RFC 1422 (rfc1422) - Page 2 of 32

Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management

Alternative Format: Original Text Document
< Previous
Next >
RFC 1422           Certificate-Based Key Management        February 1993


   procedures and conventions for a key management infrastructure for
   use with Privacy Enhanced Mail (PEM) and with other protocols, from
   both the TCP/IP and OSI suites, in the future.  There are several
   motivations for establishing these procedures and conventions (as
   opposed to relying only on the very general framework outlined in
   X.509):

       -It is important that a certificate management infrastructure
           for use in the Internet community accommodate a range of
           clearly-articulated certification policies for both users
           and   organizations in a well-architected fashion.
           Mechanisms must be provided to enable each user to be
           aware of the policies governing any certificate which the
           user may encounter.  This requires the introduction
           and standardization of procedures and conventions that are
           outside the scope of X.509.

       -The procedures for authenticating originators and recipient in
           the course of message submission and delivery should be
           simple, automated and uniform despite the existence of
           differing certificate management policies.  For example,
           users should not have to engage in careful examination of a
           complex set of certification relationships in order to
           evaluate the credibility of a claimed identity.

       -The authentication framework defined by X.509 is designed to
           operate in the X.500 directory server environment.  However
           X.500 directory servers are not expected to be ubiquitous
           in the Internet in the near future, so some conventions
           are adopted to facilitate operation of the key management
           infrastructure in the near term.

       -Public key cryptosystems are central to the authentication
           technology of X.509 and those which enjoy the most
           widespread use are patented in the U.S.  Although this
           certification management scheme is compatible with
           the use of different digital signature algorithms, it is
           anticipated that the RSA cryptosystem will be used as
           the primary signature algorithm in establishing the
           Internet certification hierarchy.  Special license
           arrangements have been made to facilitate the
           use of this algorithm in the U.S. portion of Internet
           environment.

   The infrastructure specified in this document establishes a single
   root for all certification within the Internet, the Internet Policy
   Registration Authority (IPRA).  The IPRA establishes global policies,
   described in this document, which apply to all certification effected



Kent
< Previous
Next >