RFC 3647
Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
9. References
[ABA1] American Bar Association, Digital Signature Guidelines: Legal Infrastructure for Certification Authorities and Secure Electronic Commerce, 1996.
[ABA2] American Bar Association, PKI Assessment Guidelines, v0.30, Public Draft For Comment, June 2001. [BAU1] Michael. S. Baum, Federal Certification Authority Liability and Policy, NIST-GCR-94-654, June 1994, available at http://www.verisign.com/repository/pubs/index.html. [ETS] European Telecommunications Standards Institute, "Policy Requirements for Certification Authorities Issuing Qualified Certificates," ETSI TS 101 456, Version 1.1.1, December 2000. [GOC] Government of Canada PKI Policy Management Authority, "Digital Signature and Confidentiality Certificate Policies for the Government of Canada Public Key Infrastructure," v.3.02, April 1999. [IDT] Identrus, LLC, "Identrus Identity Certificate Policy" IP-IPC Version 1.7, March 2001. [ISO1] ISO/IEC 9594-8/ITU-T Recommendation X.509, "Information Technology - Open Systems Interconnection: The Directory: Authentication Framework," 1997 edition. (Pending publication of 2000 edition, use 1997 edition.) [PEM1] Kent, S., "Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management", RFC 1422, February 1993. [PKI1] Housley, R., Polk, W. Ford, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. [CPF] Chokhani, S. and W. Ford, "Internet X.509 Public Key Infrastructure, Certificate Policy and Certification Practices Statement Framework", RFC 2527, March 1999.10. Notes
1. A paper copy of the ABA Digital Signature Guidelines can be purchased from the ABA. See http://www.abanet.com for ordering details. The DSG may also be downloaded without charge from the ABA website at http://www.abanet.org/scitech/ec/isc/digital_signature.html. 2. A draft of the PKI Assessment Guidelines may be downloaded without charge from the ABA website at http://www.abanet.org/scitech/ec/isc/pag/pag.html.
3. The term "meaningful" means that the name form has commonly
understood semantics to determine the identity of a person and/or
organization. Directory names and RFC 822 names may be more or
less meaningful.
4. The subject may not need to prove to the CA that the subject has
possession of the private key corresponding to the public key
being registered if the CA generates the subject's key pair on
the subject's behalf.
5. Examples of means to identify and authenticate individuals
include biometric means (such as thumb print, ten finger print,
and scan of the face, palm, or retina), a driver's license, a
credit card, a company badge, and a government badge.
6. Certificate "modification" does not refer to making a change to
an existing certificate, since this would prevent the
verification of any digital signatures on the certificate and
cause the certificate to be invalid. Rather, the concept of
"modification" refers to a situation where the information
referred to in the certificate has changed or should be changed,
and the CA issues a new certificate containing the modified
information. One example is a subscriber that changes his or her
name, which would necessitate the issuance of a new certificate
containing the new name.
7. The n out of m rule allows a private key to be split in m parts.
The m parts may be given to m different individuals. Any n parts
out of the m parts may be used to fully reconstitute the private
key, but having any n-1 parts provides one with no information
about the private key.
8. A private key may be escrowed, backed up, or archived. Each of
these functions has a different purpose. Thus, a private key may
go through any subset of these functions depending on the
requirements. The purpose of escrow is to allow a third party
(such as an organization or government) to obtain the private key
without the cooperation of the subscriber. The purpose of back
up is to allow the subscriber to reconstitute the key in case of
the destruction or corruption of the key for business continuity
purposes. The purpose of archives is to provide for reuse of the
private key in the future, e.g., use to decrypt a document.
9. WebTrust refers to the "WebTrust Program for Certification
Authorities," from the American Institute of Certified Public
Accountants, Inc., and the Canadian Institute of Chartered
Accountants.
10. See <http://www.aicpa.org>. 11. All or some of the following items may be different for the various types of entities, i.e., CA, RA, and end entities.11. List of Acronyms
ABA - American Bar Association CA - Certification Authority CP - Certificate Policy CPS - Certification Practice Statement CRL - Certificate Revocation List DAM - Draft Amendment FIPS - Federal Information Processing Standard I&A - Identification and Authentication IEC - International Electrotechnical Commission IETF - Internet Engineering Task Force IP - Internet Protocol ISO - International Organization for Standardization ITU - International Telecommunications Union NIST - National Institute of Standards and Technology OID - Object Identifier PIN - Personal Identification Number PKI - Public Key Infrastructure PKIX - Public Key Infrastructure (X.509) (IETF Working Group) RA - Registration Authority RFC - Request For Comment URL - Uniform Resource Locator US - United States
12. Authors' Addresses
Santosh Chokhani Orion Security Solutions, Inc. 3410 N. Buchanan Street Arlington, VA 22207 Phone: (703) 237-4621 Fax: (703) 237-4920 EMail: chokhani@orionsec.com Warwick Ford VeriSign, Inc. 6 Ellery Square Cambridge, MA 02138 Phone: (617) 642-0139 EMail: wford@verisign.com Randy V. Sabett, J.D., CISSP Cooley Godward LLP One Freedom Square, Reston Town Center 11951 Freedom Drive Reston, VA 20190-5656 Phone: (703) 456-8137 Fax: (703) 456-8100 EMail: rsabett@cooley.com Charles (Chas) R. Merrill McCarter & English, LLP Four Gateway Center 100 Mulberry Street Newark, New Jersey 07101-0652 Phone: (973) 622-4444 Fax: (973) 624-7070 EMail: cmerrill@mccarter.com
Stephen S. Wu Infoliance, Inc. 800 West El Camino Real Suite 180 Mountain View, CA 94040 Phone: (650) 917-8045 Fax: (650) 618-1454 EMail: swu@infoliance.com
13. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.