rfc1424.txt

来自「RFC 的详细文档！」· 文本 代码 · 共 507 行 · 第 1/2 页

Network Working Group                                         B. Kaliski
Request for Comments: 1424                              RSA Laboratories
                                                           February 1993


           Privacy Enhancement for Internet Electronic Mail:
            Part IV: Key Certification and Related Services

Status of this Memo

   This RFC specifies an IAB standards track protocol for the Internet
   community, and requests discussion and suggestions for improvements.
   Please refer to the current edition of the "IAB Official Protocol
   Standards" for the standardization state and status of this protocol.
   Distribution of this memo is unlimited.

Acknowledgements

   This document is the product of many discussions at RSA Data
   Security, at Trusted Information Systems, and on the <pem-
   dev@tis.com> mailing list.  Contributors include Dave Balenson, Jim
   Bidzos, Pat Cain, Vint Cerf, Pam Cochrane, Steve Dusse, Jeff Fassett,
   Craig Finseth, Jim Galvin, Mike Indovina, Bob Jueneman, Steve Kent,
   John Lowry, Paul McKenney, Jeff Thompson, and Charles Wu.  This
   document is the product of the Privacy-Enhanced Electronic Mail
   Working Group.

1. Executive Summary

   This document describes three types of service in support of Internet
   Privacy-Enhanced Mail (PEM) [1-3]: key certification, certificate-
   revocation list (CRL) storage, and CRL retrieval. Such services are
   among those required of an RFC 1422 [2] certification authority.
   Other services such as certificate revocation and certificate
   retrieval are left to the certification authority to define, although
   they may be based on the services described in this document.

   Each service involves an electronic-mail request and an electronic-
   mail reply. The request is either an RFC 1421 [1] privacy-enhanced
   message or a message with a new syntax defined in this document. The
   new syntax follows the general RFC 1421 syntax but has a different
   process type, thereby distinguishing it from ordinary privacy-
   enhanced messages. The reply is either an RFC 1421 privacy-enhanced
   message, or an ordinary unstructured message.

   Replies that are privacy-enhanced messages can be processed like any
   other privacy-enhanced message, so that the new certificate or the
   retrieved CRLs can be inserted into the requestor's database during



Kaliski                                                         [Page 1]

RFC 1424        Key Certification and Related Services     February 1993


   normal privacy-enhanced mail processing.

   Certification authorities may also require non-electronic forms of
   request and may return non-electronic replies. It is expected that
   descriptions of such forms, which are outside the scope of this
   document, will be available through a certification authority's
   "information" service.

2. Overview of Services

   This section describes the three services in general terms.

   The electronic-mail address to which requests are sent is left to the
   certification authority to specify. It is expected that certification
   authorities will advertise their addresses as part of an
   "information" service. Replies are sent to the address in the
   "Reply-To:" field of the request, and if that field is omitted, to
   the address in the "From:" field.

2.1 Key Certification

   The key-certification service signs a certificate containing a
   specified subject name and public key. The service takes a
   certification request (see Section 3.1), signs a certificate
   constructed from the request, and returns a certification reply (see
   Section 3.2) containing the new certificate.

   The certification request specifies the requestor's subject name and
   public key in the form of a self-signed certificate. The
   certification request contains two signatures, both computed with the
   requestor's private key:

     1.   The signature on the self-signed certificate, having the
          cryptographic purpose of preventing a requestor from
          requesting a certificate with another party's public key.
          (See Section 4.)

     2.   A signature on some encapsulated text, having the
          practical purpose of allowing the certification authority
          to construct an ordinary RFC 1421 privacy-enhanced
          message as a reply, with user-friendly encapsulated text.
          (RFC 1421 does not provide for messages with
          certificates but no encapsulated text; and the self-
          signed certificate is not "user friendly" text.) The text
          should be something innocuous like "Hello world!"

   A requestor would typically send a certification request after
   generating a public-key/private-key pair, but may also do so after a



Kaliski                                                         [Page 2]

RFC 1424        Key Certification and Related Services     February 1993


   change in the requestor's distinguished name.

   A certification authority signs a certificate only if both signatures
   in the certification request are valid.

   The new certificate contains the subject name and public key from the
   self-signed certificate, and an issuer name, serial number, validity
   period, and signature algorithm of the certification authority's
   choice. (The validity period may be derived from the self-signed
   certificate.) Following RFC 1422, the issuer may be any whose
   distinguished name is superior to the subject's distinguished name,
   typically the one closest to the subject. The certification authority
   signs the certificate with the issuer's private key, then transforms
   the request into a reply containing the new certificate (see Section
   3.2 for details).

   The certification reply includes a certification path from the new
   certificate to the RFC 1422 Internet certification authority. It may
   also include other certificates such as cross-certificates that the
   certification authority considers helpful to the requestor.

2.2 CRL Storage

   The CRL storage service stores CRLs. The service takes a CRL-storage
   request (see Section 3.3) specifying the CRLs to be stored, stores
   the CRLs, and returns a CRL-storage reply (see Section 3.4)
   acknowledging the request.

   The certification authority stores a CRL only if its signature and
   certification path are valid, following concepts in RFC 1422
   (Although a certification path is not required in a CRL-storage
   request, it may help the certification authority validate the CRL.)

2.3 CRL Retrieval

   The CRL retrieval service retrieves the latest CRLs of specified
   certificate issuers. The service takes a CRL-retrieval request (see
   Section 3.5), retrieves the latest CRLs the request specifies, and
   returns a CRL-retrieval reply (see Section 3.6) containing the CRLs.

   There may be more than one "latest" CRL for a given issuer, if that
   issuer has more than one public key (see RFC 1422 for details).

   The CRL-retrieval reply includes a certification path from each
   retrieved CRL to the RFC 1422 Internet certification authority. It
   may also include other certificates such as cross-certificates that
   the certification authority considers helpful to the requestor.




Kaliski                                                         [Page 3]

RFC 1424        Key Certification and Related Services     February 1993


3. Syntax

   This section describes the syntax of requests and replies for the
   three services, giving simple examples.

3.1 Certification request

   A certification request is an RFC 1421 MIC-ONLY or MIC-CLEAR
   privacy-enhanced message containing a self-signed certificate. There
   is only one signer.

   The fields of the self-signed certificate (which has type
   Certificate, as in RFC 1422) are as follows:

     version is 0

     serialNumber is arbitrary; the value 0 is suggested unless the
          certification authority specifies otherwise

     signature is the algorithm by which the self-signed
          certificate is signed; it need not be the same as the
          algorithm by which the requested certificate is to be
          signed

     issuer is the requestor's distinguished name

     validity is arbitrary; the value with start and end both at
          12:00am GMT, January 1, 1970, is suggested unless the
          certification authority specifies otherwise

     subject is the requestor's distinguished name

     subjectPublicKeyInfo is the requestor's public key

   The requestor's MIC encryption algorithm must be asymmetric (e.g.,
   RSA) and the MIC algorithm must be keyless (e.g., RSA-MD2, not MAC),
   so that anyone can verify the signature.














Kaliski                                                         [Page 4]

RFC 1424        Key Certification and Related Services     February 1993


   Example:

   To: cert-service@ca.domain
   From: requestor@host.domain

   -----BEGIN PRIVACY-ENHANCED MESSAGE-----
   Proc-Type: 4,MIC-ONLY
   Content-Domain: RFC822
   Originator-Certificate: <requestor's self-signed certificate>
   MIC-Info: RSA,RSA-MD2,<requestor's signature on text>

   <text>
   -----END PRIVACY-ENHANCED MESSAGE-----

3.2 Certification reply

   A certification reply is an RFC 1421 MIC-ONLY or MIC-CLEAR privacy-
   enhanced message containing a new certificate, its certification path
   to the RFC 1422 Internet certification authority, and possibly other
   certificates. There is only one signer. The "MIC-Info:" field and
   encapsulated text are taken directly from the certification request.
   The reply has the same process type (MIC-ONLY or MIC-CLEAR) as the
   request.