Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC2527)

IP.com Disclosure Number: IPCOM000003112D
Original Publication Date: 1999-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 37 page(s) / 85K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Chokhani: AUTHOR [+2]

Abstract

This document presents a framework to assist the writers of certificate policies or certification practice statements for certification authorities and public key infrastructures. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy definition or a certification practice statement.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group S. Chokhani

Request for Comments: 2527 CygnaCom Solutions, Inc.

Category: Informational W. Ford

VeriSign, Inc.

March 1999

Internet X.509 Public Key Infrastructure

Certificate Policy and Certification Practices Framework

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This document presents a framework to assist the writers of

certificate policies or certification practice statements for

certification authorities and public key infrastructures. In

particular, the framework provides a comprehensive list of topics

that potentially (at the writer's discretion) need to be covered in a

certificate policy definition or a certification practice statement.

1. INTRODUCTION

1.1 BACKGROUND

A public-key certificate (hereinafter "certificate") binds a public-

key value to a set of information that identifies the entity (such as

person, organization, account, or site) associated with use of the

corresponding private key (this entity is known as the "subject" of

the certificate). A certificate is used by a "certificate user" or

"relying party" that needs to use, and rely upon the accuracy of, the

public key distributed via that certificate (a certificate user is

typically an entity that is verifying a digital signature from the

certificate's subject or an entity sending encrypted data to the

subject). The degree to which a certificate user can trust the

binding embodied in a certificate depends on several factors. These

factors include the practices followed by the certification authority

(CA) in authenticating the subject; the CA's operating policy,

procedures, and security controls; the subject's obligations (for

example, in protecting the private key); and the stated undertakings

and legal obligations of the CA (for example, warranties and

limitations on liability).

A Version 3 X.509 certificate may contain a field declaring that one

or more specific certificate policies applies to that certificate

[ISO1]. According to X.509, a certificate policy is "a named set of

rules that indicates the applicability of a certificate to a

particular community and/or class of application with common security

requirements." A certificate policy may be used by a certificate user

to help in deciding whether a certificate, and the binding therein,

is sufficiently trustworthy for a particular application. The

certificate policy concept is an outgrowth of the policy statement

concept developed for Internet Privacy Enhanced Mail [PEM1] a...