idnits 2.17.1 

draft-ietf-pkix-ipki-part4-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in
     this document.

     Expected boilerplate is as follows today (2024-04-16) according to
     https://trustee.ietf.org/license-info :

     IETF Trust Legal Provisions of 28-dec-2009, Section 6.a:
        This Internet-Draft is submitted in full conformance with the provisions
        of BCP 78 and BCP 79.

     IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2:
        Copyright (c) 2024 IETF Trust and the persons identified as the document
        authors.  All rights reserved.

     IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3:
        This document is subject to BCP 78 and the IETF Trust's Legal Provisions
        Relating to IETF Documents
        (https://trustee.ietf.org/license-info) in effect on the date of
        publication of this document.  Please review these documents
        carefully, as they describe your rights and restrictions with
        respect to this document.  Code Components extracted from this
        document must include Simplified BSD License text as described in
        Section 4.e of the Trust Legal Provisions and are provided
        without warranty as described in the Simplified BSD License.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** Missing expiration date.  The document expiration date should appear on
     the first and last page.

  ** The document seems to lack a 1id_guidelines paragraph about
     Internet-Drafts being working documents. 

  ** The document seems to lack a 1id_guidelines paragraph about 6 months
     document validity -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories. 

  ** The document is more than 15 pages and seems to lack a Table of Contents.

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 45
     longer pages, the longest (page 2) being 60 lines

  == It seems as if not all pages are separated by form feeds - found 0 form
     feeds but 46 pages


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an Introduction section.
     (A line matching the expected section header was found, but with an
    unexpected indentation:
     '   1.1  Overview' )

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** There are 660 instances of weird spacing in the document.  Is it really
     formatted ragged-right, rather than justified?

  ** The abstract seems to contain references ([ABA1], [BAU1], [PEM1],
     [ISO1]), which it shouldn't.  Please replace those with straight textual
     mentions of the documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == Line 14 has weird spacing: '...   This  docum...'

  == Line 15 has weird spacing: '...),  its  areas...'

  == Line 16 has weird spacing: '...   and  its  w...'

  == Line 20 has weird spacing: '...   and  may  b...'

  == Line 24 has weird spacing: '...   To  learn  ...'

  == (655 more instances...)

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (September 30, 1997) is 9695 days in the past.  Is
     this intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Possible downref: Non-RFC (?) normative reference: ref. 'ABA1'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'BAU1'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'ISO1'

  ** Downref: Normative reference to an Historic RFC: RFC 1422 (ref. 'PEM1')

  -- Possible downref: Non-RFC (?) normative reference: ref. 'PKI1'


     Summary: 13 errors (**), 0 flaws (~~), 9 warnings (==), 6 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	PKIX Working Group                S. Chokhani (CygnaCom Solutions, Inc.)
3	Internet Draft                                  W. Ford (VeriSign, Inc.)

5	Expires in six months from                          September 30, 1997

7	                   Internet Public Key Infrastructure
8	        Certificate Policy and Certification Practices Framework

10	                  <draft-ietf-pkix-ipki-part4-02.txt>

12	Status of this Memo

14	   This  document  is  an  Internet-Draft.   Internet-Drafts are working
15	   documents of the Internet Engineering Task Force (IETF),  its  areas,
16	   and  its  working groups.  Note that other groups may also distribute
17	   working documents as Internet-Drafts.

19	   Internet-Drafts are draft documents valid for a maximum of  6  months
20	   and  may  be  updated,  replaced,  or  may  become  obsolete by other
21	   documents at any time.  It is inappropriate to use Internet-Drafts as
22	   reference material or to cite them other than as work in progress.

24	   To  learn  the current status of any Internet-Draft, please check the
25	   1id-abstracts.txt listing contained  in  the  Internet-Drafts  Shadow
26	   Directories    on   ftp.is.co.za(Africa),   nic.nordu.net   (Europe),
27	   munnari.oz.au (Pacific Rim),  ds.internic.net  (US  East  Coast),  or
28	   ftp.isi.edu (US West Coast).

30	Abstract

32	   This   document  presents  a  framework  to  assist  the  writers  of
33	   certificate  policies  or  certification  practice   statements   for
34	   certification   authorities   and  public  key  infrastructures.   In
35	   particular, the framework provides a  comprehensive  list  of  topics
36	   that potentially (at the writer's discretion) need to be covered in a
37	   certificate policy definition or a certification practice  statement.
38	   It is intended that this document, when fully developed, be published
39	   as an Informational RFC.

41	   1. INTRODUCTION

43	   1.1  BACKGROUND

45	      A  public-key  certificate  (hereinafter  "certificate")  binds  a
46	      public-key  value  to  a  set  of  information that identifies the
47	      entity (such as person, organization, account, or site) associated
48	      with use of the corresponding private key (this entity is known as
49	      the "subject" of the certificate).  A certificate  is  used  by  a
50	      "certificate  user" or "relying party" that needs to use, and rely
51	      upon  the  accuracy  of,  the  public  key  distributed  via  that
52	      certificate  (a  certificate  user  is typically an entity that is
53	      verifying a digital signature from the certificate's subject or an
54	      entity  sending  encrypted  data  to  the subject).  The degree to
55	      which a certificate user can  trust  the  binding  embodied  in  a
56	      certificate  depends on several factors. These factors include the
57	      practices  followed  by  the  certification  authority   (CA)   in
58	      authenticating the subject; the CA's operating policy, procedures,
59	      and security controls; the subject's obligations (for example,  in
60	      protecting the private key); and the stated undertakings and legal
61	      obligations of the CA (for example, warranties and limitations  on
62	      liability).

64	      A  Version  3 X.509 certificate may contain a field declaring that
65	      one  or  more  specific  certificate  policies  applies  to   that
66	      certificate  [ISO1].   According to X.509, a certificate policy is
67	      "a named set of  rules  that  indicates  the  applicability  of  a
68	      certificate  to a particular community and/or class of application
69	      with common security requirements." A certificate  policy  may  be
70	      used  by  a  certificate  user  to  help  in  deciding  whether  a
71	      certificate, and the binding therein, is sufficiently  trustworthy
72	      for  a  particular application.  The certificate policy concept is
73	      an  outgrowth  of  the  policy  statement  concept  developed  for
74	      Internet Privacy Enhanced Mail [PEM1] and expanded upon in [BAU1].

76	      A more detailed description of the practices followed by a  CA  in
77	      issuing  and otherwise managing certificates may be contained in a
78	      certification practice statement (CPS) published by or  referenced
79	      by  the  CA.   According  to  the American Bar Association Digital
80	      Signature Guidelines (hereinafter "ABA Guidelines"), "a CPS  is  a
81	      statement of the practices which a certification authority employs
82	      in issuing certificates." [ABA1]

84	   1.2  PURPOSE

86	      The purpose of this document is to establish a clear  relationship
87	      between  certificate policies and CPSs, and to present a framework
88	      to assist the writers of certificate policies or CPSs  with  their
89	      tasks.   In particular, the framework identifies the elements that
90	      may need to be considered in formulating a certificate policy or a
91	      CPS.  The purpose is not to define particular certificate policies
92	      or CPSs, per se.

94	   1.3  SCOPE

96	      The scope of  this  document  is  limited  to  discussion  of  the
97	      contents  of a certificate policy (as defined in X.509) or CPS (as
98	      defined in the ABA  Guidelines).   In  particular,  this  document
99	      describes  the  types of information that should be considered for
100	      inclusion in a certificate policy definition or a CPS.   While the
101	      framework  as presented generally assumes use of the X.509 version
102	      3 certificate format, it is not  intended  that  the  material  be
103	      restricted  to  use  of  that  certificate  format.  Rather, it is
104	      intended that this framework be  adaptable  to  other  certificate
105	      formats that may come into use.

107	      The  scope does not extend to defining security policies generally
108	      (such as organization security policy, system security policy,  or
109	      data   labeling  policy)  beyond  the  policy  elements  that  are
110	      considered of particular  relevance  to  certificate  policies  or
111	      CPSs.

113	      This  document  does  not  define a specific certificate policy or
114	      CPS.

116	      It is assumed  that  the  reader  is  familiar  with  the  general
117	      concepts  of  digital  signatures,  certificates,  and  public-key
118	      infrastructure, as used in X.509 and the ABA Guidelines.

120	2.  DEFINITIONS

122	   This document makes use of the following defined terms:

124	      Activation data - Data values, other than keys, that are  required
125	      to  operate  cryptographic  modules  and that need to be protected
126	      (e.g., a PIN, a passphrase, or a manually-held key share).

128	      CA-certificate - A certificate for one CA's public key  issued  by
129	      another CA.

131	      Certificate  policy  -  A  named  set  of rules that indicates the
132	      applicability of a certificate to a  particular  community  and/or
133	      class  of  application  with  common  security  requirements.  For
134	      example,  a   particular   certificate   policy   might   indicate
135	      applicability  of  a  type of certificate to the authentication of
136	      electronic data interchange transactions for the trading of  goods
137	      within a given price range.

139	      Certification  path  -  An ordered sequence of certificates which,
140	      together with the public key of the initial object  in  the  path,
141	      can be processed to obtain that of the final object in the path.

143	      Certification  Practice  Statement  (CPS)  -  A  statement  of the
144	      practices which  a  certification  authority  employs  in  issuing
145	      certificates.

147	      Issuing certification authority (issuing CA) - In the context of a
148	      particular certificate, the issuing CA is the CA that  issued  the
149	      certificate (see also Subject certification authority).

151	      Policy qualifier - Policy-dependent information that accompanies a
152	      certificate policy identifier in an X.509 certificate.

154	      Registration authority (RA) - An entity that  is  responsible  for
155	      identification  and  authentication  of  certificate subjects, but
156	      that does not sign or issue certificates (i.e., an RA is delegated
157	      certain  tasks  on  behalf  of  a  CA).   [Note:   The  term Local
158	      Registration Authority  (LRA)  is  used  elsewhere  for  the  same
159	      concept.]

161	      Relying party -  A recipient of a certificate who acts in reliance
162	      on that certificate and/or digital signatures verified using  that
163	      certificate.   In  this document, the terms "certificate user" and
164	      "relying party" are used interchangeably.

166	      Set of  provisions  -  A  collection  of  practice  and/or  policy
167	      statements,  spanning  a  range  of  standard  topics,  for use in
168	      expressing a certificate policy definition or  CPS  employing  the
169	      approach described in this framework.

171	      Subject certification authority (subject CA) - In the context of a
172	      particular CA-certificate, the subject CA is the CA  whose  public
173	      key   is   certified   in   the   certificate  (see  also  Issuing
174	      certification authority).

176	3.  CONCEPTS

178	   This section explains the concepts of certificate policy and CPS, and
179	   describes  their  relationship.   Other  related  concepts  are  also
180	   described.  Some of the material covered in this section and in  some
181	   other  sections  is  specific  to  certificate policies extensions as
182	   defined X.509 version 3.  Except for those sections,  this  framework
183	   is  intended  to  be  adaptable to other certificate formats that may
184	   come into use.

186	   3.1  CERTIFICATE POLICY

188	      When  a  certification  authority  issues  a  certificate,  it  is
189	      providing  a  statement  to  a  certificate  user (i.e., a relying
190	      party) that a particular public  key  is  bound  to  a  particular
191	      entity  (the  certificate  subject).  However, the extent to which
192	      the certificate user should rely on that statement by the CA needs
193	      to  be  assessed  by the certificate user.  Different certificates
194	      are issued following different practices and procedures,  and  may
195	      be suitable for different applications and/or purposes.

197	      The X.509 standard defines a certificate policy as "a named set of
198	      rules that indicates the  applicability  of  a  certificate  to  a
199	      particular  community  and/or  class  of  application  with common
200	      security requirements"[ISO1].  An X.509 Version 3 certificate  may
201	      contain  an indication of certificate policy, which may be used by
202	      a certificate user to decide whether or not to trust a certificate
203	      for a particular purpose.

205	      A  certificate  policy,  which  needs to be recognized by both the
206	      issuer and user of a certificate, is represented in a  certificate
207	      by  a  unique,  registered  Object  Identifier.  The  registration
208	      process follows  the  procedures  specified  in  ISO/IEC  and  ITU
209	      standards.   The  party  that registers the Object Identifier also
210	      publishes a textual specification of the certificate  policy,  for
211	      examination  by  certificate  users.   Any  one  certificate  will
212	      typically declare a single certificate  policy  or,  possibly,  be
213	      issued consistent with a small number of different policies.

215	      Certificate  policies also constitute a basis for accreditation of
216	      CAs.  Each CA  is  accredited  against  one  or  more  certificate
217	      policies  which  it  is  recognized  as implementing.  When one CA
218	      issues a CA-certificate for another CA, the issuing CA must assess
219	      the set of certificate policies for which it trusts the subject CA
220	      (such assessment may be based upon accreditation  with respect  to
221	      the   certificate   policies   involved).   The  assessed  set  of
222	      certificate policies is then indicated by the issuing  CA  in  the
223	      CA-certificate.   The   X.509  certification path processing logic
224	      employs these certificate policy indications in  its  well-defined
225	      trust model.

227	   3.2  CERTIFICATE POLICY EXAMPLES

229	      For  example purposes, suppose that IATA undertakes to define some
230	      certificate policies for use throughout the airline industry, in a
231	      public-key  infrastructure  operated  by  IATA in combination with
232	      public-key infrastructures operated by individual  airlines.   Two
233	      certificate  policies  are  defined  -  the  IATA  General-Purpose
234	      policy, and the IATA Commercial-Grade policy.

236	      The IATA General-Purpose policy is intended for  use  by  industry
237	      personnel   for   protecting  routine  information  (e.g.,  casual
238	      electronic mail) and for  authenticating  connections  from  World
239	      Wide  Web  browsers  to  servers for general information retrieval
240	      purposes. The key pairs may  be  generated,  stored,  and  managed
241	      using   low-cost,   software-based  systems,  such  as  commercial
242	      browsers.  Under this policy, a certificate may  be  automatically
243	      issued to anybody listed as an employee in the corporate directory
244	      of IATA or any member airline who  submits  a  signed  certificate
245	      request   form   to   a   network  administrator  in  his  or  her
246	      organization.

248	      The IATA Commercial-Grade policy  is  used  to  protect  financial
249	      transactions  or  binding  contractual exchanges between airlines.
250	      Under this policy, IATA  requires  that  certified  key  pairs  be
251	      generated  and  stored  in approved cryptographic hardware tokens.
252	      Certificates and tokens are provided  to  airline  employees  with
253	      disbursement  authority. These authorized individuals are required
254	      to present themselves to the corporate  security  office,  show  a
255	      valid identification badge, and sign an undertaking to protect the
256	      token and use it only for authorized purposes, before a token  and
257	      a certificate are issued.

259	   3.3 X.509 CERTIFICATE FIELDS

261	      The following extension fields in an X.509 certificate are used to
262	      support certificate policies:

264	         * Certificate Policies extension;
265	         * Policy Mappings extension; and
266	         * Policy Constraints extension.

268	      3.3.1 Certificate Policies Extension

270	         The Certificate Policies extension has two variants - one  with
271	         the  field flagged non-critical and  one with the field flagged
272	         critical.  The purpose of the field is  different  in  the  two
273	         cases.

275	         A  non-critical  Certificate  Policies  field lists certificate
276	         policies  that  the  certification   authority   declares   are
277	         applicable.   However, use of the certificate is not restricted
278	         to the purposes indicated by the  applicable  policies.   Using
279	         the  example  of  the IATA General-Purpose and Commercial-Grade
280	         policies defined in Section 3.2,  the  certificates  issued  to
281	         regular  airline  employees  will contain the object identifier
282	         for certificate policy for  the  General-Purpose  policy.   The
283	         certificates   issued   to   the  employees  with  disbursement
284	         authority will contain the  object  identifiers  for  both  the
285	         General-Purpose  policy  and  the Commercial-Grade policy.  The
286	         Certificate Policies field may also optionally convey qualifier
287	         values  for  each  identified  policy;  use  of  qualifiers  is
288	         discussed in Section 3.4.

290	         The non-critical Certificate Policies field is designed  to  be
291	         used  by  applications  as  follows.   Each application is pre-
292	         configured to know what policy it requires.  Using the  example
293	         in  Section  3.2,  electronic mail applications and Web servers
294	         will be  configured  to  require  the  General-Purpose  policy.
295	         However, an airline's financial applications will be configured
296	         to require the Commercial-Grade policy for validating financial
297	         transactions over a certain dollar value.

299	         When processing a certification path, a certificate policy that
300	         is acceptable to  the  certificate-using  application  must  be
301	         present  in  every  certificate  in  the  path,  i.e.,  in  CA-
302	         certificates as well as end entity certificates.

304	         If the Certificate  Policies  field  is  flagged  critical,  it
305	         serves  the  same  purpose  as  described above but also has an
306	         additional role.  It indicates that the use of the  certificate
307	         is  restricted  to  one  of  the identified policies, i.e., the
308	         certification authority is declaring that the certificate  must
309	         only  be  used  in accordance with the provisions of one of the
310	         listed certificate policies. This field is intended to  protect
311	         the  certification authority against damage claims by a relying
312	         party who has used the certificate for an inappropriate purpose
313	         or  in an inappropriate manner, as stipulated in the applicable
314	         certificate policy definition.

316	         For  example,  the  Internal  Revenue   Service   might   issue
317	         certificates  to  taxpayers  for  the purpose of protecting tax
318	         filings.  The Internal  Revenue  Service  understands  and  can
319	         accommodate   the   risks   of   accidentally   issuing  a  bad
320	         certificate, e.g., to a wrongly-authenticated person.  However,
321	         suppose  someone  used  an  Internal Revenue Service tax-filing
322	         certificate as the basis for  encrypting  multi-million-dollar-
323	         value  proprietary  secrets  which  subsequently  fell into the
324	         wrong hands because of an error in issuing the Internal Revenue
325	         Service  certificate.  The Internal Revenue Service may want to
326	         protect   itself   against   claims   for   damages   in   such
327	         circumstances.    The   critical-flagged  Certificate  Policies
328	         extension is intended to mitigate the risk to  the  certificate
329	         issuer in such situations.

331	      3.3.2  Policy Mappings Extension

333	         The   Policy  Mappings  extension  may  only  be  used  in  CA-
334	         certificates. This field allows a  certification  authority  to
335	         indicate  that  certain  policies  in  its  own  domain  can be
336	         considered equivalent to certain other policies in the  subject
337	         certification authority's domain.

339	         For   example,  suppose  the  ACE  Corporation  establishes  an
340	         agreement  with  the  ABC  Corporation  to  cross-certify  each
341	         others' public-key infrastructures for the purposes of mutually
342	         protecting electronic data interchange (EDI). Further,  suppose
343	         that  both  companies  have  pre-existing financial transaction
344	         protection policies called ace-e-commerce  and  abc-e-commerce,
345	         respectively.    One  can  see  that  simply  generating  cross
346	         certificates between the  two  domains  will  not  provide  the
347	         necessary  interoperability, as the two companies' applications
348	         are configured with and  employee  certificates  are  populated
349	         with  their  respective  certificate  policies.   One  possible
350	         solution is to reconfigure all of the financial applications to
351	         require  either policy and to reissue all the certificates with
352	         both policies.   Another  solution,  which  may  be  easier  to
353	         administer,  uses  the  Policy Mapping field.  If this field is
354	         included  in  a  cross-certificate  for  the  ABC   Corporation
355	         certification   authority   issued   by   the  ACE  Corporation
356	         certification authority, it can provide a  statement  that  the
357	         ABC's  financial  transaction  protection  policy (i.e., abc-e-
358	         commerce) can be considered  equivalent  to  that  of  the  ACE
359	         Corporation (i.e., ace-e-commerce).

361	      3.3.3  Policy Constraints Extension

363	         The   Policy   Constraints   extension  supports  two  optional
364	         features.   The  first  is  the  ability  for  a  certification
365	         authority   to   require   that   explicit  certificate  policy
366	         indications be present in  all  subsequent  certificates  in  a
367	         certification   path.    Certificates   at   the   start  of  a
368	         certification path may be considered by a certificate  user  to
369	         be  part  of  a trusted domain, i.e., certification authorities
370	         are trusted for  all  purposes  so  no  particular  certificate
371	         policy  is  needed  in the Certificate Policies extension. Such
372	         certificates  need  not   contain   explicit   indications   of
373	         certificate policy.  However, when a certification authority in
374	         the  trusted  domain  certifies  outside  the  domain,  it  can
375	         activate  the  requirement  for  explicit certificate policy in
376	         subsequent certificates in the certification path.

378	         The other optional feature in the Policy Constraints  field  is
379	         the  ability  for  a  certification authority to disable policy
380	         mapping  by   subsequent   certification   authorities   in   a
381	         certification  path.   It  may  be  prudent  to  disable policy
382	         mapping when certifying outside the domain.  This can assist in
383	         controlling  risks  due  to  transitive trust, e.g., a domain A
384	         trusts domain B, domain B trusts domain C, but  domain  A  does
385	         not want to be forced to trust domain C.

387	   3.4  POLICY QUALIFIERS

389	      The  Certificate  Policies  extension  field  has  a provision for
390	      conveying,  along  with  each   certificate   policy   identifier,
391	      additional policy-dependent information in a qualifier field.  The
392	      X.509 standard does not mandate the purpose for which  this  field
393	      is  to  be  used, nor does it prescribe the syntax for this field.
394	      Policy qualifier types can be registered by any organization.

396	      The following policy qualifier types are defined in  PKIX  Part  I
397	      [PKI1]:

399	         (a)   The  CPS  Pointer  qualifier  contains  a  pointer  to  a
400	         Certification Practice Statement (CPS)  published  by  the  CA.
401	         The  pointer  is  in  the form of a uniform resource identifier
402	         (URI).

404	         (b) The User Notice qualifier contains a text string that is to
405	         be  displayed  to a certificate user (including subscribers and
406	         relying parties) prior to the use of the certificate.  The text
407	         string may be an IA5String or a BMPString - a subset of the ISO
408	         100646-1 multiple octet coded character set.  A CA may invoke a
409	         procedure  that  requires  that the certficate user acknowledge
410	         that the applicable terms and conditions have been disclosed or
411	         accepted.

413	      Policy  qualifiers  can  be  used  to  support  the  definition of
414	      generic,  or  parameterized,   certificate   policy   definitions.
415	      Provided  the  base  certificate  policy  definition  so provides,
416	      policy qualifier types  can  be  defined  to  convey,  on  a  per-
417	      certificate basis, additional specific policy details that fill in
418	      the generic definition.
419	   3.5  CERTIFICATION PRACTICE STATEMENT

421	      The term certification practice statement (CPS) is defined by  the
422	      ABA   Guidelines  as:  "A  statement  of  the  practices  which  a
423	      certification authority employs in issuing  certificates."  [ABA1]
424	      In  the  1995  draft  of  the ABA guidelines, the ABA expands this
425	      definition with the following comments:

427	         A certification practice statement  may  take  the  form  of  a
428	         declaration  by  the  certification authority of the details of
429	         its trustworthy system and the  practices  it  employs  in  its
430	         operations  and  in support of issuance of a certificate, or it
431	         may be a statute or regulation applicable to the  certification
432	         authority  and  covering similar subject matter. It may also be
433	         part of the contract between the  certification  authority  and
434	         the  subscriber. A certification practice statement may also be
435	         comprised of multiple documents, a combination of  public  law,
436	         private contract, and/or declaration.

438	         Certain  forms  for legally implementing certification practice
439	         statements lend themselves  to  particular  relationships.  For
440	         example,  when  the  legal relationship between a certification
441	         authority  and  subscriber  is  consensual,  a  contract  would
442	         ordinarily  be  the  means  of giving effect to a certification
443	         practice statement. The certification authority's duties  to  a
444	         relying   person  are  generally  based  on  the  certification
445	         authority's representations, which may include a  certification
446	         practice statement.

448	         Whether  a  certification  practice  statement  is binding on a
449	         relying person  depends  on  whether  the  relying  person  has
450	         knowledge  or notice of the certification practice statement. A
451	         relying person has knowledge or at least notice of the contents
452	         of  the  certificate  used  by  the  relying person to verify a
453	         digital signature, including documents  incorporated  into  the
454	         certificate   by   reference.  It  is  therefore  advisable  to
455	         incorporate  a  certification   practice   statement   into   a
456	         certificate by reference.

458	         As  much as possible, a certification practice statement should
459	         indicate any of the widely recognized standards  to  which  the
460	         certification   authority's  practices  conform.  Reference  to
461	         widely  recognized  standards  may   indicate   concisely   the
462	         suitability  of  the  certification  authority's  practices for
463	         another  person's  purposes,   as   well   as   the   potential
464	         technological  compatibility  of the certificates issued by the
465	         certification authority with repositories and other systems.

467	   3.6   RELATIONSHIP  BETWEEN  CERTIFICATE  POLICY  AND   CERTIFICATION
468	   PRACTICE STATEMENT

470	      The  concepts  of  certificate  policy and CPS come from different
471	      sources and were developed for different reasons.  However,  their
472	      interrelationship is important.

474	      A  certification  practice  statement is a detailed statement by a
475	      certification authority as  to  its  practices,  that  potentially
476	      needs   to   be   understood  and  consulted  by  subscribers  and
477	      certificate users (relying parties).  Although the level of detail
478	      may  vary  among  CPSs,  they will generally be more detailed than
479	      certificate  policy  definitions.  Indeed,  CPSs  may   be   quite
480	      comprehensive,  robust  documents  providing  a description of the
481	      precise service offerings, detailed procedures of  the  life-cycle
482	      management  of  certificates,  and  more - a level of detail which
483	      weds the CPS to a particular  (proprietary)  implementation  of  a
484	      service offering.

486	      Although  such detail may be indispensable to adequately disclose,
487	      and to make a full assessment of trustworthiness in the absence of
488	      accreditation  or other recognized quality metrics, a detailed CPS
489	      does not form a suitable basis for  interoperability  between  CAs
490	      operated by different organizations.  Rather, certificate policies
491	      best serve as the vehicle on which to base common interoperability
492	      standards  and  common  assurance criteria on an industry-wide (or
493	      possibly more global) basis.  A CA with a single CPS  may  support
494	      multiple  certificate  policies  (used  for  different application
495	      purposes and/or by different certificate user communities).  Also,
496	      multiple  different CAs, with non-identical certification practice
497	      statements, may support the same certificate policy.

499	      For example, the Federal Government might define a government-wide
500	      certificate  policy  for  handling  confidential  human  resources
501	      information.  The certificate policy definition will  be  a  broad
502	      statement  of  the  general  characteristics  of  that certificate
503	      policy, and an indication of the types of applications  for  which
504	      it  is  suitable  for use.  Different departments or agencies that
505	      operate certification  authorities  with  different  certification
506	      practice statements might support this certificate policy.  At the
507	      same  time,  such  certification  authorities  may  support  other
508	      certificate policies.

510	      The  main  difference  between  certificate  policy  and  CPS  can
511	      therefore be summarized as follows:

513	         (a)   Most  organizations  that  operate   public   or   inter-
514	         organizational  certification  authorities  will document their
515	         own practices in CPSs or similar statements.  The CPS is one of
516	         the  organization's  means of protecting itself and positioning
517	         its business relationships with subscribers and other entities.

519	         (b)   There  is  strong  incentive,  on  the  other hand, for a
520	         certificate policy to apply more broadly than to just a  single
521	         organization.   If  a  particular  certificate policy is widely
522	         recognized and imitated, it has great potential as the basis of
523	         automated  certificate  acceptance  in  many systems, including
524	         unmanned systems and systems that  are  manned  by  people  not
525	         independently  empowered  to  determine  the  acceptability  of
526	         different presented certificates.

528	      In addition to populating the certificate policies field with  the
529	      certificate  policy  identifier,  a  certification  authority  may
530	      include,  in  certificates  it  issues,   a   reference   to   its
531	      certification  practice  statement.   A  standard  way to do this,
532	      using a certificate policy qualifier, is described in Section 3.4.

534	   3.7  SET OF PROVISIONS

536	      A  set  of  provisions  is  a collection of practice and/or policy
537	      statements, spanning a  range  of  standard  topics,  for  use  in
538	      expressing  a  certificate  policy definition or CPS employing the
539	      approach described in this framework.

541	      A  certificate  policy  can  be  expressed  as  a  single  set  of
542	      provisions.

544	      A  CPS  can  be  expressed as a single set of provisions with each
545	      component addressing the requirements of one or  more  certificate
546	      policies, or, alternatively, as an organized collection of sets of
547	      provisions.   For  example,  a  CPS  could  be  expressed   as   a
548	      combination of the following:

550	         (a)  a list of certificate policies supported by the CPS;

552	         (b)   for  each  certificate policy in (a), a set of provisions
553	         which contains statements that refine that  certificate  policy
554	         by  filling  in  details  not  stipulated  in  that  policy  or
555	         expressly left to the discretion of the CPS by that certificate
556	         policy; such statements serve to  state how this particular CPS
557	         implements  the  requirements  of  the  particular  certificate
558	         policy;

560	         (c)  a set of provisions that contains statements regarding the
561	         certification practices on the CA,  regardless  of  certificate
562	         policy.

564	      The  statements  provided in (b) and (c) may augment or refine the
565	      stipulations of the applicable certificate policy definition,  but
566	      must not conflict with any of the stipulations of such certificate
567	      policy definition.

569	      This framework outlines the contents of a set  of  provisions,  in
570	      terms of eight primary components, as follows:

572	         * Introduction;

574	         * General Provisions;

576	         * Identification and Authentication;

578	         * Operational Requirements;

580	         * Physical, Procedural, and Personnel Security Controls;

582	         * Technical Security Controls;

584	         * Certificate and CRL Profile; and

586	         * Specification Administration.

588	      Components  can  be  further  divided  into  subcomponents,  and a
589	      subcomponent may comprise multiple elements.  Section 4 provides a
590	      more detailed description of the contents of the above components,
591	      and their subcomponents.

593	4.  CONTENTS OF A SET OF PROVISIONS

595	   This section expands upon the contents of a  set  of  provisions,  as
596	   introduced  in  Section  3.7.   The topics identified in this section
597	   are, consequently, candidate topics for inclusion  in  a  certificate
598	   policy definition  or CPS.

600	   While  many  topics  are  identified,  it  is  not  necessary  for  a
601	   certificate policy or a CPS to include a concrete statement for every
602	   such  topic.    Rather,  a  particular  certificate policy or CPS may
603	   state "no stipulation" for a component, subcomponent, or  element  on
604	   which   the   particular   certificate   policy  or  CPS  imposes  no
605	   requirements.  In this sense, the list of topics can be considered  a
606	   checklist  of  topics  for consideration by the certificate policy or
607	   CPS writer.  It is recommended that  each  and  every  component  and
608	   subcomponent  be  included  in  a  certificate policy or CPS, even if
609	   there is "no stipulation"; this will indicate to the  reader  that  a
610	   conscious  decision  was made to include or exclude that topic.  This
611	   protects against inadvertent omission of a topic, while  facilitating
612	   comparison  of  different  certificate  policies  or CPSs, e.g., when
613	   making policy mapping decisions.

615	   In a certificate policy definition, it is possible to  leave  certain
616	   components,   subcomponents,  and/or  elements  unspecified,  and  to
617	   stipulate that the required information will be indicated in a policy
618	   qualifier.   Such  certificate  policy  definitions can be considered
619	   parameterized definitions.  The set of provisions should reference or
620	   define  the  required  policy  qualifier types and should specify any
621	   applicable default values.

623	   4.1 INTRODUCTION

625	      This component identifies and introduces the  set  of  provisions,
626	      and indicates the types of entities and applications for which the
627	      specification is targeted.

629	      This component has the following subcomponents:
630	         * Overview;

632	         * Identification;

634	         * Community and Applicability; and

636	         * Contact Details.

638	      4.1.1  Overview

640	         This  subcomponent  provides  a  general  introduction  to  the
641	         specification.

643	      4.1.2  Identification

645	         This  subcomponent  provides  any  applicable  names  or  other
646	         identifiers, including ASN.1 object identifiers, for the set of
647	         provisions.

649	      4.1.3  Community and Applicability

651	         This  subcomponent  describes  the types of entities that issue
652	         certificates or that are certified as subject CAs (2,  3),  the
653	         types  of entities that perform RA functions (4), and the types
654	         of entities that are  certified  as  subject  end  entities  or
655	         subscribers. (5, 6)

657	         This subcomponent also contains:

659	            *  A  list of applications for which the issued certificates
660	            are suitable.

662	            * A list  of  applications  for  which  use  of  the  issued
663	            certificates is restricted.  (This list implicitly prohibits
664	            all other uses for the certificates.)
665	            * A list  of  applications  for  which  use  of  the  issued
666	            certificates is prohibited.

668	      4.1.4  Contact Details

670	         This  subcomponent includes the name and mailing address of the
671	         authority   that   is   responsible   for   the   registration,
672	         maintenance,  and  interpretation of this certificate policy or
673	         CPS.  It also  includes  the  name,  electronic  mail  address,
674	         telephone number, and fax number of a contact person.

676	   4.2  GENERAL PROVISIONS

678	      This component specifies any applicable presumptions on a range of
679	      legal and general practices topics.

681	      This component contains the following subcomponents:

683	         * Obligations;

685	         * Liability;

687	         * Financial Responsibility;

689	         * Interpretation and Enforcement;

691	         * Fees;

693	         * Publication and Repositories;

695	         * Compliance Audit;

697	         * Confidentiality; and

699	         * Intellectual Property Rights.

701	      Each subcomponent may need to separately state provisions applying
702	      to  the  entity types: CA, repository, RA, subscriber, and relying
703	      party.  (Specific provisions  regarding  subscribers  and  relying
704	      parties  are  only  applicable  in  the  Liability and Obligations
705	      subcomponents.)
706	      4.2.1  Obligations

708	         This  subcomponent  contains,  for  each   entity   type,   any
709	         applicable  provisions  regarding  the  entity's obligations to
710	         other entities.  Such provisions may include:

712	            * CA and/or RA obligations:
713	               * Notification  of  issuance  of  a  certificate  to  the
714	               subscriber  who  is  the subject of the certificate being
715	               issued;
716	               * Notification of issuance of  a  certificate  to  others
717	               than the subject of the certificate;
718	               *   Notification   of   revocation  or  suspension  of  a
719	               certificate to the subscriber whose certificate is  being
720	               revoked or suspended; and
721	               *   Notification   of   revocation  or  suspension  of  a
722	               certificate to others than the subject whose  certificate
723	               is being revoked or suspended.

725	            * Subscriber obligations:

727	               * Accuracy of representations in certificate application;
728	               * Protection of the entity's private key;
729	               * Restrictions on private key and certificate use; and
730	               * Notification upon private key compromise.

732	            * Relying party obligations:

734	               * Purposes for which certificate is used;
735	               * Digital signature verification responsibilities;
736	               * Revocation and  suspension  checking  responsibilities;
737	               and
738	               *   Acknowledgment   of  applicable  liability  caps  and
739	               warranties.

741	            * Repository obligations

743	               *  Timely  publication  of  certificates  and  revocation
744	               information

746	      4.2.2  Liability

748	         This   subcomponent   contains,   for  each  entity  type,  any
749	         applicable provisions  regarding  apportionment  of  liability,
750	         such as:

752	            * Warranties and limitations on warranties;

754	            *   Kinds  of  damages  covered  (e.g.,  indirect,  special,
755	            consequential,  incidental,  punitive,  liquidated  damages,
756	            negligence and fraud) and disclaimers;

758	            *   Loss   limitations   (caps)   per   certificate  or  per
759	            transaction; and

761	            *  Other  exclusions  (e.g.,  Acts  of  God,   other   party
762	            responsibilities).

764	      4.2.3  Financial Responsibility

766	         This  subcomponent  contains, for CAs, repository, and RAs, any
767	         applicable  provisions  regarding  financial  responsibilities,
768	         such as:

770	            * Indemnification of CA and/or RA by relying parties;

772	            *  Fiduciary  relationships  (or  lack  thereof) between the
773	            various entities; and

775	            * Administrative processes (e.g., accounting, audit).

777	      4.2.4  Interpretation and Enforcement

779	         This subcomponent contains any applicable provisions  regarding
780	         interpretation  and  enforcement  of  the certificate policy or
781	         CPS, addressing such topics as:

783	            * Governing law;

785	            * Severability of provisions, survival, merger, and  notice;
786	            and

788	            * Dispute resolution procedures.

790	      4.2.5  Fees

792	         This  subcomponent contains any applicable provisions regarding
793	         fees charged by CAs, repositories, or RAs, such as:

795	            * Certificate issuance or renewal fees;

797	            * Certificate access fee;

799	            * Revocation or status information access fee;

801	            * Fees for other services such as policy information; and

803	            * Refund policy.

805	      4.2.6  Publication and Repositories

807	         This subcomponent contains any applicable provisions regarding:

809	            *  A  CA's  obligations to publish information regarding its
810	            practices, its certificates, and the current status of  such
811	            certificates;

813	            * Frequency of publication;

815	            *  Access control on published information objects including
816	            certificate   policy   definitions,    CPS,    certificates,
817	            certificate status, and CRLs; and

819	            *   Requirements  pertaining  to  the  use  of  repositories
820	            operated by CAs or by other independent parties.

822	      4.2.7  Compliance Audit

824	         This subcomponent addresses the following:

826	            * Frequency of compliance audit for each entity;

828	            * Identity of the auditor;

830	            * Auditor's relationship to the entity being audited; (30)

832	            * List of topics covered under the compliance audit; (31)

834	            * Actions taken as a result of  a  deficiency  found  during
835	            compliance audit; (32)

837	            *  Compliance audit results: who they are shared with (e.g.,
838	            subject CA, RA, and/or  end  entities),  who  provides  them
839	            (e.g.,  entity  being  audited  or  auditor),  how  they are
840	            communicated.

842	      4.2.8  Confidentiality Policy

844	         This subcomponent addresses the following:

846	            * Types of information that must be kept confidential by  CA
847	            or RA;

849	            * Types of information that are not considered confidential;

851	            * Who is entitled to be informed of reasons  for  revocation
852	            and suspension of certificates;

854	            *  Policy  on  release  of  information  to  law enforcement
855	            officials;

857	            *  Information  that  can  be  revealed  as  part  of  civil
858	            discovery;

860	            *  Conditions  upon which CA or RA may disclose upon owner's
861	            request; and

863	            *  Any  other   circumstances   under   which   confidential
864	            information may be disclosed.

866	      4.2.9  Intellectual Property Rights

868	         This  subcomponent  addresses ownership rights of certificates,
869	         practice/policy specifications, names, and keys.

871	   4.3  IDENTIFICATION AND AUTHENTICATION

873	      This component describes the procedures  used  to  authenticate  a
874	      certificate applicant to a CA or RA prior to certificate issuance.
875	      It also describes how parties requesting rekey or  revocation  are
876	      authenticated.   This  component  also addresses naming practices,
877	      including name ownership recognition and name dispute  resolution.

879	      This component has the following subcomponents:

881	         * Initial Registration;

883	         * Routine Rekey;

885	         * Rekey After Revocation; and
886	         * Revocation Request.

888	      4.3.1  Initial Registration

890	         This  subcomponent  includes  the  following elements regarding
891	         identification  and  authentication  procedures  during  entity
892	         registration or certificate issuance:

894	            * Types of names assigned to the subject (7);

896	            * Whether names have to be meaningful or not (8);

898	            * Rules for interpreting various name forms;

900	            * Whether names have to be unique;

902	            * How name claim disputes are resolved;

904	            * Recognition, authentication, and role of trademarks;

906	            *  If  and  how  the  subject  must  prove possession of the
907	            companion private key for the public  key  being  registered
908	            (9);

910	            * Authentication requirements for organizational identity of
911	            subject (CA, RA, or end entity) (10);

913	            * Authentication requirements for a person acting on  behalf
914	            of a subject (CA, RA, or end entity) (11), including:

916	               * Number of pieces of identification required;
917	               *  How  a CA or RA validates the pieces of identification
918	               provided;
919	               * If  the  individual  must  present  personally  to  the
920	               authenticating CA or RA;
921	               *  How  an  individual  as  an  organizational  person is
922	               authenticated (12).

924	      4.3.2  Routine Rekey

926	         This   subcomponent   describes    the    identification    and
927	         authentication  procedures  for  routine rekey for each subject
928	         type (CA, RA, and end entity). (13)

930	      4.3.3  Rekey After Revocation -- No Key Compromise

932	         This   subcomponent   describes    the    identification    and
933	         authentication  procedures for rekey for each subject type (CA,
934	         RA, and end entity) after  the  subject  certificate  has  been
935	         revoked. (14)

937	      4.3.4  Revocation Request

939	         This    subcomponent    describes    the   identification   and
940	         authentication procedures for  a  revocation  request  by  each
941	         subject type (CA, RA, and end entity). (16)

943	   4.4  OPERATIONAL REQUIREMENTS

945	      This  component  is  used  to  specify  requirements  imposed upon
946	      issuing CA, subject CAs, RAs, or  end  entities  with  respect  to
947	      various operational activities.

949	      This component consists of the following subcomponents:

951	         * Certificate Application;

953	         * Certificate Issuance;

955	         * Certificate Acceptance;

957	         * Certificate Suspension and Revocation;

959	         * Security Audit Procedures;

961	         * Records Archival;

963	         * Key Changeover;

965	         * Compromise and Disaster Recovery; and

967	         * CA Termination.

969	      Within  each  subcomponent,  separate consideration may need to be
970	      given to  issuing  CA,  repository,  subject  CAs,  RAs,  and  end
971	      entities.

973	      4.4.1  Certificate Application

975	         This  subcomponent  is  used  to  state  requirements regarding
976	         subject enrollment and request for certificate issuance.

978	      4.4.2  Certificate Issuance

980	         This subcomponent  is  used  to  state  requirements  regarding
981	         issuance  of a certificate and notification to the applicant of
982	         such issuance.

984	      4.4.3  Certificate Acceptance

986	         This subcomponent  is  used  to  state  requirements  regarding
987	         acceptance   of   an  issued  certificate  and  for  consequent
988	         publication of certificates.

990	      4.4.4  Certificate Suspension and Revocation

992	         This subcomponent addresses the following:

994	            * Circumstances under which a certificate may be revoked;

996	            * Who can request the revocation of the entity certificate;

998	            * Procedures used for certificate revocation request;

1000	            * Revocation request grace period available to the subject;

1002	            * Circumstances under which a certificate may be suspended;

1004	            * Who can request the suspension of a certificate;

1006	            * Procedures to request certificate suspension;

1008	            * How long the suspension may last;

1010	            * If a CRL mechanism is used, the issuance frequency;

1012	            * Requirements on relying parties to check CRLs;

1014	            * On-line revocation/status checking availability;

1016	            *  Requirements  on  relying  parties  to  perform   on-line
1017	            revocation/status checks;

1019	            * Other forms of revocation advertisements available; and
1020	            *  Requirements  on  relying parties to check other forms of
1021	            revocation advertisements.

1023	            *  Any  variations  on  the  above  stipulations  when   the
1024	            suspension  or  revocation  is  the  result  of  private key
1025	            compromise (as opposed to other reasons  for  suspension  or
1026	            revocation).

1028	      4.4.5  Security Audit Procedures

1030	         This  subcomponent  is used to describe event logging and audit
1031	         systems, implemented for the purpose of  maintaining  a  secure
1032	         environment.  Elements include the following:

1034	            * Types of events recorded; (28)

1036	            * Frequency with which audit logs are processed or audited;

1038	            * Period for which audit logs are kept;

1040	            * Protection of audit logs:

1042	               - Who can view audit logs;
1043	               - Protection against modification of audit log; and
1044	               - Protection against deletion of audit log.

1046	            * Audit log back up procedures;

1048	            *  Whether  the audit log accumulation system is internal or
1049	            external to the entity;

1051	            * Whether the subject who caused an audit event to occur  is
1052	            notified of the audit action; and

1054	            * Vulnerability assessments.
1055	      4.4.6  Records Archival

1057	         This  subcomponent is used to describe general records archival
1058	         (or records retention) policies, including the following:

1060	            * Types of events recorded; (29)

1062	            * Retention period for archive;

1064	            * Protection of archive:

1066	               - Who can view the archive;
1067	               - Protection against modification of archive; and
1068	               - Protection against deletion of archive.

1070	            * Archive backup procedures;

1072	            * Requirements for time-stamping of records;

1074	            * Whether the  archive  collection  system  is  internal  or
1075	            external; and

1077	            * Procedures to obtain and verify archive information.

1079	      4.4.7  Key Changeover

1081	         This  subcomponent  describes  the  procedures to provide a new
1082	         public key to a CA's users.

1084	      4.4.8  Compromise and Disaster Recovery

1086	         This   subcomponent   describes   requirements   relating    to
1087	         notification and recovery procedures in the event of compromise
1088	         or disaster.  Each of the following circumstances may  need  to
1089	         be addressed separately:

1091	            *  The  recovery  procedures  used  if  computing resources,
1092	            software, and/or data  are  corrupted  or  suspected  to  be
1093	            corrupted.    These   procedures   describe   how  a  secure
1094	            environment  is  reestablished,   which   certificates   are
1095	            revoked,  whether  the  entity  key  is revoked, how the new
1096	            entity public key is provided to  the  users,  and  how  the
1097	            subjects are recertified.

1099	            *  The  recovery procedures used if the entity public key is
1100	            revoked.  These procedures describe how a secure environment
1101	            is  reestablished, how the new entity public key is provided
1102	            to the users, and how the subjects are recertified.

1104	            *  The  recovery  procedures  used  if  the  entity  key  is
1105	            compromised.    These   procedures  describe  how  a  secure
1106	            environment is reestablished, how the new entity public  key
1107	            is   provided  to  the  users,  and  how  the  subjects  are
1108	            recertified.

1110	      4.4.9  CA Termination

1112	         This subcomponent describes requirements relating to procedures
1113	         for termination and for termination notification of a CA or RA,
1114	         including the identity of the custodian of CA and  RA  archival
1115	         records.

1117	   4.5  PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS

1119	      This component describes non-technical security controls (that is,
1120	      physical, procedural, and personnel controls) used by the  issuing
1121	      CA  to  perform  securely the functions of key generation, subject
1122	      authentication,  certificate  issuance,  certificate   revocation,
1123	      audit, and archival.

1125	      This  component  can also be used to define non-technical security
1126	      controls on repository, subject CAs, RAs, and end  entities.   The
1127	      non  technical security controls for the subject CAs, RAs, and end
1128	      entities could be the same, similar, or very different.

1130	      These non-technical security controls are critical to trusting the
1131	      certificates  since  lack of security may compromise CA operations
1132	      resulting, for example, in the creation of  certificates  or  CRLs
1133	      with  erroneous  information  or  the compromise of the CA private
1134	      key.

1136	      This component consists of three subcomponents:

1138	         * Physical Security Controls;

1140	         * Procedural Controls; and

1142	         * Personnel Security Controls.

1144	      Within each subcomponent, separate consideration will, in general,
1145	      need  to  be  given  to  each  entity  type,  that is, issuing CA,
1146	      repository, subject CAs, RAs, and end entities.

1148	      4.5.1  Physical Security Controls

1150	         In this subcomponent, the physical  controls  on  the  facility
1151	         housing the entity systems are described.(21)  Topics addressed
1152	         may include:

1154	            * Site location and construction;

1156	            * Physical access;

1158	            * Power and air conditioning;

1160	            * Water exposures;

1162	            * Fire prevention and protection;

1164	            * Media storage;

1166	            * Waste disposal; and

1168	            * Off-site backup.

1170	      4.5.2  Procedural Controls

1172	         In this  subcomponent,  requirements  for  recognizing  trusted
1173	         roles  are  described,  together  with the responsibilities for
1174	         each role.(22)

1176	         For each task identified for  each  role,  it  should  also  be
1177	         stated how many individuals are required to perform the task (n
1178	         out m rule).  Identification  and  authentication  requirements
1179	         for each role may also be defined.

1181	      4.5.3  Personnel Security Controls

1183	         This subcomponent addresses the following:

1185	            *  Background  checks  and clearance procedures required for
1186	            the personnel filling the trusted roles; (23)

1188	            * Background checks and  clearance  procedures  requirements
1189	            for other personnel, including janitorial staff; (24)

1191	            *  Training  requirements  and  training procedures for each
1192	            role;

1194	            * Any retraining period and retraining procedures  for  each
1195	            role;
1196	            *  Frequency  and  sequence  for  job rotation among various
1197	            roles;

1199	            * Sanctions  against  personnel  for  unauthorized  actions,
1200	            unauthorized  use  of  authority,  and  unauthorized  use of
1201	            entity systems; (25)

1203	            * Controls on contracting personnel, including:

1205	               - Bonding requirements on contract personnel;
1206	               - Contractual requirements including indemnification  for
1207	               damages due to the actions of the contractor personnel;
1208	               - Audit and monitoring of contractor personnel; and
1209	               - Other controls on contracting personnel.

1211	            * Documentation to be supplied to personnel.

1213	   4.6  TECHNICAL SECURITY CONTROLS

1215	      This  component  is  used to define the security measures taken by
1216	      the issuing CA to protect its cryptographic  keys  and  activation
1217	      data  (e.g.,  PINs, passwords, or manually-held key shares).  This
1218	      component may also be used to impose constraints on  repositories,
1219	      subject  CAs  and end entities to protect their cryptographic keys
1220	      and  critical  security  parameters.   Secure  key  management  is
1221	      critical to ensure that all secret and private keys and activation
1222	      data are protected and used only by authorized personnel.

1224	      This component also describes other  technical  security  controls
1225	      used  by  the  issuing CA to perform securely the functions of key
1226	      generation,   user   authentication,   certificate   registration,
1227	      certificate  revocation,  audit, and archival.  Technical controls
1228	      include   life-cycle   security   controls   (including   software
1229	      development  environment  security,  trusted  software development
1230	      methodology) and operational security controls.

1232	      This component can also be used to define other technical security
1233	      controls on repositories, subject CAs, RAs, and end entities.

1235	      This component has the following subcomponents:

1237	         * Key Pair Generation and Installation;

1239	         * Private Key Protection;

1241	         * Other Aspects of Key Pair Management;

1243	         * Activation Data;
1244	         * Computer Security Controls;

1246	         * Life-Cycle Security Controls;

1248	         * Network Security Controls; and

1250	         * Cryptographic Module Engineering Controls.

1252	      4.6.1  Key Pair Generation and Installation

1254	         Key  pair generation and installation need to be considered for
1255	         the issuing CA, repositories, subject CAs, RAs, and subject end
1256	         entities.   For  each of these types of entities, the following
1257	         questions potentially need to be answered:

1259	            1. Who generates the entity public, private key pair?

1261	            2. How is the private key provided securely to the entity?

1263	            3. How is the entity's public key provided securely  to  the
1264	            certificate issuer?

1266	            4.  If  the  entity  is a CA (issuing or subject) how is the
1267	            entity's public key provided securely to the users?

1269	            5. What are the key sizes?

1271	            6. Who generates the public key parameters?

1273	            7. Is the quality  of  the  parameters  checked  during  key
1274	            generation?

1276	            8.  Is the key generation performed in hardware or software?

1278	            9. For what purposes may  the  key  be  used,  or  for  what
1279	            purposes  should  usage  of the key be restricted (for X.509
1280	            certificates, these purposes should map  to  the  key  usage
1281	            flags in the Version 3, X.509 certificates)?

1283	      4.6.2  Private Key Protection

1285	         Requirements  for  private key protection need to be considered
1286	         for the issuing CA, repositories, subject CAs, RAs, and subject
1287	         end entities.  For each of these types of entity, the following
1288	         questions potentially need to be answered:

1290	            1. What standards, if any, are required for the module  used
1291	            to  generate  the keys?  For example, are the keys certified
1292	            by the infrastructure required to be generated using modules
1293	            complaint  with  the  US  FIPS  140-1?   If  so, what is the
1294	            required FIPS 140-1 level of the module?

1296	            2. Is  the  private  key  under  n  out  of  m  multi-person
1297	            control?(18)  If yes, provide n and m (two person control is
1298	            a special case of n out of m, where n = m = 2)?

1300	            3. Is the private key escrowed?  (19)  If  so,  who  is  the
1301	            escrow  agent,  what  form  is the key escrowed in (examples
1302	            include plaintext, encrypted, split key), and what  are  the
1303	            security controls on the escrow system?

1305	            4.  Is  the private key backed up?  If so, who is the backup
1306	            agent, what form is the key backed up in  (examples  include
1307	            plaintext,  encrypted, split key), and what are the security
1308	            controls on the backup system?

1310	            5. Is the private key archived?  If so, who is the  archival
1311	            agent,  what  form  is the key archived in (examples include
1312	            plaintext, encrypted, split key), and what are the  security
1313	            controls on the archival system?

1315	            6.  Who  enters the private key in the cryptographic module?
1316	            In what form (i.e., plaintext,  encrypted,  or  split  key)?
1317	            How   is  the  private  key  stored  in  the  module  (i.e.,
1318	            plaintext, encrypted, or split key)?

1320	            7. Who can activate (use) the  private  key?   What  actions
1321	            must  be performed to activate the private key (e.g., login,
1322	            power on, supply PIN, insert  token/key,  automatic,  etc.)?
1323	            Once  the  key  is  activated,  is  the  key  active  for an
1324	            indefinite period, active for one  time,  or  active  for  a
1325	            defined time period?

1327	            8.  Who  can  deactivate the private key and how? Example of
1328	            how might include,  logout,  power  off,  remove  token/key,
1329	            automatic, or time expiration.

1331	            9. Who can destroy the private key and how?  Examples of how
1332	            might include token surrender,  token  destruction,  or  key
1333	            overwrite.

1335	      4.6.3  Other Aspects of Key Pair Management

1337	         Other  aspects  of key management need to be considered for the
1338	         issuing CA, repositories, subject CAs,  RAs,  and  subject  end
1339	         entities.   For  each  of  these types of entity, the following
1340	         questions potentially need to be answered:

1342	            1. Is the public key archived?  If so, who is  the  archival
1343	            agent  and  what  are  the security controls on the archival
1344	            system?   The  archival  system  should  provide   integrity
1345	            controls  other  than digital signatures since: the archival
1346	            period may be greater than the cryptanalysis period for  the
1347	            key and the archive requires tamper protection, which is not
1348	            provided by digital signatures.

1350	            2. What are the usage periods, or active lifetimes, for  the
1351	            public and the private key respectively?

1353	      4.6.4  Activation Data

1355	         Activation  data refers to data values other than keys that are
1356	         required to operate cryptographic modules and that need  to  be
1357	         protected.  (20)   Protection  of  activation  data potentially
1358	         needs to be considered for the issuing CA,  subject  CAs,  RAs,
1359	         and  end  entities.   Such  consideration  potentially needs to
1360	         address the entire  life-cycle  of  the  activation  data  from
1361	         generation  through  archival and destruction.  For each of the
1362	         entity types (issuing CA, repository, subject CA, RA,  and  end
1363	         entity)  all  of  the  questions  listed in 4.6.1 through 4.6.3
1364	         potentially need to be answered with respect to activation data
1365	         rather than with respect to keys.

1367	      4.6.5  Computer Security Controls

1369	         This   subcomponent  is  used  to  describe  computer  security
1370	         controls such as: use of the trusted  computing  base  concept,
1371	         discretionary   access   control,   labels,   mandatory  access
1372	         controls,   object    reuse,    audit,    identification    and
1373	         authentication, trusted path, security testing, and penetration
1374	         testing.  Product assurance may also be addressed.

1376	         A  computer  security  rating  for  computer  systems  may   be
1377	         required.   The  rating  could  be  based,  for example, on the
1378	         Trusted System Evaluation Criteria  (TCSEC),  Canadian  Trusted
1379	         Products  Evaluation  Criteria, European Information Technology
1380	         Security Evaluation Criteria (ITSEC), or the  Common  Criteria.
1381	         This  subcomponent  can  also  address requirements for product
1382	         evaluation analysis, testing, profiling, product certification,
1383	         and/or product accreditation related activity undertaken.

1385	      4.6.6  Life Cycle Security Controls

1387	         This  subcomponent  addresses  system  development controls and
1388	         security management controls.

1390	         System development  controls  include  development  environment
1391	         security,   development   personnel   security,   configuration
1392	         management  security  during  product   maintenance,   software
1393	         engineering   practices,   software   development  methodology,
1394	         modularity, layering, use of failsafe design and implementation
1395	         techniques   (e.g.,   defensive  programming)  and  development
1396	         facility security.

1398	         Security management controls include  execution  of  tools  and
1399	         procedures  to ensure that the operational systems and networks
1400	         adhere to configured  security.   These  tools  and  procedures
1401	         include  checking  the  integrity  of  the  security  software,
1402	         firmware, and hardware to ensure their correct operation.

1404	         This subcomponent can also address life-cycle security  ratings
1405	         based,   for  example,  on  the  Trusted  Software  Development
1406	         Methodology (TSDM)  level  IV  and  V,  independent  life-cycle
1407	         security   controls   audit,   and   the  Software  Engineering
1408	         Institute's Capability Maturity Model (SEI-CMM).

1410	      4.6.7  Network Security Controls

1412	         This subcomponent addresses network security related  controls,
1413	         including firewalls.

1415	      4.6.8  Cryptographic Module Engineering Controls (26)

1417	         This   subcomponent   addresses  the  following  aspects  of  a
1418	         cryptographic  module:  identification  of  the   cryptographic
1419	         module boundary, input/output, roles and services, finite state
1420	         machine, physical security, software security, operating system
1421	         security,  algorithm compliance, electromagnetic compatibility,
1422	         and  self  tests.   Requirements  may  be   expressed   through
1423	         reference to a standard such as U.S. FIPS 140-1. (27)

1425	   4.7  CERTIFICATE AND CRL PROFILES

1427	      This  component  is used to specify the certificate format and, if
1428	      CRLs are  used,  the  CRL  format.   Assuming  use  of  the  X.509
1429	      certificate   and   CRL  formats,  this  includes  information  on
1430	      profiles, versions, and extensions used.

1432	      This component has two subcomponents:

1434	         * Certificate Profile; and

1436	         * CRL Profile.

1438	      4.7.1  Certificate Profile

1440	         This  subcomponent  addresses  such  topics  as  the  following
1441	         (potentially  by  reference  to  a separate profile definition,
1442	         such as the PKIX Part I profile):

1444	            * Version number(s) supported;

1446	            * Certificate extensions populated and their criticality;

1448	            * Cryptographic algorithm object identifiers;

1450	            * Name forms used for the CA, RA, and end entity names;

1452	            * Name constraints used and the name forms used in the  name
1453	            constraints;

1455	            * Applicable certificate policy Object Identifier(s);

1457	            * Usage of the policy constraints extension;

1459	            * Policy qualifiers syntax and semantics; and

1461	            *  Processing  semantics for the critical certificate policy
1462	            extension.

1464	      4.7.2  CRL Profile

1466	         This  subcomponent  addresses  such  topics  as  the  following
1467	         (potentially  by  reference  to  a separate profile definition,
1468	         such as the PKIX Part I profile):

1470	            * Version numbers supported for CRLs; and

1472	            *  CRL  and  CRL  entry  extensions  populated   and   their
1473	            criticality.

1475	   4.8  SPECIFICATION ADMINISTRATION

1477	      This  component is used to specify how this particular certificate
1478	      policy definition or CPS will be maintained.

1480	      It contains the following subcomponents:

1482	         * Specification Change Procedures;

1484	         * Publication and Notification Procedures; and

1486	         * CPS Approval Procedures.

1488	      4.8.1  Specification Change Procedures

1490	         It  will  occasionally  be  necessary  to  change   certificate
1491	         policies  and Certification Practice Statements.  Some of these
1492	         changes  will  not  materially  reduce  the  assurance  that  a
1493	         certificate  policy or its implementation provides, and will be
1494	         judged  by  the  policy  administrator  as  not  changing   the
1495	         acceptability  of  certificates  asserting  the  policy for the
1496	         purposes for which  they  have  been  used.   Such  changes  to
1497	         certificate policies and Certification Practice Statements need
1498	         not  require  a  change  in  the  certificate   policy   Object
1499	         Identifier  or  the  CPS  pointer  (URL).   Other  changes to a
1500	         specification will change the acceptability of certificates for
1501	         specific  purposes,  and  these changes will require changes to
1502	         the certificate policy Object Identifier or CPS pointer  (URL).

1504	         This subcomponent contains the following information:

1506	            *  A list of specification components, subcomponents, and/or
1507	            elements thereof that can be  changed  without  notification
1508	            and   without  changes  to  the  certificate  policy  Object
1509	            Identifier or CPS pointer (URL).

1511	            * A list of specification components, subcomponents,  and/or
1512	            elements  thereof  that  may change following a notification
1513	            period  without  changing  the  certificate  policy   Object
1514	            Identifier  or CPS pointer (URL).  The procedures to be used
1515	            to notify interested parties (relying parties, certification
1516	            authorities,  etc.) of the certificate policy or CPS changes
1517	            are described.  The description of  notification  procedures
1518	            includes the notification mechanism, notification period for
1519	            comments, mechanism to receive, review and  incorporate  the
1520	            comments, mechanism for final changes to the policy, and the
1521	            period before final changes become effective.

1523	            * A list of specification components, subcomponents,  and/or
1524	            elements,  changes  to which require a change in certificate
1525	            policy Object Identifier or CPS pointer (URL)..

1527	      4.8.2  Publication and Notification Procedures

1529	         This subcomponent contains the following elements:

1531	            * A list of components, subcomponents, and elements  thereof
1532	            that exist but that are not made publicly available; (33)

1534	            *   Descriptions   of  mechanisms  used  to  distribute  the
1535	            certificate  policy  definition  or  CPS,  including  access
1536	            controls on such distribution.

1538	      4.8.3  CPS Approval Procedures

1540	         In a certificate policy definition, this subcomponent describes
1541	         how the compliance of  a  specific  CPS  with  the  certificate
1542	         policy can be determined.

1544	5. OUTLINE OF A SET OF PROVISIONS

1546	   This  section  contains  a  possible outline for a set of provisions,
1547	   intended to serve as a checklist or (with some further development) a
1548	   standard template for use by certificate policy or CPS writers.  Such
1549	   a common outline will facilitate:

1551	      (a)   Comparison  of  two  certificate  policies   during   cross-
1552	      certification (for the purpose of equivalency mapping).

1554	      (b)  Comparison  of  a CPS with a certificate policy definition to
1555	      ensure that the CPS faithfully implements the policy.

1557	      (c) Comparison of two CPSs.

1559	   1.   INTRODUCTION

1561	   1.1  Overview

1563	   1.2  Identification

1565	   1.3  Community and Applicability
1566	      1.3.1  Certification authorities
1567	      1.3.2  Registration authorities
1568	      1.3.3  End entities
1569	      1.3.4  Applicability

1571	   1.4  Contact Details
1572	      1.4.1  Specification administration organization
1573	      1.4.2  Contact person
1574	      1.4.3  Person determining CPS suitability for the policy

1576	   2.  GENERAL PROVISIONS

1578	   2.1  Obligations

1580	      2.1.1  CA obligations
1581	      2.1.2  RA obligations
1582	      2.1.3  Subscriber obligations
1583	      2.1.4  Relying party obligations 2.1.5  Repository obligations

1585	   2.2  Liability

1587	      2.2.1  CA liability
1588	      2.2.2  RA liability

1590	   2.3  Financial responsibility

1592	      2.3.1  Indemnification by relying parties
1593	      2.3.2  Fiduciary relationships
1594	      2.3.3  Administrative processes

1596	   2.4  Interpretation and Enforcement

1598	      2.4.1  Governing law
1599	      2.4.2  Severability, survival, merger, notice
1600	      2.4.3  Dispute resolution procedures

1602	   2.5  Fees
1603	      2.5.1  Certificate issuance or renewal fees
1604	      2.5.2  Certificate access fees
1605	      2.5.3  Revocation or status information access fees
1606	      2.5.4  Fees for other services such as policy information
1607	      2.5.5  Refund policy

1609	   2.6  Publication and Repository

1611	      2.6.1  Publication of CA information
1612	      2.6.2  Frequency of publication
1613	      2.6.3  Access controls
1614	      2.6.4  Repositories

1616	   2.7  Compliance audit

1618	      2.7.1  Frequency of entity compliance audit
1619	      2.7.2  Identity/qualifications of auditor
1620	      2.7.3  Auditor's relationship to audited party
1621	      2.7.4  Topics covered by audit
1622	      2.7.5  Actions taken as a result of deficiency
1623	      2.7.6  Communication of results

1625	   2.8  Confidentiality

1627	      2.8.1  Types of information to be kept confidential
1628	      2.8.2  Types of information not considered confidential
1629	      2.8.3  Disclosure of certificate revocation/suspension information
1630	      2.8.4  Release to law enforcement officials
1631	      2.8.5  Release as part of civil discovery
1632	      2.8.6  Disclosure upon owner's request
1633	      2.8.7  Other information release circumstances

1635	   2.9  Intellectual Property Rights

1637	   3.   IDENTIFICATION AND AUTHENTICATION (34)

1639	   3.1  Initial Registration
1640	      3.1.1  Types of names
1641	      3.1.2  Need for names to be meaningful
1642	      3.1.3  Rules for interpreting various name forms
1643	      3.1.4  Uniqueness of names
1644	      3.1.5  Name claim dispute resolution procedure
1645	      3.1.6  Recognition, authentication and role of trademarks
1646	      3.1.7  Method to prove possession of private key
1647	      3.1.8  Authentication of organization identity
1648	      3.1.9  Authentication of individual identity

1650	   3.2  Routine Rekey
1651	   3.3  Rekey after Revocation

1653	   3.4  Revocation Request

1655	4.  OPERATIONAL REQUIREMENTS (34)

1657	   4.1  Certificate Application

1659	   4.2  Certificate Issuance

1661	   4.3  Certificate Acceptance

1663	   4.4  Certificate Suspension and Revocation
1664	      4.4.1  Circumstances for revocation
1665	      4.4.2  Who can request revocation
1666	      4.4.3  Procedure for revocation request
1667	      4.4.4  Revocation request grace period
1668	      4.4.5  Circumstances for suspension
1669	      4.4.6  Who can request suspension
1670	      4.4.7  Procedure for suspension request
1671	      4.4.8  Limits on suspension period
1672	      4.4.9  CRL issuance frequency (if applicable)
1673	      4.4.10  CRL checking requirements
1674	      4.4.11  On-line revocation/status checking availability
1675	      4.4.12  On-line revocation checking requirements
1676	      4.4.13  Other forms of revocation advertisements available
1677	      4.4.14   Checking  requirements  for  other  forms  of  revocation
1678	      advertisements
1679	      4.4.15  Special requirements re key compromise

1681	   4.5  Security Audit Procedures
1682	      4.5.1  Types of event recorded
1683	      4.5.2  Frequency of processing log
1684	      4.5.3  Retention period for audit log
1685	      4.5.4  Protection of audit log
1686	      4.5.5  Audit log backup procedures
1687	      4.5.6  Audit collection system (internal vs external)
1688	      4.5.7  Notification to event-causing subject
1689	      4.5.8  Vulnerability assessments

1691	   4.6  Records Archival

1693	      4.6.1  Types of event recorded
1694	      4.6.2  Retention period for archive
1695	      4.6.3  Protection of archive
1696	      4.6.4  Archive backup procedures
1697	      4.6.5  Archive collection system (internal or external)
1698	      4.6.6  Procedures to obtain and verify archive information

1700	   4.7  Key changeover

1702	   4.8  Compromise and Disaster Recovery

1704	   4.9  CA Termination

1706	   5.  PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS (34)

1708	   5.1  Physical Controls
1709	      5.1.1  Site location and construction
1710	      5.1.2  Physical access
1711	      5.1.3  Power and air conditioning
1712	      5.1.4  Water exposures
1713	      5.1.5  Fire prevention and protection
1714	      5.1.6  Media storage
1715	      5.1.7  Waste disposal
1716	      5.1.8  Off-site backup

1718	   5.2  Procedural Controls
1719	      5.2.1  Trusted roles
1720	      5.2.2  Number of persons required per task
1721	      5.2.3  Identification and authentication for each role

1723	   5.3  Personnel Controls
1724	      5.3.1   Background,  qualifications,  experience,  and   clearance
1725	      requirements
1726	      5.3.2  Background check procedures
1727	      5.3.3  Training requirements
1728	      5.3.4  Retraining frequency and requirements
1729	      5.3.5  Job rotation frequency and sequence
1730	      5.3.6  Sanctions for unauthorized actions
1731	      5.3.7  Contracting personnel requirements
1732	      5.3.8  Documentation supplied to personnel

1734	   6.  TECHNICAL SECURITY CONTROLS (34)

1736	   6.1  Key Pair Generation and Installation
1737	      6.1.1  Key pair generation
1738	      6.1.2  Private key delivery to entity
1739	      6.1.3  Public key delivery to certificate issuer
1740	      6.1.4  CA public key delivery to users
1741	      6.1.5  Key sizes
1742	      6.1.6  Public key parameters generation
1743	      6.1.7  Parameter quality checking
1744	      6.1.8  Hardware/software key generation
1745	      6.1.9  Key usage purposes (as per X.509 v3 key usage field)

1747	   6.2  Private Key Protection
1748	      6.2.1  Standards for cryptographic module
1749	      6.2.2  Private key (n out of m) multi-person control
1750	      6.2.3  Private key escrow
1751	      6.2.4  Private key backup
1752	      6.2.5  Private key archival
1753	      6.2.6  Private key entry into cryptographic module
1754	      6.2.7  Method of activating private key
1755	      6.2.8  Method of deactivating private key
1756	      6.2.9  Method of destroying private key

1758	   6.3  Other Aspects of Key Pair Management
1759	      6.3.1  Public key archival
1760	      6.3.2  Usage periods for the public and private keys

1762	   6.4  Activation Data
1763	      6.4.1  Activation data generation and installation
1764	      6.4.2  Activation data protection
1765	      6.4.3  Other aspects of activation data

1767	   6.5  Computer Security Controls
1768	      6.5.1  Specific computer security technical requirements
1769	      6.5.2  Computer security rating

1771	   6.6  Life Cycle Technical Controls
1772	      6.6.1  System development controls
1773	      6.6.2  Security management controls
1774	      6.6.3  Life cycle security ratings

1776	   6.7  Network Security Controls

1778	   6.8  Cryptographic Module Engineering Controls

1780	7.  CERTIFICATE AND CRL PROFILES

1782	   7.1  Certificate Profile

1784	      7.1.1  Version number(s)
1785	      7.1.2  Certificate extensions
1786	      7.1.3  Algorithm object identifiers
1787	      7.1.4  Name forms
1788	      7.1.5  Name constraints
1789	      7.1.6  Certificate policy Object Identifier
1790	      7.1.7  Usage of Policy Constraints extension
1791	      7.1.8  Policy qualifiers syntax and semantics
1792	      7.1.9  Processing  semantics  for  the critical certificate policy
1793	      extension

1795	   7.2  CRL Profile

1797	      7.2.1  Version number(s)
1798	      7.2.2  CRL and CRL entry extensions

1800	   8.  SPECIFICATION ADMINISTRATION

1802	   8.1  Specification change procedures

1804	   8.2  Publication and notification policies

1806	   8.3  CPS approval procedures

1808	6.  SECURITY CONSIDERATIONS

1810	   This entire memo deals with security.

1812	7.  ACKNOWLEDGMENTS

1814	   The development of this document was supported by the  Government  of
1815	   Canada's  Policy  Management  Authority (PMA) Committee, the National
1816	   Security Agency, the National Institute of Standards  and  Technology
1817	   (NIST),   and  the  American  Bar  Association  Information  Security
1818	   Committee Accreditation Technical Working Group. Special  thanks  are
1819	   due  to  Dave  Fillingham,  Jim Brandt, and Edmond Van Hees for their
1820	   inspiration, support, and  valuable inputs.

1822	   The following individuals also deserve credit for  their  review  and
1823	   input:

1825	      Teresa Acevedo, A&N Associates;
1826	      Michael Baum; VeriSign;
1827	      Sharon Boeyen, Entrust;
1828	      Bob Burger, McCarter & English;
1829	      Bill Burr, NIST;
1830	      Patrick Cain, BBN;
1831	      Michael Harrop, Government of Canada Treasury Board;
1832	      Rick Hornbeck, Digital Commerce Services;
1833	      Francois Marinier, Domus Software;
1834	      John Morris, CygnaCom Solutions;
1835	      Tim Moses, Entrust;
1836	      Noel Nazario, NIST;
1837	      John Nicolletos, A&N Associates;
1838	      Jean Petty, CygnaCom Solutions;
1839	      Denis Pinkas, Bull;
1840	      J.-F. Sauriol, Domus Software;
1841	      Robert Shirey, BBN;
1842	      Mark Silvern, VeriSign;
1843	      David Simonetti, Booz, Allen and Hamilton; and
1844	      Darryl Stal, Entrust.

1846	   Johnny  Hsiung,  and  Chris Miller assisted in the preparation of the
1847	   manuscript.

1849	8.  REFERENCES

1851	   [ABA1]  American Bar Association, Digital Signature Guidelines: Legal
1852	   Infrastructure for Certification Authorities and Electronic Commerce,
1853	   1995.

1855	   [BAU1]  Michael. S. Baum, Federal Certification  Authority  Liability
1856	   and Policy, NIST-GCR-94-654, June 1994.

1858	   [ISO1]    ISO/IEC  9594-8/ITU-T  Recommendation  X.509,  "Information
1859	   Technology   -   Open   Systems   Interconnection:   The   Directory:
1860	   Authentication Framework," 1997 edition. (Pending publication of 1997
1861	   edition, use 1993  edition  with  the  following  amendment  applied:
1862	   Final  Text of Draft Amendment DAM 1 to ISO/IEC 9594-8 on Certificate
1863	   Extensions, June 1996.)

1865	   [PEM1]  S. Kent, "Privacy Enhancement for Internet  Electronic  Mail,
1866	   Part  II: Certificate-Based Key Management," Internet RFC 1422, 1993.

1868	   [PKI1] R. Housley, W. Ford, W. Polk, D. Solo,  "Internet  Public  Key
1869	   Infrastructure,  X.509 Certificate and CRL Profile," RFC [tbd], 1997.

1871	9.  AUTHORS' ADDRESSES

1873	      Santosh Chokhani
1874	      CygnaCom Solutions, Inc.
1875	      Suite 100 West
1876	      7927 Jones Branch Drive
1877	      McLean, VA 22102

1879	      Phone: (703) 848-0883
1880	      Fax: (703) 848-0960
1881	      EMail: chokhani@cygnacom.com

1883	      Warwick Ford
1884	      VeriSign, Inc.
1885	      One Alewife Center
1886	      Cambridge, MA 02140

1888	      Phone: (617) 492-2816 x225
1889	      Fax: (617) 661-0716
1890	      EMail: wford@verisign.com

1892	NOTES

1894	   1 The ABA Digital Signature Guidelines can be purchased from the ABA.
1895	   See http://www.abanet.com for ordering details.

1897	   2  Examples  of  types  of  entity  for subject CAs are a subordinate
1898	   organization (e.g., branch or division), a federal government agency,
1899	   or a state or provincial government department.

1901	   3   This  statement  can have significant implications.  For example,
1902	   suppose a bank claims that it issues CA certificates to its  branches
1903	   only.   Now,  the  user  of  a  CA certificate issued by the bank can
1904	   assume that the subject CA in the certificate is a branch of the bank

1906	   4  Examples  of  the  types  of  subject  RA  entities are branch and
1907	   division of an organization.

1909	   5 Examples of types of  subject  end  entities  are  bank  customers,
1910	   telephone   company   subscribers,  and  employees  of  a  government
1911	   department

1913	   6 This statement can have  significant  implications.   For  example,
1914	   suppose   Government   CA  claims  that  it  issues  certificates  to
1915	   Government employees only.  Now, the user of a certificate issued  by
1916	   the Government CA can assume that the subject of the certificate is a
1917	   Government employee.

1919	   7 Examples include X.500 distinguished name, Internet e-mail address,
1920	   and URL.

1922	   8  The  term  "meaningful"  means  that  the  name  form has commonly
1923	   understood semantics to  determine  identity  of  the  person  and/or
1924	   organization.   Directory names and RFC 822 names may be more or less
1925	   meaningful.

1927	   9 Examples of proof include the issuing CA  generating  the  key,  or
1928	   requiring  the subject to send an electronically signed request or to
1929	   sign a challenge.

1931	   10 Examples of organization identity authentication are: articles  of
1932	   incorporation,  duly  signed corporate resolutions, company seal, and
1933	   notarized documents.

1935	   11 Examples of individual  identity  authentication  are:  biometrics
1936	   (thumb  print,  ten  finger  print,  face,  palm,  and  retina scan),
1937	   driver's  license,  passport,  credit  card,   company   badge,   and
1938	   government badge.

1940	   12  Examples include duly signed authorization papers or corporate ID
1941	   badge.

1943	   13 The identification policy for routine rekey should be the same  as
1944	   the  one  for  initial  registration  since  the  same  subject needs
1945	   rekeying. The rekey authentication  may  be  accomplished  using  the
1946	   techniques for initial I&A or using digitally signed requests.

1948	   14 This identification and authentication policy could be the same as
1949	   that for initial registration.

1951	   15 This policy could be the same as the one for initial registration.

1953	   16 The identification policy for Revocation request could be the same
1954	   as that for initial registration since the same  subject  certificate
1955	   needs  to  be  revoked.   The  authentication  policy  could accept a
1956	   Revocation request digitally signed by subject.   The  authentication
1957	   information  used during initial registration could be acceptable for
1958	   Revocation request. Other less stringent authentication policy  could
1959	   be defined.

1961	   17 The identification policy for key compromise notification could be
1962	   the same as the one for initial registration since the  same  subject
1963	   certificate  needs  to  be  revoked.  The authentication policy could
1964	   accept  a  Revocation  request  digitally  signed  by  subject.   The
1965	   authentication  information used during initial registration could be
1966	   acceptable for key  compromise  notification.  Other  less  stringent
1967	   authentication policy could be defined.

1969	   18  The  n  out of m rule allows a key to be split in m parts.  The m
1970	   parts may be given to m different individuals.  Any n  parts  out  of
1971	   the m parts may be used to fully reconstitute the key, but having any
1972	   n-1 parts provides one with no information about the key.

1974	   19 A key may be escrowed, backed  up  or  archived.   Each  of  these
1975	   functions  have  different  purpose.   Thus, a key may go through any
1976	   subset of these functions depending on the requirements.  The purpose
1977	   of  escrow  is  to  allow  a  third party (such as an organization or
1978	   government) to legally obtain the key without the cooperation of  the
1979	   subject.   The  purpose  of  back  up  is  to  allow  the  subject to
1980	   reconstitute the key in case of the  destruction  of  the  key.   The
1981	   purpose  of  archive  is  to  provide for reuse of the key in future,
1982	   e.g., use the private key to decrypt a document.

1984	   20 An example of activation data is a PIN or passphrase.

1986	   21 Examples of physical access controls  are:  monitored  facility  ,
1987	   guarded  facility,  locked  facility, access controlled using tokens,
1988	   access controlled using biometrics, and access controlled through  an
1989	   access list.

1991	   22  Examples  of  the  roles  include  system  administrator,  system
1992	   security officer, and system  auditor.   The  duties  of  the  system
1993	   administrator  are  to  configure,  generate,  boot,  and operate the
1994	   system.  The duties of the system  security  officer  are  to  assign
1995	   accounts and privileges.  The duties of the system auditor are to set
1996	   up system audit profile, perform audit  file  management,  and  audit
1997	   review.

1999	   23  The  background  checks  may include clearance level (e.g., none,
2000	   sensitive, confidential, secret, top secret, etc.) and the  clearance
2001	   granting  authority  name.   In  lieu  of or in addition to a defined
2002	   clearance, the background checks  may  include  types  of  background
2003	   information (e.g., name, place of birth, date of birth, home address,
2004	   previous residences, previous employment, and any  other  information
2005	   that  may  help  determine  trustworthiness).  The description should
2006	   also include which information was verified and how.

2008	   24 For example, the certificate policy may impose personnel  security
2009	   requirements  on  the  network system administrator responsible for a
2010	   CA's network access.

2012	   25 Each authorized person should be accountable for his/her  actions.

2014	   26  A  cryptographic module is hardware, software, or firmware or any
2015	   combination of them.

2017	   27 The compliance description should be specific  and  detailed.  For
2018	   example,  for  each  FIPS  140-1  requirement, describe the level and
2019	   whether the level has been certified by an accredited laboratory.

2021	   28 Example of audit events are:  request  to  create  a  certificate,
2022	   request   to  revoke  a  certificate,  key  compromise  notification,
2023	   creation of a certificate, revocation of a certificate, issuance of a
2024	   certificate,  issuance  of  a  CRL,  issuance  of key compromise CRL,
2025	   establishment  of  trusted  roles  on  the  CA,  actions  of   truste
2026	   personnel, changes to CA keys, etc.

2028	   29  Example  of  archive events are: request to create a certificate,
2029	   request  to  revoke  a  certificate,  key  compromise   notification,
2030	   creation of a certificate, revocation of a certificate, issuance of a
2031	   certificate, issuance of a CRL, issuance of key compromise  CRL,  and
2032	   changes to CA keys.

2034	   30 A parent CA is an example of audit relationship.

2036	   31  Example  of  compliance audit topics: sample check on the various
2037	   I&A policies,   comprehensive  checks  on  key  management  policies,
2038	   comprehensive  checks  on  system  security  controls,  comprehensive
2039	   checks on operations policy, and comprehensive checks on  certificate
2040	   profiles.

2042	   32  The  examples  include,  temporary suspension of operations until
2043	   deficiencies are corrected, revocation of entity certificate,  change
2044	   in   personnel,   invocation   of  liability  policy,  more  frequent
2045	   compliance audit, etc.

2047	   33 An organization may choose not to make public some of its security
2048	   controls,  clearance procedures, or some others elements due to their
2049	   sensitivity.

2051	   34 All or some of the  following  items  may  be  different  for  the
2052	   various types of entities, i.e., CA, RA, and end entities.

2054	LIST OF ACRONYMS

2056	   ABA - American Bar Association
2057	   CA - Certification Authority
2058	   CPS - Certification Practice Statement
2059	   CRL - Certificate Revocation List
2060	   DAM - Draft Amendment
2061	   FIPS - Federal Information Processing Standard
2062	   I&A - Identification and Authentication
2063	   IEC - International Electrotechnical Commission
2064	   IETF - Internet Engineering Task Force
2065	   IP - Internet Protocol
2066	   ISO - International Organization for Standardization
2067	   ITU - International Telecommunications Union
2068	   NIST - National Institute of Standards and Technology
2069	   OID - Object Identifier
2070	   PIN - Personal Identification Number
2071	   PKI - Public Key Infrastructure
2072	   PKIX - Public Key Infrastructure (X.509) (IETF Working Group)
2073	   RA - Registration Authority
2074	   RFC - Request For Comment
2075	   URL - Uniform Resource Locator
2076	   US - United States

2078	   36