📄 rfc2527.txt
字号:
provisions of one of the listed certificate policies. This field is
Chokhani & Ford Informational [Page 6]
RFC 2527 PKIX March 1999
intended to protect the certification authority against damage claims
by a relying party who has used the certificate for an inappropriate
purpose or in an inappropriate manner, as stipulated in the
applicable certificate policy definition.
For example, the Internal Revenue Service might issue certificates to
taxpayers for the purpose of protecting tax filings. The Internal
Revenue Service understands and can accommodate the risks of
accidentally issuing a bad certificate, e.g., to a wrongly-
authenticated person. However, suppose someone used an Internal
Revenue Service tax-filing certificate as the basis for encrypting
multi-million-dollar-value proprietary secrets which subsequently
fell into the wrong hands because of an error in issuing the Internal
Revenue Service certificate. The Internal Revenue Service may want
to protect itself against claims for damages in such circumstances.
The critical-flagged Certificate Policies extension is intended to
mitigate the risk to the certificate issuer in such situations.
3.3.2 Policy Mappings Extension
The Policy Mappings extension may only be used in CA-certificates.
This field allows a certification authority to indicate that certain
policies in its own domain can be considered equivalent to certain
other policies in the subject certification authority's domain.
For example, suppose the ACE Corporation establishes an agreement
with the ABC Corporation to cross-certify each others' public-key
infrastructures for the purposes of mutually protecting electronic
data interchange (EDI). Further, suppose that both companies have
pre-existing financial transaction protection policies called ace-e-
commerce and abc-e-commerce, respectively. One can see that simply
generating cross certificates between the two domains will not
provide the necessary interoperability, as the two companies'
applications are configured with and employee certificates are
populated with their respective certificate policies. One possible
solution is to reconfigure all of the financial applications to
require either policy and to reissue all the certificates with both
policies. Another solution, which may be easier to administer, uses
the Policy Mapping field. If this field is included in a cross-
certificate for the ABC Corporation certification authority issued by
the ACE Corporation certification authority, it can provide a
statement that the ABC's financial transaction protection policy
(i.e., abc-e-commerce) can be considered equivalent to that of the
ACE Corporation (i.e., ace-e-commerce).
Chokhani & Ford Informational [Page 7]
RFC 2527 PKIX March 1999
3.3.3 Policy Constraints Extension
The Policy Constraints extension supports two optional features. The
first is the ability for a certification authority to require that
explicit certificate policy indications be present in all subsequent
certificates in a certification path. Certificates at the start of a
certification path may be considered by a certificate user to be part
of a trusted domain, i.e., certification authorities are trusted for
all purposes so no particular certificate policy is needed in the
Certificate Policies extension. Such certificates need not contain
explicit indications of certificate policy. However, when a
certification authority in the trusted domain certifies outside the
domain, it can activate the requirement for explicit certificate
policy in subsequent certificates in the certification path.
The other optional feature in the Policy Constraints field is the
ability for a certification authority to disable policy mapping by
subsequent certification authorities in a certification path. It may
be prudent to disable policy mapping when certifying outside the
domain. This can assist in controlling risks due to transitive
trust, e.g., a domain A trusts domain B, domain B trusts domain C,
but domain A does not want to be forced to trust domain C.
3.4 POLICY QUALIFIERS
The Certificate Policies extension field has a provision for
conveying, along with each certificate policy identifier, additional
policy-dependent information in a qualifier field. The X.509
standard does not mandate the purpose for which this field is to be
used, nor does it prescribe the syntax for this field. Policy
qualifier types can be registered by any organization.
The following policy qualifier types are defined in PKIX Part I
[PKI1]:
(a) The CPS Pointer qualifier contains a pointer to a
Certification Practice Statement (CPS) published by the CA.
The pointer is in the form of a uniform resource identifier
(URI).
(b) The User Notice qualifier contains a text string that is to be
displayed to a certificate user (including subscribers and
relying parties) prior to the use of the certificate. The
text string may be an IA5String or a BMPString - a subset of
the ISO 100646-1 multiple octet coded character set. A CA may
invoke a procedure that requires that the certficate user
acknowledge that the applicable terms and conditions have been
disclosed or accepted.
Chokhani & Ford Informational [Page 8]
RFC 2527 PKIX March 1999
Policy qualifiers can be used to support the definition of generic,
or parameterized, certificate policy definitions. Provided the base
certificate policy definition so provides, policy qualifier types can
be defined to convey, on a per-certificate basis, additional specific
policy details that fill in the generic definition.
3.5 CERTIFICATION PRACTICE STATEMENT
The term certification practice statement (CPS) is defined by the ABA
Guidelines as: "A statement of the practices which a certification
authority employs in issuing certificates." [ABA1] In the 1995 draft
of the ABA guidelines, the ABA expands this definition with the
following comments:
A certification practice statement may take the form of a
declaration by the certification authority of the details of its
trustworthy system and the practices it employs in its operations
and in support of issuance of a certificate, or it may be a
statute or regulation applicable to the certification authority
and covering similar subject matter. It may also be part of the
contract between the certification authority and the subscriber. A
certification practice statement may also be comprised of multiple
documents, a combination of public law, private contract, and/or
declaration.
Certain forms for legally implementing certification practice
statements lend themselves to particular relationships. For
example, when the legal relationship between a certification
authority and subscriber is consensual, a contract would
ordinarily be the means of giving effect to a certification
practice statement. The certification authority's duties to a
relying person are generally based on the certification
authority's representations, which may include a certification
practice statement.
Whether a certification practice statement is binding on a relying
person depends on whether the relying person has knowledge or
notice of the certification practice statement. A relying person
has knowledge or at least notice of the contents of the
certificate used by the relying person to verify a digital
signature, including documents incorporated into the certificate
by reference. It is therefore advisable to incorporate a
certification practice statement into a certificate by reference.
As much as possible, a certification practice statement should
indicate any of the widely recognized standards to which the
certification authority's practices conform. Reference to widely
recognized standards may indicate concisely the suitability of the
Chokhani & Ford Informational [Page 9]
RFC 2527 PKIX March 1999
certification authority's practices for another person's purposes,
as well as the potential technological compatibility of the
certificates issued by the certification authority with
repositories and other systems.
3.6 RELATIONSHIP BETWEEN CERTIFICATE POLICY AND CERTIFICATION PRACTICE
STATEMENT
The concepts of certificate policy and CPS come from different
sources and were developed for different reasons. However, their
interrelationship is important.
A certification practice statement is a detailed statement by a
certification authority as to its practices, that potentially needs
to be understood and consulted by subscribers and certificate users
(relying parties). Although the level of detail may vary among CPSs,
they will generally be more detailed than certificate policy
definitions. Indeed, CPSs may be quite comprehensive, robust
documents providing a description of the precise service offerings,
detailed procedures of the life-cycle management of certificates, and
more - a level of detail which weds the CPS to a particular
(proprietary) implementation of a service offering.
Although such detail may be indispensable to adequately disclose, and
to make a full assessment of trustworthiness in the absence of
accreditation or other recognized quality metrics, a detailed CPS
does not form a suitable basis for interoperability between CAs
operated by different organizations. Rather, certificate policies
best serve as the vehicle on which to base common interoperability
standards and common assurance criteria on an industry-wide (or
possibly more global) basis. A CA with a single CPS may support
multiple certificate policies (used for different application
purposes and/or by different certificate user communities). Also,
multiple different CAs, with non-identical certification practice
statements, may support the same certificate policy.
For example, the Federal Government might define a government-wide
certificate policy for handling confidential human resources
information. The certificate policy definition will be a broad
statement of the general characteristics of that certificate policy,
and an indication of the types of applications for which it is
suitable for use. Different departments or agencies that operate
certification authorities with different certification practice
statements might support this certificate policy. At the same time,
such certification authorities may support other certificate
policies.
Chokhani & Ford Informational [Page 10]
RFC 2527 PKIX March 1999
The main difference between certificate policy and CPS can therefore
be summarized as follows:
(a) Most organizations that operate public or inter-
organizational certification authorities will document their
own practices in CPSs or similar statements. The CPS is one
of the organization's means of protecting itself and
positioning its business relationships with subscribers and
other entities.
(b) There is strong incentive, on the other hand, for a
certificate policy to apply more broadly than to just a single
organization. If a particular certificate policy is widely
recognized and imitated, it has great potential as the basis
of automated certificate acceptance in many systems, including
unmanned systems and systems that are manned by people not
independently empowered to determine the acceptability of
different presented certificates.
In addition to populating the certificate policies field with the
certificate policy identifier, a certification authority may include,
in certificates it issues, a reference to its certification practice
statement. A standard way to do this, using a certificate policy
qualifier, is described in Section 3.4.
3.7 SET OF PROVISIONS
A set of provisions is a collection of practice and/or policy
statements, spanning a range of standard topics, for use in
expressing a certificate policy definition or CPS employing the
approach described in this framework.
A certificate policy can be expressed as a single set of provisions.
A CPS can be expressed as a single set of provisions with each
component addressing the requirements of one or more certificate
policies, or, alternatively, as an organized collection of sets of
provisions. For example, a CPS could be expressed as a combination
of the following:
(a) a list of certificate policies supported by the CPS;
(b) for each certificate policy in (a), a set of provisions which
contains statements that refine that certificate policy by
filling in details not stipulated in that policy or expressly
left to the discretion of the CPS by that certificate policy;
such statements serve to state how this particular CPS
implements the requirements of the particular certificate
Chokhani & Ford Informational [Page 11]
RFC 2527 PKIX March 1999
policy;
(c) a set of provisions that contains statements regarding the
certification practices on the CA, regardless of certificate
policy.
The statements provided in (b) and (c) may augment or refine the
stipulations of the applicable certificate policy definition, but
must not conflict with any of the stipulations of such certificate
policy definition.
This framework outlines the contents of a set of provisions, in terms
of eight primary components, as follows:
* Introduction;
* General Provisions;
* Identification and Authentication;
* Operational Requirements;
* Physical, Procedural, and Personnel Security Controls;
* Technical Security Controls;
* Certificate and CRL Profile; and
* Specification Administration.
Components can be further divided into subcomponents, and a
subcomponent may comprise multiple elements. Section 4 provides a
more detailed description of the contents of the above components,
and their subcomponents.
4. CONTENTS OF A SET OF PROVISIONS
This section expands upon the contents of a set of provisions, as
introduced in Section 3.7. The topics identified in this section
are, consequently, candidate topics for inclusion in a certificate
policy definition or CPS.
While many topics are identified, it is not necessary for a
certificate policy or a CPS to include a concrete statement for every
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -