tech-invite   World Map     

3GPP     Specs     Glossaries     Architecture     IMS     UICC       IETF     RFCs     Groups     SIP     ABNFs       Search

RFC 3647

 
 
 

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework

Part 4 of 4, p. 88 to 94
Prev RFC Part

 


prevText      Top      Up      ToC       Page 88 
9.  References

   [ABA1] American Bar Association, Digital Signature Guidelines: Legal
          Infrastructure for Certification Authorities and Secure
          Electronic Commerce, 1996.

Top      Up      ToC       Page 89 
   [ABA2] American Bar Association, PKI Assessment Guidelines, v0.30,
          Public Draft For Comment, June 2001.

   [BAU1] Michael. S. Baum, Federal Certification Authority Liability
          and Policy, NIST-GCR-94-654, June 1994, available at
          http://www.verisign.com/repository/pubs/index.html.

   [ETS]  European Telecommunications Standards Institute, "Policy
          Requirements for Certification Authorities Issuing Qualified
          Certificates," ETSI TS 101 456, Version 1.1.1, December 2000.

   [GOC]  Government of Canada PKI Policy Management Authority, "Digital
          Signature and Confidentiality Certificate Policies for the
          Government of Canada Public Key Infrastructure," v.3.02, April
          1999.

   [IDT]  Identrus, LLC, "Identrus Identity Certificate Policy" IP-IPC
          Version 1.7, March 2001.

   [ISO1] ISO/IEC 9594-8/ITU-T Recommendation X.509, "Information
          Technology - Open Systems Interconnection: The Directory:
          Authentication Framework," 1997 edition. (Pending publication
          of 2000 edition, use 1997 edition.)

   [PEM1] Kent, S., "Privacy Enhancement for Internet Electronic Mail:
          Part II: Certificate-Based Key Management", RFC 1422, February
          1993.

   [PKI1] Housley, R., Polk, W. Ford, W. and D. Solo, "Internet X.509
          Public Key Infrastructure Certificate and Certificate
          Revocation List (CRL) Profile", RFC 3280, April 2002.

   [CPF]  Chokhani, S. and W. Ford, "Internet X.509 Public Key
          Infrastructure, Certificate Policy and Certification Practices
          Statement Framework", RFC 2527, March 1999.

10.  Notes

   1.  A paper copy of the ABA Digital Signature Guidelines can be
       purchased from the ABA.  See http://www.abanet.com for ordering
       details.  The DSG may also be downloaded without charge from the
       ABA website at
       http://www.abanet.org/scitech/ec/isc/digital_signature.html.

   2.  A draft of the PKI Assessment Guidelines may be downloaded
       without charge from the ABA website at
       http://www.abanet.org/scitech/ec/isc/pag/pag.html.

Top      Up      ToC       Page 90 
   3.  The term "meaningful" means that the name form has commonly
       understood semantics to determine the identity of a person and/or
       organization.  Directory names and RFC 822 names may be more or
       less meaningful.

   4.  The subject may not need to prove to the CA that the subject has
       possession of the private key corresponding to the public key
       being registered if the CA generates the subject's key pair on
       the subject's behalf.

   5.  Examples of means to identify and authenticate individuals
       include biometric means (such as thumb print, ten finger print,
       and scan of the face, palm, or retina), a driver's license, a
       credit card, a company badge, and a government badge.

   6.  Certificate "modification" does not refer to making a change to
       an existing certificate, since this would prevent the
       verification of any digital signatures on the certificate and
       cause the certificate to be invalid.  Rather, the concept of
       "modification" refers to a situation where the information
       referred to in the certificate has changed or should be changed,
       and the CA issues a new certificate containing the modified
       information.  One example is a subscriber that changes his or her
       name, which would necessitate the issuance of a new certificate
       containing the new name.

   7.  The n out of m rule allows a private key to be split in m parts.
       The m parts may be given to m different individuals.  Any n parts
       out of the m parts may be used to fully reconstitute the private
       key, but having any n-1 parts provides one with no information
       about the private key.

   8.  A private key may be escrowed, backed up, or archived.  Each of
       these functions has a different purpose.  Thus, a private key may
       go through any subset of these functions depending on the
       requirements.  The purpose of escrow is to allow a third party
       (such as an organization or government) to obtain the private key
       without the cooperation of the subscriber.  The purpose of back
       up is to allow the subscriber to reconstitute the key in case of
       the destruction or corruption of the key for business continuity
       purposes.  The purpose of archives is to provide for reuse of the
       private key in the future, e.g., use to decrypt a document.

   9.  WebTrust refers to the "WebTrust Program for Certification
       Authorities," from the American Institute of Certified Public
       Accountants, Inc., and the Canadian Institute of Chartered
       Accountants.

Top      Up      ToC       Page 91 
   10. See <http://www.aicpa.org>.

   11. All or some of the following items may be different for the
       various types of entities, i.e., CA, RA, and end entities.

11.  List of Acronyms

   ABA - American Bar Association
   CA - Certification Authority
   CP - Certificate Policy
   CPS - Certification Practice Statement
   CRL - Certificate Revocation List
   DAM - Draft Amendment
   FIPS - Federal Information Processing Standard
   I&A - Identification and Authentication
   IEC - International Electrotechnical Commission
   IETF - Internet Engineering Task Force
   IP - Internet Protocol
   ISO - International Organization for Standardization
   ITU - International Telecommunications Union
   NIST - National Institute of Standards and Technology
   OID - Object Identifier
   PIN - Personal Identification Number
   PKI - Public Key Infrastructure
   PKIX - Public Key Infrastructure (X.509) (IETF Working Group)
   RA - Registration Authority
   RFC - Request For Comment
   URL - Uniform Resource Locator
   US - United States

Top      Up      ToC       Page 92 
12.  Authors' Addresses

   Santosh Chokhani
   Orion Security Solutions, Inc.
   3410 N. Buchanan Street
   Arlington, VA 22207

   Phone: (703) 237-4621
   Fax:   (703) 237-4920
   EMail: chokhani@orionsec.com


   Warwick Ford
   VeriSign, Inc.
   6 Ellery Square
   Cambridge, MA 02138

   Phone: (617) 642-0139
   EMail: wford@verisign.com


   Randy V. Sabett, J.D., CISSP
   Cooley Godward LLP
   One Freedom Square, Reston Town Center
   11951 Freedom Drive
   Reston, VA 20190-5656

   Phone: (703) 456-8137
   Fax:   (703) 456-8100
   EMail: rsabett@cooley.com


   Charles (Chas) R. Merrill
   McCarter & English, LLP
   Four Gateway Center
   100 Mulberry Street
   Newark, New Jersey 07101-0652

   Phone: (973) 622-4444
   Fax:   (973) 624-7070
   EMail: cmerrill@mccarter.com

Top      Up      ToC       Page 93 
   Stephen S. Wu
   Infoliance, Inc.
   800 West El Camino Real
   Suite 180
   Mountain View, CA  94040

   Phone:  (650) 917-8045
   Fax:    (650) 618-1454
   EMail: swu@infoliance.com

Top      Up      ToC       Page 94 
13.  Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.