Standard X.509 v3 Certificate ExtensionsAppendix G Certificate and CRL Extensions 723Standard X.509 v3 Certificate ExtensionsThis section summarizes the extension types that are defined as part of the InternetX.509 Version 3 standard, as of September 1998, and indicates which types arerecommended by the PKIX working group.This section summarizes important information about each certificate. Forcomplete details, see both the X.509 v3 standard (available from the ITU) and theInternet X.509 Public Key Infrastructure - Certificate and CRL Profile (RFC 2459),available at http://www.ietf.org/rfc/rfc2459.txt. The descriptions ofextensions reference the RFC and section number of the standard draft thatdiscusses the extension; the object identifier (OID) for each extensions is alsoprovided.See the Netscape or Microsoft web sites for recommended and supported usage ofextension in these clients. For other clients, see their web sites for information.Each extension in a certificate can be designated as critical or noncritical. Acertificate-using system, such as browser software, must reject the certificate if itencounters a critical extension it does not recognize; however, a noncriticalextension can be ignored if it is not recognized.CMS (CMS) version support is listed for each extension. “Supported” means thatthe indicated version of CMS ships with built-in support for the extension via apolicy plug-in. “Not supported” means that the indicated version of CMS does notship a policy plug-in for the extension (although the extension can be used if acustom plug-in is written).authorityInfoAccessOID1.3.6.1.5.5.7.1.1CriticalityThis extension must be noncritical.DiscussionThe Authority Information Access extension indicates how and where to accessinformation about the issuer of the certificate. The extension contains anaccessMethod and an accessLocation field. The accessMethod specifies (by anOID) the type and format of information about the issuer found at theaccessLocation.
