Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
RFC 3647
Document | Type |
RFC - Informational
(November 2003; Errata)
Obsoletes RFC 2527
|
|
---|---|---|---|
Authors | Stephen Wu , Randy Sabett , Santosh Chokhani , Warwick Ford , Charles Merrill | ||
Last updated | 2020-01-21 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3647 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | <wpolk@nist.gov> |
Network Working Group S. Chokhani Request for Comments: 3647 Orion Security Solutions, Inc. Obsoletes: 2527 W. Ford Category: Informational VeriSign, Inc. R. Sabett Cooley Godward LLP C. Merrill McCarter & English, LLP S. Wu Infoliance, Inc. November 2003 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document presents a framework to assist the writers of certificate policies or certification practice statements for participants within public key infrastructures, such as certification authorities, policy authorities, and communities of interest that wish to rely on certificates. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy or a certification practice statement. This document supersedes RFC 2527. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Purpose. . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3. Scope. . . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.1. Certificate Policy . . . . . . . . . . . . . . . . . . . 9 3.2. Certificate Policy Examples. . . . . . . . . . . . . . . 11 3.3. X.509 Certificate Fields . . . . . . . . . . . . . . . . 12 Chokhani, et al. Informational [Page 1] RFC 3647 Internet X.509 Public Key Infrastructure November 2003 3.3.1. Certificate Policies Extension . . . . . . . . . 12 3.3.2. Policy Mappings Extension. . . . . . . . . . . . 13 3.3.3. Policy Constraints Extension . . . . . . . . . . 13 3.3.4. Policy Qualifiers. . . . . . . . . . . . . . . . 14 3.4. Certification Practice Statement . . . . . . . . . . . . 15 3.5. Relationship Between CP and CPS. . . . . . . . . . . . . 16 3.6. Relationship Among CPs, CPSs, Agreements, and Other Documents. . . . . . . . . . . . . . . . . . . . . 17 3.7. Set of Provisions. . . . . . . . . . . . . . . . . . . . 20 4. Contents of a Set of Provisions. . . . . . . . . . . . . . . . 21 4.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 22 4.1.1. Overview . . . . . . . . . . . . . . . . . . . . 22 4.1.2. Document Name and Identification . . . . . . . . 22 4.1.3. PKI Participants . . . . . . . . . . . . . . . . 23 4.1.4. Certificate Usage. . . . . . . . . . . . . . . . 24 4.1.5. Policy Administration. . . . . . . . . . . . . . 24 4.1.6. Definitions and Acronyms . . . . . . . . . . . . 24 4.2. Publication and Repository Responsibilities. . . . . . . 25 4.3. Identification and Authentication (I&A). . . . . . . . . 25 4.3.1. Naming . . . . . . . . . . . . . . . . . . . . . 25 4.3.2. Initial Identity Validation. . . . . . . . . . . 26 4.3.3. I&A for Re-key Requests. . . . . . . . . . . . . 27 4.3.4. I&A for Revocation Requests. . . . . . . . . . . 27 4.4. Certificate Life-Cycle Operational Requirements. . . . . 27 4.4.1. Certificate Application. . . . . . . . . . . . . 28 4.4.2. Certificate Application Processing . . . . . . . 28 4.4.3. Certificate Issuance . . . . . . . . . . . . . . 28 4.4.4. Certificate Acceptance . . . . . . . . . . . . . 29 4.4.5. Key Pair and Certificate Usage . . . . . . . . . 29 4.4.6. Certificate Renewal. . . . . . . . . . . . . . . 30 4.4.7. Certificate Re-key . . . . . . . . . . . . . . . 30 4.4.8. Certificate Modification . . . . . . . . . . . . 31 4.4.9. Certificate Revocation and Suspension. . . . . . 31 4.4.10. Certificate Status Services. . . . . . . . . . . 33Show full document text