datatracker.ietf.org
Sign in
Version 5.6.2.p5, 2014-08-04
Report a bug

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
RFC 3647

Document type: RFC - Informational (November 2003; Errata)
Obsoletes RFC 2527
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3647 (Informational)
Responsible AD: Russ Housley
Send notices to: <kent@bbn.com>, <wpolk@nist.gov>

Network Working Group                                        S. Chokhani
Request for Comments: 3647                Orion Security Solutions, Inc.
Obsoletes: 2527                                                  W. Ford
Category: Informational                                   VeriSign, Inc.
                                                               R. Sabett
                                                      Cooley Godward LLP
                                                              C. Merrill
                                                 McCarter & English, LLP
                                                                   S. Wu
                                                        Infoliance, Inc.
                                                           November 2003

                Internet X.509 Public Key Infrastructure
        Certificate Policy and Certification Practices Framework

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document presents a framework to assist the writers of
   certificate policies or certification practice statements for
   participants within public key infrastructures, such as certification
   authorities, policy authorities, and communities of interest that
   wish to rely on certificates.  In particular, the framework provides
   a comprehensive list of topics that potentially (at the writer's
   discretion) need to be covered in a certificate policy or a
   certification practice statement.  This document supersedes RFC 2527.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
       1.1.  Background . . . . . . . . . . . . . . . . . . . . . . .  4
       1.2.  Purpose. . . . . . . . . . . . . . . . . . . . . . . . .  5
       1.3.  Scope. . . . . . . . . . . . . . . . . . . . . . . . . .  6
   2.  Definitions. . . . . . . . . . . . . . . . . . . . . . . . . .  6
   3.  Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
       3.1.  Certificate Policy . . . . . . . . . . . . . . . . . . .  9
       3.2.  Certificate Policy Examples. . . . . . . . . . . . . . . 11
       3.3.  X.509 Certificate Fields . . . . . . . . . . . . . . . . 12

Chokhani, et al.             Informational                      [Page 1]
RFC 3647        Internet X.509 Public Key Infrastructure   November 2003

             3.3.1.  Certificate Policies Extension . . . . . . . . . 12
             3.3.2.  Policy Mappings Extension. . . . . . . . . . . . 13
             3.3.3.  Policy Constraints Extension . . . . . . . . . . 13
             3.3.4.  Policy Qualifiers. . . . . . . . . . . . . . . . 14
       3.4.  Certification Practice Statement . . . . . . . . . . . . 15
       3.5.  Relationship Between CP and CPS. . . . . . . . . . . . . 16
       3.6.  Relationship Among CPs, CPSs, Agreements, and
             Other Documents. . . . . . . . . . . . . . . . . . . . . 17
       3.7.  Set of Provisions. . . . . . . . . . . . . . . . . . . . 20
   4.  Contents of a Set of Provisions. . . . . . . . . . . . . . . . 21
       4.1.  Introduction . . . . . . . . . . . . . . . . . . . . . . 22
             4.1.1.  Overview . . . . . . . . . . . . . . . . . . . . 22
             4.1.2.  Document Name and Identification . . . . . . . . 22
             4.1.3.  PKI Participants . . . . . . . . . . . . . . . . 23
             4.1.4.  Certificate Usage. . . . . . . . . . . . . . . . 24
             4.1.5.  Policy Administration. . . . . . . . . . . . . . 24
             4.1.6.  Definitions and Acronyms . . . . . . . . . . . . 24
       4.2.  Publication and Repository Responsibilities. . . . . . . 25
       4.3.  Identification and Authentication (I&A). . . . . . . . . 25
             4.3.1.  Naming . . . . . . . . . . . . . . . . . . . . . 25
             4.3.2.  Initial Identity Validation. . . . . . . . . . . 26
             4.3.3.  I&A for Re-key Requests. . . . . . . . . . . . . 27
             4.3.4.  I&A for Revocation Requests. . . . . . . . . . . 27
       4.4.  Certificate Life-Cycle Operational Requirements. . . . . 27
             4.4.1.  Certificate Application. . . . . . . . . . . . . 28
             4.4.2.  Certificate Application Processing . . . . . . . 28
             4.4.3.  Certificate Issuance . . . . . . . . . . . . . . 28
             4.4.4.  Certificate Acceptance . . . . . . . . . . . . . 29
             4.4.5.  Key Pair and Certificate Usage . . . . . . . . . 29
             4.4.6.  Certificate Renewal. . . . . . . . . . . . . . . 30
             4.4.7.  Certificate Re-key . . . . . . . . . . . . . . . 30

[include full document text]