idnits 2.17.1 draft-gindin-pkix-technr-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 30 instances of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 176: '...he relying party SHOULD include, in th...' Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: '2' is defined on line 219, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2459 (ref. '1') (Obsoleted by RFC 3280) Summary: 8 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet-Draft Thomas Gindin 2 PKIX WG IBM Corp. 3 Intended Category: Informational 4 Expires: 28 February 2000 28 August, 1999 6 Internet X.509 Public Key Infrastructure 7 Technical Requirements for a non-Repudiation Service 8 10 STATUS OF THIS MEMO 12 This document is an Internet-Draft and is in full conformance with 13 all the provisions of Section 10 of RFC2026. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that other 17 groups may also distribute working documents as Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt. 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 This Internet-Draft expires on February 28, 2000. Comments and 31 suggestions on this document are encouraged. Comments on this 32 document should be sent to the PKIX working group discussion list: 33 34 or directly to the author, at tgindin@us.ibm.com. 36 This Internet-Draft represents the views of its author, and not 37 necessarily those of his employer. 39 ABSTRACT 41 This document describes those features of a service which processes 42 signed doucments which must be present in order for that service to 43 constitute a "technical non-repudiation" service. A technical 44 non-repudiation service must permit an independent verifier to 45 determine whether a given signature was applied to a given data object 46 by the private key associated with a given valid certificate, at a time 47 later than the signature. The features of a technical non-repudiation 48 service are expected to be necessary for a full non-repudiation service, 49 although they may not be sufficient. 51 This document is intended to clarify the definition of the 52 "non-repudiation" service in RFC 2459. It should thus serve as a guide 53 to when the nonRepudiation bit of the keyUsage extension should be used 54 and to when a Certificate Authority is required to archive CRL's. 56 1 Introduction 58 RFC 2459 [1] specifies a bit within the KeyUsage extension called the 59 nonRepudiation bit which is "asserted when the subject public key is 60 used to verify digital signatures used to provide a non-repudiation 61 service which protects against the signing entity falsely denying some 62 action, excluding certificate or CRL signing." Extensive discussions 63 in the PKIX WG have revealed that the description of the non-repudiation 64 service contained in this passage is not widely enough understood or 65 agreed upon to characterize any given service as providing or not 66 providing a non-repudiation service. Two major categories of service 67 have been proposed as potentially providing a non-repudiation service: 68 the technical non-repudiation service, which this draft attempts to 69 define with greater precision, and a full non-repudiation service 70 which is intended to prevent all possible repudiations of a signed 71 object or document. Since a full non-repudiation service is required 72 to meet all the requirements of this technical non-repudiation service 73 as a prerequisite, the technical non-repudiation service's definition 74 is necessary for both. 76 1.1 Definitions 78 Signing Certificate: A certificate containing the key pair whose 79 private key was used to create the signature being verified. 81 Signer: The party who created the signature being verified. It 82 is outside the scope of these requirements to distinguish between the 83 actual signer and the holder of the signing certificate. 85 Relying Party: The party who received the signature being verified, and 86 initially verified it. 88 Verifier: An entity independent of both the signer and the relying 89 party who is verifying that the supplied signature, data object, and 90 certificate are consistent with each other. 92 1-way NR: A service in which the relying party preserves 93 sufficient evidence to permit the verifier to perform a verification, 94 and may submit it for verification by his or her own action. 96 2-way NR: A service in which the relying party submits 97 sufficient evidence to permit the verifier to perform a verification 98 o a third party, known as the "escrow holder". 100 Escrow holder: The party responsible for preserving signature evidence 101 in 2-way NR. The escrow holder may also be, but need not be, the 102 verifier. 104 Escrow package: The data submitted from the relying party to the escrow 105 holder, in 2-way NR. The escrow holder may add certain auditing and 106 tracking information to this package before storage. 108 NR service: The technical nonRepudiation service referenced above. 110 keyUsage extension: A standard extension within X.509v3 certificates 111 with object identifier { 2 5 29 15 }, consisting of a series of 112 enumerated bits. 114 NR bit: The nonRepudiation bit (offset 1) of the keyUsage 115 extension. 117 1.2 Scope and caveats 119 The NR service is expected to provide evidence that a given 120 object was signed by the private key corresponding to a given 121 certificate which was valid at the time of signature. It is not 122 anticipated that the use of the NR service will ordinarily constitute 123 execution of a contract, or acceptance of any other legal obligation. 124 It is anticipated that the use of this service in accepting legal 125 obligations will be the subject of legislation or judicial decision 126 in various jurisdictions, which are likely to lay additional technical 127 burdens upon the provision of such a service to such an extent as to 128 constitute another, larger service which need not be the same in all 129 jurisdictions. It is outside the scope of the definition of this 130 service to provide evidence that the signer and the holder of the 131 signing certificate are the same, that the signer has been adequately 132 informed of the content which is signed, that the signer is not acting 133 under duress, etc. 135 2 Requirements for both 1-way and 2-way NR 137 2.1 The signer must submit, with the signature, the signing 138 certificate or an unambiguous identifier of that certificate. 139 Unambiguous identifiers of certificates include the combination of a 140 certificate serial number with an issuer name. 142 2.2 The signer must submit, with the signature, the content being 143 signed or an unambiguous reference to that content. It is explicitly 144 contemplated that a URI constitutes an unambiguous reference to its 145 content. 147 2.3 The signer must include, in the base over which the signature 148 is calculated, the time at which the signature was created. 150 2.4 The relying party must, before accepting the signature, verify 151 that the signing certificate is valid. This verification should include 152 a CRL check. 154 2.5 The relying party must, before accepting the signature, verify 155 the signature of the data object being submitted. 157 3 Requirements for 1-way NR 159 3.1 The relying party must save a copy of the content being signed. 161 3.2 The relying party must save the identity of the signing 162 certificate, along with the content of the signature. 164 3.3 The relying party must check that the signing certificate 165 contains a keyUsage extension. If the extension is not present or does 166 not contain the nonRepudiation bit, and the version of the certificate 167 is v3 or higher, the submission must be rejected. 169 4 Requirements for 2-way NR 171 4.1 The relying party must submit to the escrow holder a copy of 172 the content being signed, the identity of the signing certificate, and 173 the signature. 175 4.2 The relying party must sign the submission to the escrow holder. 176 The relying party SHOULD include, in the base over which that signature 177 is calculated, the current time. This time will be between the time 178 when the signer submitted the signature and the time when the package 179 is submitted. The signed object submitted is known as the escrow 180 package. 182 4.3 The relying party must check whether or not the signing 183 certificate contains a keyUsage extension. If the keyUsage extension 184 is present and the nonRepudiation bit is not set the submission must be 185 rejected. 187 5 Copyright 189 Copyright (C) The Internet Society (date). All Rights Reserved. 191 This document and translations of it may be copied and furnished to 192 others, and derivative works that comment on or otherwise explain it 193 or assist in its implementation may be prepared, copied, published 194 and distributed, in whole or in part, without restriction of any 195 kind, provided that the above copyright notice and this paragraph are 196 included on all such copies and derivative works. However, this 197 document itself may not be modified in any way, such as by removing 198 the copyright notice or references to the Internet Society or other 199 Internet organizations, except as needed for the purpose of 200 developing Internet standards in which case the procedures for 201 copyrights defined in the Internet Standards process must be 202 followed, or as required to translate it into languages other than 203 English. 205 The limited permissions granted above are perpetual and will not be 206 revoked by the Internet Society or its successors or assigns. 208 This document and the information contained herein is provided on an 209 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 210 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 211 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 212 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 213 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 215 6 References 217 [1] R. Housley, W. Ford, W. Polk, and D. Solo "Internet X.509 Public Key 218 Infrastructure Certificate and CRL Profile", RFC 2459, January 1999 219 [2] X.509(97) 220 7 Author's Address 222 Thomas Gindin 223 IBM Corporation 224 800 North Frederick Ave. 225 Gaithersburg, MD 20879 226 USA 228 Email: tgindin@us.ibm.com 230 Internet-Draft Technical Requirements for a non-Repudiation Service 231 Expires: 28 February 2000