rfc2527.txt

PKIX的RFC英文文档

   purpose or in an inappropriate manner, as stipulated in the
   applicable certificate policy definition.

   For example, the Internal Revenue Service might issue certificates to
   taxpayers for the purpose of protecting tax filings.  The Internal
   Revenue Service understands and can accommodate the risks of
   accidentally issuing a bad certificate, e.g., to a wrongly-
   authenticated person.  However, suppose someone used an Internal
   Revenue Service tax-filing certificate as the basis for encrypting
   multi-million-dollar-value proprietary secrets which subsequently
   fell into the wrong hands because of an error in issuing the Internal
   Revenue Service certificate.  The Internal Revenue Service may want
   to protect itself against claims for damages in such circumstances.
   The critical-flagged Certificate Policies extension is intended to
   mitigate the risk to the certificate issuer in such situations.

3.3.2  Policy Mappings Extension

   The Policy Mappings extension may only be used in CA-certificates.
   This field allows a certification authority to indicate that certain
   policies in its own domain can be considered equivalent to certain
   other policies in the subject certification authority's domain.

   For example, suppose the ACE Corporation establishes an agreement
   with the ABC Corporation to cross-certify each others' public-key
   infrastructures for the purposes of mutually protecting electronic
   data interchange (EDI). Further, suppose that both companies have
   pre-existing financial transaction protection policies called ace-e-
   commerce and abc-e-commerce, respectively.  One can see that simply
   generating cross certificates between the two domains will not
   provide the necessary interoperability, as the two companies'
   applications are configured with and employee certificates are
   populated with their respective certificate policies.  One possible
   solution is to reconfigure all of the financial applications to
   require either policy and to reissue all the certificates with both
   policies.  Another solution, which may be easier to administer, uses
   the Policy Mapping field.  If this field is included in a cross-
   certificate for the ABC Corporation certification authority issued by
   the ACE Corporation certification authority, it can provide a
   statement that the ABC's financial transaction protection policy
   (i.e., abc-e-commerce) can be considered equivalent to that of the
   ACE Corporation (i.e., ace-e-commerce).







Chokhani & Ford              Informational                      [Page 7]

RFC 2527                          PKIX                        March 1999


3.3.3  Policy Constraints Extension

   The Policy Constraints extension supports two optional features.  The
   first is the ability for a certification authority to require that
   explicit certificate policy indications be present in all subsequent
   certificates in a certification path.  Certificates at the start of a
   certification path may be considered by a certificate user to be part
   of a trusted domain, i.e., certification authorities are trusted for
   all purposes so no particular certificate policy is needed in the
   Certificate Policies extension.  Such certificates need not contain
   explicit indications of certificate policy.  However, when a
   certification authority in the trusted domain certifies outside the
   domain, it can activate the requirement for explicit certificate
   policy in subsequent certificates in the certification path.

   The other optional feature in the Policy Constraints field is the
   ability for a certification authority to disable policy mapping by
   subsequent certification authorities in a certification path.  It may
   be prudent to disable policy mapping when certifying outside the
   domain.  This can assist in controlling risks due to transitive
   trust, e.g., a domain A trusts domain B, domain B trusts domain C,
   but domain A does not want to be forced to trust domain C.

3.4  POLICY QUALIFIERS

   The Certificate Policies extension field has a provision for
   conveying, along with each certificate policy identifier, additional
   policy-dependent information in a qualifier field.  The X.509
   standard does not mandate the purpose for which this field is to be
   used, nor does it prescribe the syntax for this field.  Policy
   qualifier types can be registered by any organization.

   The following policy qualifier types are defined in PKIX Part I
   [PKI1]:

      (a) The CPS Pointer qualifier contains a pointer to a
          Certification Practice Statement (CPS) published by the CA.
          The pointer is in the form of a uniform resource identifier
          (URI).

      (b) The User Notice qualifier contains a text string that is to be
          displayed to a certificate user (including subscribers and
          relying parties) prior to the use of the certificate.  The
          text string may be an IA5String or a BMPString - a subset of
          the ISO 100646-1 multiple octet coded character set.  A CA may
          invoke a procedure that requires that the certficate user
          acknowledge that the applicable terms and conditions have been
          disclosed or accepted.



Chokhani & Ford              Informational                      [Page 8]

RFC 2527                          PKIX                        March 1999


   Policy qualifiers can be used to support the definition of generic,
   or parameterized, certificate policy definitions.  Provided the base
   certificate policy definition so provides, policy qualifier types can
   be defined to convey, on a per-certificate basis, additional specific
   policy details that fill in the generic definition.

3.5  CERTIFICATION PRACTICE STATEMENT

   The term certification practice statement (CPS) is defined by the ABA
   Guidelines as: "A statement of the practices which a certification
   authority employs in issuing certificates." [ABA1] In the 1995 draft
   of the ABA guidelines, the ABA expands this definition with the
   following comments:

      A certification practice statement may take the form of a
      declaration by the certification authority of the details of its
      trustworthy system and the practices it employs in its operations
      and in support of issuance of a certificate, or it may be a
      statute or regulation applicable to the certification authority
      and covering similar subject matter. It may also be part of the
      contract between the certification authority and the subscriber. A
      certification practice statement may also be comprised of multiple
      documents, a combination of public law, private contract, and/or
      declaration.

      Certain forms for legally implementing certification practice
      statements lend themselves to particular relationships. For
      example, when the legal relationship between a certification
      authority and subscriber is consensual, a contract would
      ordinarily be the means of giving effect to a certification
      practice statement.  The certification authority's duties to a
      relying person are generally based on the certification
      authority's representations, which may include a certification
      practice statement.

      Whether a certification practice statement is binding on a relying
      person depends on whether the relying person has knowledge or
      notice of the certification practice statement.  A relying person
      has knowledge or at least notice of the contents of the
      certificate used by the relying person to verify a digital
      signature, including documents incorporated into the certificate
      by reference.  It is therefore advisable to incorporate a
      certification practice statement into a certificate by reference.

      As much as possible, a certification practice statement should
      indicate any of the widely recognized standards to which the
      certification authority's practices conform.  Reference to widely
      recognized standards may indicate concisely the suitability of the



Chokhani & Ford              Informational                      [Page 9]

RFC 2527                          PKIX                        March 1999


      certification authority's practices for another person's purposes,
      as well as the potential technological compatibility of the
      certificates issued by the certification authority with
      repositories and other systems.

3.6 RELATIONSHIP BETWEEN CERTIFICATE POLICY AND CERTIFICATION PRACTICE
    STATEMENT

   The concepts of certificate policy and CPS come from different
   sources and were developed for different reasons.  However, their
   interrelationship is important.

   A certification practice statement is a detailed statement by a
   certification authority as to its practices, that potentially needs
   to be understood and consulted by subscribers and certificate users
   (relying parties).  Although the level of detail may vary among CPSs,
   they will generally be more detailed than certificate policy
   definitions.  Indeed, CPSs may be quite comprehensive, robust
   documents providing a description of the precise service offerings,
   detailed procedures of the life-cycle management of certificates, and
   more - a level of detail which weds the CPS to a particular
   (proprietary) implementation of a service offering.

   Although such detail may be indispensable to adequately disclose, and
   to make a full assessment of trustworthiness in the absence of
   accreditation or other recognized quality metrics, a detailed CPS
   does not form a suitable basis for interoperability between CAs
   operated by different organizations.  Rather, certificate policies
   best serve as the vehicle on which to base common interoperability
   standards and common assurance criteria on an industry-wide (or
   possibly more global) basis.  A CA with a single CPS may support
   multiple certificate policies (used for different application
   purposes and/or by different certificate user communities).  Also,
   multiple different CAs, with non-identical certification practice
   statements, may support the same certificate policy.

   For example, the Federal Government might define a government-wide
   certificate policy for handling confidential human resources
   information.  The certificate policy definition will be a broad
   statement of the general characteristics of that certificate policy,
   and an indication of the types of applications for which it is
   suitable for use.  Different departments or agencies that operate
   certification authorities with different certification practice
   statements might support this certificate policy.  At the same time,
   such certification authorities may support other certificate
   policies.





Chokhani & Ford              Informational                     [Page 10]

RFC 2527                          PKIX                        March 1999


   The main difference between certificate policy and CPS can therefore
   be summarized as follows:

      (a) Most organizations that operate public or inter-
          organizational certification authorities will document their
          own practices in CPSs or similar statements.  The CPS is one
          of the organization's means of protecting itself and
          positioning its business relationships with subscribers and
          other entities.

      (b) There is strong incentive, on the other hand, for a
          certificate policy to apply more broadly than to just a single
          organization.  If a particular certificate policy is widely
          recognized and imitated, it has great potential as the basis
          of automated certificate acceptance in many systems, including
          unmanned systems and systems that are manned by people not
          independently empowered to determine the acceptability of
          different presented certificates.

   In addition to populating the certificate policies field with the
   certificate policy identifier, a certification authority may include,
   in certificates it issues, a reference to its certification practice
   statement.  A standard way to do this, using a certificate policy
   qualifier, is described in Section 3.4.

3.7  SET OF PROVISIONS

   A set of provisions is a collection of practice and/or policy
   statements, spanning a range of standard topics, for use in
   expressing a certificate policy definition or CPS employing the
   approach described in this framework.

   A certificate policy can be expressed as a single set of provisions.

   A CPS can be expressed as a single set of provisions with each
   component addressing the requirements of one or more certificate
   policies, or, alternatively, as an organized collection of sets of
   provisions.  For example, a CPS could be expressed as a combination
   of the following:

      (a) a list of certificate policies supported by the CPS;

      (b) for each certificate policy in (a), a set of provisions which
          contains statements that refine that certificate policy by
          filling in details not stipulated in that policy or expressly
          left to the discretion of the CPS by that certificate policy;
          such statements serve to state how this particular CPS
          implements the requirements of the particular certificate



Chokhani & Ford              Informational                     [Page 11]

RFC 2527                          PKIX                        March 1999


          policy;

      (c) a set of provisions that contains statements regarding the
          certification practices on the CA, regardless of certificate
          policy.

   The statements provided in (b) and (c) may augment or refine the
   stipulations of the applicable certificate policy definition, but
   must not conflict with any of the stipulations of such certificate
   policy definition.

   This framework outlines the contents of a set of provisions, in terms
   of eight primary components, as follows:

      * Introduction;

      * General Provisions;

      * Identification and Authentication;

      * Operational Requirements;

      * Physical, Procedural, and Personnel Security Controls;

      * Technical Security Controls;

      * Certificate and CRL Profile; and

      * Specification Administration.

   Components can be further divided into subcomponents, and a
   subcomponent may comprise multiple elements.  Section 4 provides a
   more detailed description of the contents of the above components,
   and their subcomponents.

4.  CONTENTS OF A SET OF PROVISIONS

   This section expands upon the contents of a set of provisions, as
   introduced in Section 3.7.  The topics identified in this section
   are, consequently, candidate topics for inclusion in a certificate
   policy definition or CPS.

   While many topics are identified, it is not necessary for a
   certificate policy or a CPS to include a concrete statement for every
   such topic.  Rather, a particular certificate policy or CPS may state
   "no stipulation" for a component, subcomponent, or element on which
   the particular certificate policy or CPS imposes no requirements.  In
   this sense, the list of topics can be considered a checklist of



Chokhani & Ford              Informational                     [Page 12]

RFC 2527                          PKIX                        March 1999


   topics for consideration by the certificate policy or CPS writer.  It
   is recommended that each and every component and subcomponent be
   included in a certificate policy or CPS, even if there is "no
   stipulation"; this will indicate to the reader that a conscious
   decision was made to include or exclude that topic.  This protects
   against inadvertent omission of a topic, while facilitating
   comparison of different certificate policies or CPSs, e.g., when
   making policy mapping decisions.

   In a certificate policy definition, it is possible to leave certain