draft-ietf-pkix-pr-tsa-02.txt

PKIX的RFC英文文档

Internet Draft                                                D. Pinkas
<draft-ietf-pkix-pr-tsa-02.txt>                                    Bull
Target Category: INFORMATIONAL                                  N. Pope
August 2002                                        Security & Standards
Expires in six months                                           J. Ross
                                                   Security & Standards

              Policy Requirements for Time-Stamping Authorities
                       <draft-ietf-pkix-pr-tsa-02.txt>

Status of this Memo

   This document is an Internet-Draft and is NOT offered in accordance 
   with Section 10 of RFC 2026, and the authors do not provide the IETF
   with any rights other than to publish as an Internet-Draft.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Copyright Notice

   Copyright (C) The Internet Society (2002). All Rights Reserved.

Abstract

   This document defines requirements for a baseline time-stamp policy 
   for TSAs issuing time-stamp tokens, supported by public key 
   certificates, with an accuracy of one second or better. A TSA may 
   define its own policy which enhances the policy defined in the 
   current document. Such a policy shall incorporate or further 
   constrain the requirements identified in the current document. 

   The contents of this Informational RFC is technically equivalent to
   ETSI TS 102 023 [TS 102023]. The ETSI TS is under the
   ETSI Copyright (C). Individual copies of this ETSI deliverable can 
   be downloaded from http://www.etsi.org

Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in 
   this document are to be interpreted as described in RFC 2119 
   [RFC 2119].

Pinkas, Pope, Ross             Informational                   [Page 1]

    Policy Requirements for Time-Stamping Authorities       August 2002


Table of Contents

1. Introduction                                                      4

2. Overview                                                          5

3. Definitions and abbreviations                                     5

  3.1. Definitions                                                   5
  3.2. Abbreviations                                                 7

4. General concepts                                                  7

  4.1. Time-stamping services                                        7
  4.2. Time-stamping authority                                       7
  4.3. Subscriber                                                    8
  4.4. Time-stamp policy and TSA practice statement                  8
    4.4.1. Purpose                                                   8
    4.4.2. Level of specificity                                      8
    4.4.3. Approach                                                  9

5. Time-stamp Policies                                               9

  5.1. Overview                                                      9
  5.2. Identification                                                9
  5.3. User Community and applicability                             10
  5.4. Conformance                                                  10

6. Obligations and liability                                        10

  6.1. TSA obligations                                              10
    6.1.1. General                                                  10
    6.1.2. TSA obligations towards subscribers                      11
  6.2. Subscriber obligations                                       11
  6.3. Relying party obligations                                    11
  6.4. Liability                                                    11

7. Requirements on TSA practices                                    11

  7.1. Practice and Disclosure Statements                           12
    7.1.1.  TSA Practice statement                                  12
    7.1.2.  TSA disclosure Statement                                13
  7.2. Key management life cycle                                    14
    7.2.1. TSU key generation                                       14
    7.2.2. TSU private key protection                               15
    7.2.3. TSU public key Distribution                              15
    7.2.4. Rekeying TSU's Key                                       16
    7.2.5. End of TSU key life cycle                                16
    7.2.6. Life cycle management of the cryptographic module 
           used to sign time-stamps                                 17




Pinkas, Pope, Ross             Informational                   [Page 2]

    Policy Requirements for Time-Stamping Authorities       August 2002



  7.3. Time-stamping                                                17

    7.3.1. Time-stamp token                                         17
    7.3.2. Clock Synchronization with UTC                           18

  7.4. TSA management and operation                                 19

    7.4.1. Security management                                      19
    7.4.2. Asset classification and management                      20
    7.4.3. Personnel security                                       20
    7.4.4. Physical and environmental security                      22
    7.4.5. Operations management                                    23
    7.4.6. System Access Management                                 24
    7.4.7. Trustworthy Systems Deployment and Maintenance           25
    7.4.8. Compromise of TSA Services                               25
    7.4.9. TSA termination                                          26
    7.4.10. Compliance with Legal Requirements                      27
    7.4.11. Recording of Information Concerning Operation 
            of Time-stamping Services                               27
  7.5. Organizational                                               28

8. Acknowledgments                                                  29

9. References                                                       29

10. Authors' addresses                                              31

Annex A (informative): Coordinated Universal Time                   32

Annex B (informative): Possible for Implementation Architectures