Template for a Certification Practice Statement (CPS) for the Resource PKI (RPKI)
draft-ietf-sidr-cps-02

The information below is for an old version of the document
Document Type Active Internet-Draft (sidr WG)
Last updated 2013-09-19 (latest revision 2013-07-29)
Replaces draft-ietf-sidr-cps-isp, draft-ietf-sidr-cps-irs
Stream IETF
Intended RFC status Best Current Practice
Formats pdf htmlized bibtex
Reviews
Stream WG state WG Consensus: Waiting for Write-Up
Revised I-D Needed - Issue raised by WGLC
Document shepherd None
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Secure Inter-Domain Routing (sidr)                             Kent, S.
Internet Draft                                                 Kong, D.
Expires: January 2014                                           Seo, K.
Intended Status: BCP                                   BBN Technologies
                                                              July 2013

       Template for a Certification Practice Statement (CPS) for the
                            Resource PKI (RPKI)
                        draft-ietf-sidr-cps-02.txt

Abstract

   This document contains a template to be used for creating a
   Certification Practice Statement (CPS) for an Organization that is
   part of the Resource Public Key Infrastructure (RPKI), e.g., a
   resource allocation registry or an ISP.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with
   the provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on January 31,2014.

Table of Contents

   Preface...........................................................7
   1. Introduction...................................................8
      1.1. Overview..................................................8

Kong, Seo & Kent         Expires January 2014                  [Page 1]
Internet-Draft        Template CPS for the RPKI               July 2013

      1.2. Document Name and Identification..........................9
      1.3. PKI Participants..........................................9
         1.3.1. Certification Authorities............................9
         1.3.2. Registration Authorities............................10
         1.3.3. Subscribers.........................................10
         1.3.4. Relying Parties.....................................10
         1.3.5. Other Participants..................................10
      1.4. Certificate Usage........................................10
         1.4.1. Appropriate Certificate Uses........................10
         1.4.2. Prohibited Certificate Uses.........................11
      1.5. Policy Administration....................................11
         1.5.1. Organization administering the document.............11
         1.5.2. Contact Person......................................11
         1.5.3. Person Determining CPS Suitability for the Policy...11
         1.5.4. CPS Approval Procedures.............................11
      1.6. Definitions and Acronyms.................................11
   2. Publication and Repository Responsibilities...................14
      2.1. Repositories.............................................14
      2.2. Publication of Certification Information.................14
      2.3. Time or Frequency of Publication.........................14
      2.4. Access Controls on Repositories..........................14
   3. Identification And Authentication.............................15
      3.1. Naming...................................................15
         3.1.1. Types of Names......................................15
         3.1.2. Need for Names to be Meaningful.....................15
         3.1.3. Anonymity or Pseudonymity of Subscribers............15
         3.1.4. Rules for Interpreting Various Name Forms...........15
         3.1.5. Uniqueness of Names.................................15
         3.1.6. Recognition, Authentication, and Role of Rrademarks.16
      3.2. Initial Identity Validation..............................16
         3.2.1. Method to Prove Possession of Private Key...........16
         3.2.2. Authentication of Organization Identity.............16
         3.2.3. Authentication of Individual Identity...............16
         3.2.4. Non-verified Subscriber Information.................17
         3.2.5. Validation of Authority.............................17
         3.2.6. Criteria for Interoperation.........................17
      3.3. Identification and Authentication for Re-key Requests....17
         3.3.1. Identification and Authentication for Routine Re-key17
         3.3.2. Identification and Authentication for Re-key after
         Revocation.................................................18
      3.4. Identification and Authentication for Revocation Request.18
   4. Certificate Life-Cycle Operational Requirements...............19
Show full document text