Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management (RFC1422)
Original Publication Date: 1993-Feb-01
Included in the Prior Art Database: 2019-Feb-10
Internet Society Requests For Comment (RFCs)
This is one of a series of documents defining privacy enhancement mechanisms for electronic mail transferred using Internet mail protocols. [STANDARDS-TRACK]
Network Working Group S. Kent Request for Comments: 1422 BBN Obsoletes: 1114 IAB IRTF PSRG, IETF PEM February 1993
Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management
Status of this Memo
This RFC specifies an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited.
This memo is the outgrowth of a series of meetings of the Privacy and Security Research Group of the Internet Research Task Force (IRTF) and the Privacy-Enhanced Electronic Mail Working Group of the Internet Engineering Task Force (IETF). I would like to thank the members of the PSRG and the PEM WG for their comments and contributions at the meetings which led to the preparation of this document. I also would like to thank contributors to the PEM-DEV mailing list who have provided valuable input which is reflected in this memo.
1. Executive Summary
This is one of a series of documents defining privacy enhancement mechanisms for electronic mail transferred using Internet mail protocols. RFC 1421  prescribes protocol extensions and processing procedures for RFC-822 mail messages, given that suitable cryptographic keys are held by originators and recipients as a necessary precondition. RFC 1423  specifies algorithms, modes and associated identifiers for use in processing privacy-enhanced messages, as called for in RFC 1421 and this document. This document defines a supporting key management architecture and infrastructure, based on public-key certificate techniques, to provide keying information to message originators and recipients. RFC 1424  provides additional specifications for services in conjunction with the key management infrastructure described herein.
The key management architecture described in this document is compatible with the authentication framework described in CCITT 1988 X.509 . This document goes beyond X.509 by establishing
Kent [Page 1]
RFC 1422 Certificate-Based Key Management February 1993
procedures and conventions for a key management infrastructure for use with Privacy Enhanced Mail (PEM) and with other protocols, from both the TCP/IP and OSI suites, in the future. There are several motivations for establishing these procedures and conventions (as opposed to relying only on the very general framework outlined in X.509):
-It is important that a certificate management infrastructure for use in the Internet community accommodate a range of clearly-articulated certification policies for both users and organizations in a well-architected fashion. Mechanisms must be provided to enable each user to be aware of the policies governing any certificate which the user may encounter. This requires the introduction and standardization of procedures and conventions that are o...