4b56-9ff7-2f1b08592a0a">: this field shall be set to</span>
<font style="font-family: Courier New;">
<span class="requality_text id_1d5a3fa4-b7ea-4b56-9ff7-2f1b08592a0a">authorization_ticket(1</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_1d5a3fa4-b7ea-4b56-9ff7-2f1b08592a0a">).</span>
</font>
</font>
</font>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_e9618613-82ad-42fa-88b3-2f6924c0165c">
<a class="requality_id" id="id_e9618613-82ad-42fa-88b3-2f6924c0165c" name="e9618613-82ad-42fa-88b3-2f6924c0165c"/>
<font style="font-family: Courier New;">subject_name</font>
: this field shall be encoded as
<font style="font-family: Courier New;">0x00</font>
(empty name field).
</span>
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_e2949dcb-7e0a-4104-92df-2c29945c7486">
<a class="requality_id" id="id_e2949dcb-7e0a-4104-92df-2c29945c7486" name="e2949dcb-7e0a-4104-92df-2c29945c7486"/>
These
<font style="font-family: Courier New;">SubjectAttribute</font>
elements shall be included in addition to those specified in clause
<a href="ref">7.4.1</a>
for all certificates:
</span>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_e2949dcb-7e0a-4104-92df-2c29945c7486">
<font style="font-family: Courier New;">its_aid_ssp_list</font>
: this field shall contain a list of ITS-AIDs with associated Service Specific Permissions (SSP).
</span>
<span class="requality_text id_8a319e13-50a8-4e29-a775-30d3853d05f0">
<a class="requality_id" id="id_8a319e13-50a8-4e29-a775-30d3853d05f0" name="8a319e13-50a8-4e29-a775-30d3853d05f0"/>
For each ITS-AID only one
<font style="font-family: Courier New;">ItsAidSsp</font>
shall be used.
</span>
</font>
</li>
</p>
</ul>
<p class="class_28">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_36a05750-9fac-494a-adcc-c36a9b0b39c1">
<a class="requality_id" id="id_36a05750-9fac-494a-adcc-c36a9b0b39c1" name="36a05750-9fac-494a-adcc-c36a9b0b39c1"/>
As
<a href="type">
<font style="font-family: Courier New;">ValidityRestriction</font>
</a>
field restricting the time of validity,
<font style="font-family: Courier New;">time_start_and_end</font>
shall be included.
</span>
</font>
</p>
<h3 class="class_33">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786208">
7.4.3
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
Enrolment credential (long-term certificates)
</a>
</font>
</h3>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
This clause defines additional aspects of enrolment credentials (i.e. long-term certificates) as defined in ETSI TS 102 940 [
<a href="ref">6</a>
].
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
For the field
<font style="font-family: Courier New;">
signer_info
<font style="font-family: Times New Roman;">, exactly one of the following types shall be included:</font>
</font>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">certificate_digest_with_sha256.</font>
</li>
</p>
</ul>
<p class="class_28">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
In the
<a href="type">
<font style="font-family: Courier New;">SubjectInfo</font>
</a>
field of the enrolment credential,
<font style="font-family: Courier New;">
subject_type
<font style="font-family: Times New Roman;">
shall be set to
<font style="font-family: Courier New;">
enrollment_credential(0
<font style="font-family: Times New Roman;">).</font>
</font>
</font>
</font>
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
These
<font style="font-family: Courier New;">
SubjectAttribute
<font style="font-family: Times New Roman;">
elements shall be included in addition to those specified in clause
<a href="ref">7.</a>
4.1 for all certificates:
</font>
</font>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
its_aid_ssp_list
<font style="font-family: Times New Roman;">
: this field shall contain a list of ITS-AIDs with associated Service Specific Permissions (SSP). For each ITS-AID only one
<font style="font-family: Courier New;">
ItsAidSsp
<font style="font-family: Times New Roman;">shall be used.</font>
</font>
</font>
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
As
<a href="type">
<font style="font-family: Courier New;">ValidityRestriction</font>
</a>
field restricting the time of validity,
<font style="font-family: Courier New;">
time_start_and_end
<font style="font-family: Times New Roman;">shall be included.</font>
</font>
</font>
</p>
<p class="class_48">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
NOTE:
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
The
<font style="font-family: Courier New;">
its_aid_ssp_list
<font style="font-family: Times New Roman;">is used for enrolment credentials to enforce that an ITS-S cannot expand its own service specific permissions in authorization tickets through manipulation of requests to the CA.</font>
</font>
</font>
</p>
<h3 class="class_33">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786209">
7.4.4
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
<span class="requality_text id_fc3a86a9-a0fb-4c88-b23d-594bdccc8ba2">
<a class="requality_id" id="id_fc3a86a9-a0fb-4c88-b23d-594bdccc8ba2" name="fc3a86a9-a0fb-4c88-b23d-594bdccc8ba2"/>
Certificate authority certificates
</span>
</a>
</font>
</h3>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">This clause defines additional aspects of certificate authority certificates.</font>
</p>
<p class="class_28">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
The following
<a href="type">
<font style="font-family: Courier New;">SignerInfo</font>
</a>
fields shall be included:
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_35 b1+">
<li class="class_36">
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
For root certificate authority certificates, the
<font style="font-family: Courier New;">
signer_info
<font style="font-family: Times New Roman;">
field shall be set to
<font style="font-family: Courier New;">
self
<font style="font-family: Times New Roman;">.</font>
</font>
</font>
</font>
</font>
</li>
</p>
<p class="class_35 b1+">
<li class="class_36">
<font style="font-family: Times New Roman; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_21450aa2-5444-4b7f-999a-4a385c833eec">
<a class="requality_id" id="id_21450aa2-5444-4b7f-999a-4a385c833eec" name="21450aa2-5444-4b7f-999a-4a385c833eec"/>
For other certificate authorities, the
<font style="font-family: Courier New;">signer_info</font>
field shall be set to
<font style="font-family: Courier New;">certificate_digest_with_sha256</font>
.
</span>
</font>
</li>
</p>
</ul>
<p class="class_28">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
In the
<a href="type">
<font style="font-family: Courier New;">SubjectInfo</font>
</a>
field of the CA certificate,
<font style="font-family: Courier New;">
subject_type
<font style="font-family: Times New Roman;">shall be set to one of these types:</font>
</font>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_9bdd04f1-3bca-4642-9a33-503b4c02b7b8">
<a class="requality_id" id="id_9bdd04f1-3bca-4642-9a33-503b4c02b7b8" name="9bdd04f1-3bca-4642-9a33-503b4c02b7b8"/>
<font style="font-family: Courier New;">authorization_authority</font>
, for authorization authorities, i.e. certificate authorities issuing authorization tickets.
</span>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
enrollment_authority
<font style="font-family: Times New Roman;">, for enrolment authorities, i.e. certificate authorities issuing enrolment credentials.</font>
</font>
</li>
</p>
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
root_ca
<font style="font-family: Times New Roman;">, for root certificate authorities.</font>
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_427fc514-9bc6-4e55-b69a-59058905f749">
<a class="requality_id" id="id_427fc514-9bc6-4e55-b69a-59058905f749" name="427fc514-9bc6-4e55-b69a-59058905f749"/>
These
</span>
<font style="font-family: Courier New;">
<span class="requality_text id_427fc514-9bc6-4e55-b69a-59058905f749">SubjectAttribute</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_427fc514-9bc6-4e55-b69a-59058905f749">elements shall be included in addition to those specified in clause</span>
<a href="ref">
<span class="requality_text id_427fc514-9bc6-4e55-b69a-59058905f749">7.</span>
</a>
<span class="requality_text id_427fc514-9bc6-4e55-b69a-59058905f749">4.1 for authorization authority and enrolment authority certificates</span>
:
</font>
</font>
</font>
</p>
<ul style="list-style-type: disc; margin: 0in 0in 0in 0.511806in; padding: 0pt; text-indent: -0.314583in; text-align: left;">
<p class="class_37 b1+">
<li class="class_36">
<font style="font-family: Courier New; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
its_aid_list
<font style="font-family: Times New Roman;">
: this field shall contain a list of ITS-AIDs.
<span class="requality_text id_3dc0faba-b8b1-45d9-85b2-90decaf8fd0f">
<a class="requality_id" id="id_3dc0faba-b8b1-45d9-85b2-90decaf8fd0f" name="3dc0faba-b8b1-45d9-85b2-90decaf8fd0f"/>
Each ITS-AID shall be unique in the
</span>
<font style="font-family: Courier New;">
<span class="requality_text id_3dc0faba-b8b1-45d9-85b2-90decaf8fd0f">its_aid_list</span>
<font style="font-family: Times New Roman;">
<span class="requality_text id_3dc0faba-b8b1-45d9-85b2-90decaf8fd0f">.</span>
</font>
</font>
</font>
</font>
</li>
</p>
</ul>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<span class="requality_text id_e6b9cd9d-36fa-4a69-ae0f-76a4a07f269b">
<a class="requality_id" id="id_e6b9cd9d-36fa-4a69-ae0f-76a4a07f269b" name="e6b9cd9d-36fa-4a69-ae0f-76a4a07f269b"/>
As
<a href="type">
<font style="font-family: Courier New;">ValidityRestriction</font>
</a>
field restricting the time of validity,
<font style="font-family: Courier New;">time_start_and_end</font>
shall be included.
</span>
</font>
</p>
<p class="class_48">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
NOTE:
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
The authorization and enrolment authority certificates contain an
<font style="font-family: Courier New;">
its_aid_list
<font style="font-family: Times New Roman;">, because a CA should not be able to create certificates for ITS stations containing ITS-AIDs that the CA was not authorized to by the root CA.</font>
</font>
</font>
</p>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">?</font>
</p>
<h8 class="class_19">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786210">
Annex A (informative):
<br/>
Data structure examples
</a>
</font>
</h8>
<h1 class="class_24">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<a id="_Toc421786211">
A.1
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
Example security envelope structure for CAM
</a>
</font>
</h1>
<p class="class_5">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
The following structure shown in table
<a href="ref">A.1</a>
is an example security header for a CAM message. The header transports the generation time, identifies the payload as signed, and includes the hash of a certificate, that is, no full certificate is included in this case. Finally, an ECDSA NIST P-256 based signature is attached.
</font>
</p>
<p class="class_29">
<font style="font-style: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;">
Table
<a id="ref_tab_example_signed_cam_header">A.</a>
: An example signed header for CAM
</font>
</p>
<p class="class_30">
<table style="border-collapse: collapse; border-spacing: 0pt;">
<tbody>
<tr style="height: 0in;">
<td style="border: 1px solid black; width: 3.24861in;">
<p class="class_30">
<font style="font-style: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;">Element</font>
</p>
</td>
<td style="border: 1px solid black; width: 0.7875in;">
<p class="class_30">
<font style="font-style: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;">Value</font>
</p>
</td>
<td style="border: 1px solid black; width: 2.00486in;">
<p class="class_30">
<font style="font-style: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;">Description</font>
</p>
</td>
<td style="border: 1px solid black; width: 0.652778in; vertical-align: top;">
<p class="class_30">
<font style="font-style: normal; font-weight: bold; text-decoration: none; vertical-align: baseline;">Length in octets</font>
</p>
</td>
</tr>
<tr style="height: 0in;">
<td style="border: 1px solid black; width: 3.24861in;">
<p class="class_30">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">SecuredMessage</font>
</p>
</td>
<td style="border: 1px solid black; width: 0.7875in;">
<p class="class_30"/>
</td>
<td style="border: 1px solid black; width: 2.00486in; vertical-align: top;">
<p class="class_30"/>
</td>
<td style="border: 1px solid black; width: 0.652778in; vertical-align: top;">
<p class="class_17"/>
</td>
</tr>
<tr style="height: 0in;">
<td style="border: 1px solid black; width: 3.24861in;">
<p class="class_30">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">
<img border="0" height="1" src="data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs%3D" width="18"/>
uint8 protocol_version
</font>
</p>
</td>
<td style="border: 1px solid black; width: 0.7875in;">
<p class="class_30">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">0x02</font>
</p>
</td>
<td style="border: 1px solid black; width: 2.00486in; vertical-align: top;">
<p class="class_30"/>
</td>
<td style="border: 1px solid black; width: 0.652778in; vertical-align: top;">
<p class="class_17">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">1</font>
</p>
</td>
</tr>
<tr style="height: 0in;">
<td style="border: 1px solid black; width: 3.24861in;">
<p class="class_30">
<font style="font-style: normal; font-weight: normal; text-decoration: none; vertical-align: baseline;">