rfc2527.txt

PKIX的RFC英文文档

      * If and how the subject must prove possession of the companion
        private key for the public key being registered (9);

      * Authentication requirements for organizational identity of
        subject (CA, RA, or end entity) (10);

      * Authentication requirements for a person acting on behalf of a
        subject (CA, RA, or end entity) (11), including:

         * Number of pieces of identification required;
         * How a CA or RA validates the pieces of identification
           provided;
         * If the individual must present personally to the
           authenticating CA or RA;
         * How an individual as an organizational person is
           authenticated (12).

4.3.2 Routine Rekey

   This subcomponent describes the identification and authentication
   procedures for routine rekey for each subject type (CA, RA, and end
   entity). (13)

4.3.3 Rekey After Revocation -- No Key Compromise

   This subcomponent describes the identification and authentication
   procedures for rekey for each subject type (CA, RA, and end entity)
   after the subject certificate has been revoked.  (14)





Chokhani & Ford              Informational                     [Page 19]

RFC 2527                          PKIX                        March 1999


4.3.4 Revocation Request

   This subcomponent describes the identification and authentication
   procedures for a revocation request by each subject type (CA, RA, and
   end entity). (16)

4.4 OPERATIONAL REQUIREMENTS

   This component is used to specify requirements imposed upon issuing
   CA, subject CAs, RAs, or end entities with respect to various
   operational activities.

   This component consists of the following subcomponents:

      * Certificate Application;

      * Certificate Issuance;

      * Certificate Acceptance;

      * Certificate Suspension and Revocation;

      * Security Audit Procedures;

      * Records Archival;

      * Key Changeover;

      * Compromise and Disaster Recovery; and

      * CA Termination.

   Within each subcomponent, separate consideration may need to be given
   to issuing CA, repository, subject CAs, RAs, and end entities.

4.4.1 Certificate Application

   This subcomponent is used to state requirements regarding subject
   enrollment and request for certificate issuance.

4.4.2 Certificate Issuance

   This subcomponent is used to state requirements regarding issuance of
   a certificate and notification to the applicant of such issuance.







Chokhani & Ford              Informational                     [Page 20]

RFC 2527                          PKIX                        March 1999


4.4.3 Certificate Acceptance

   This subcomponent is used to state requirements regarding acceptance
   of an issued certificate and for consequent publication of
   certificates.

4.4.4 Certificate Suspension and Revocation

   This subcomponent addresses the following:

      * Circumstances under which a certificate may be revoked;

      * Who can request the revocation of the entity certificate;

      * Procedures used for certificate revocation request;

      * Revocation request grace period available to the subject;

      * Circumstances under which a certificate may be suspended;

      * Who can request the suspension of a certificate;

      * Procedures to request certificate suspension;

      * How long the suspension may last;

      * If a CRL mechanism is used, the issuance frequency;

      * Requirements on relying parties to check CRLs;

      * On-line revocation/status checking availability;

      * Requirements on relying parties to perform on-line
        revocation/status checks;

      * Other forms of revocation advertisements available; and

      * Requirements on relying parties to check other forms of
        revocation advertisements.

      * Any variations on the above stipulations when the suspension or
        revocation is the result of private key compromise (as opposed
        to other reasons for suspension or revocation).








Chokhani & Ford              Informational                     [Page 21]

RFC 2527                          PKIX                        March 1999


4.4.5  Security Audit Procedures

   This subcomponent is used to describe event logging and audit
   systems, implemented for the purpose of maintaining a secure
   environment.  Elements include the following:

      * Types of events recorded; (28)

      * Frequency with which audit logs are processed or audited;

      * Period for which audit logs are kept;

      * Protection of audit logs:

         - Who can view audit logs;
         - Protection against modification of audit log; and
         - Protection against deletion of audit log.

      * Audit log back up procedures;

      * Whether the audit log accumulation system is internal or
        external to the entity;

      * Whether the subject who caused an audit event to occur is
        notified of the audit action; and

      * Vulnerability assessments.

4.4.6  Records Archival

   This subcomponent is used to describe general records archival (or
   records retention) policies, including the following:

      * Types of events recorded; (29)

      * Retention period for archive;

      * Protection of archive:

         - Who can view the archive;
         - Protection against modification of archive; and
         - Protection against deletion of archive.

      * Archive backup procedures;

      * Requirements for time-stamping of records;

      * Whether the archive collection system is internal or external;



Chokhani & Ford              Informational                     [Page 22]

RFC 2527                          PKIX                        March 1999


        and

      * Procedures to obtain and verify archive information.

4.4.7  Key Changeover

   This subcomponent describes the procedures to provide a new public
   key to a CA's users.

4.4.8  Compromise and Disaster Recovery

   This subcomponent describes requirements relating to notification and
   recovery procedures in the event of compromise or disaster.  Each of
   the following circumstances may need to be addressed separately:

      * The recovery procedures used if computing resources, software,
        and/or data are corrupted or suspected to be corrupted.  These
        procedures describe how a secure environment is reestablished,

        which certificates are revoked, whether the entity key is
        revoked, how the new entity public key is provided to the users,
        and how the subjects are recertified.

      * The recovery procedures used if the entity public key is
        revoked.  These procedures describe how a secure environment is
        reestablished, how the new entity public key is provided to the
        users, and how the subjects are recertified.

      * The recovery procedures used if the entity key is compromised.
        These procedures describe how a secure environment is
        reestablished, how the new entity public key is provided to the
        users, and how the subjects are recertified.

      * The CA's procedures for securing its facility during the period
        of time following a natural or other disaster and before a
        secure environment is reestablished either at the original site
        or a remote hot-site.  For example, procedures to protect
        against theft of sensitive materials from an earthquake-damaged
        site.

4.4.9 CA Termination

   This subcomponent describes requirements relating to procedures for
   termination and for termination notification of a CA or RA, including
   the identity of the custodian of CA and RA archival records.






Chokhani & Ford              Informational                     [Page 23]

RFC 2527                          PKIX                        March 1999


4.5 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS

   This component describes non-technical security controls (that is,
   physical, procedural, and personnel controls) used by the issuing CA
   to perform securely the functions of key generation, subject
   authentication, certificate issuance, certificate revocation, audit,
   and archival.

   This component can also be used to define non-technical security
   controls on repository, subject CAs, RAs, and end entities.  The non
   technical security controls for the subject CAs, RAs, and end
   entities could be the same, similar, or very different.

   These non-technical security controls are critical to trusting the
   certificates since lack of security may compromise CA operations
   resulting, for example, in the creation of certificates or CRLs with
   erroneous information or the compromise of the CA private key.

   This component consists of three subcomponents:

      * Physical Security Controls;

      * Procedural Controls; and

      * Personnel Security Controls.

   Within each subcomponent, separate consideration will, in general,
   need to be given to each entity type, that is, issuing CA,
   repository, subject CAs, RAs, and end entities.

4.5.1 Physical Security Controls

   In this subcomponent, the physical controls on the facility housing
   the entity systems are described.(21) Topics addressed may include:

      * Site location and construction;

      * Physical access;

      * Power and air conditioning;

      * Water exposures;

      * Fire prevention and protection;

      * Media storage;

      * Waste disposal; and



Chokhani & Ford              Informational                     [Page 24]

RFC 2527                          PKIX                        March 1999


      * Off-site backup.

4.5.2 Procedural Controls

   In this subcomponent, requirements for recognizing trusted roles are
   described, together with the responsibilities for each role.(22)

   For each task identified for each role, it should also be stated how
   many individuals are required to perform the task (n out m rule).
   Identification and authentication requirements for each role may also
   be defined.

4.5.3 Personnel Security Controls

   This subcomponent addresses the following:

      * Background checks and clearance procedures required for the
        personnel filling the trusted roles; (23)

      * Background checks and clearance procedures requirements for
        other personnel, including janitorial staff; (24)

      * Training requirements and training procedures for each role;

      * Any retraining period and retraining procedures for each role;