RFC 1424 (rfc1424) - Page 2 of 9


Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services



Alternative Format: Original Text Document



RFC 1424        Key Certification and Related Services     February 1993


   normal privacy-enhanced mail processing.

   Certification authorities may also require non-electronic forms of
   request and may return non-electronic replies. It is expected that
   descriptions of such forms, which are outside the scope of this
   document, will be available through a certification authority's
   "information" service.

2. Overview of Services

   This section describes the three services in general terms.

   The electronic-mail address to which requests are sent is left to the
   certification authority to specify. It is expected that certification
   authorities will advertise their addresses as part of an
   "information" service. Replies are sent to the address in the
   "Reply-To:" field of the request, and if that field is omitted, to
   the address in the "From:" field.

2.1 Key Certification

   The key-certification service signs a certificate containing a
   specified subject name and public key. The service takes a
   certification request (see Section 3.1), signs a certificate
   constructed from the request, and returns a certification reply (see
   Section 3.2) containing the new certificate.

   The certification request specifies the requestor's subject name and
   public key in the form of a self-signed certificate. The
   certification request contains two signatures, both computed with the
   requestor's private key:

     1.   The signature on the self-signed certificate, having the
          cryptographic purpose of preventing a requestor from
          requesting a certificate with another party's public key.
          (See Section 4.)

     2.   A signature on some encapsulated text, having the
          practical purpose of allowing the certification authority
          to construct an ordinary RFC 1421 privacy-enhanced
          message as a reply, with user-friendly encapsulated text.
          (RFC 1421 does not provide for messages with
          certificates but no encapsulated text; and the self-
          signed certificate is not "user friendly" text.) The text
          should be something innocuous like "Hello world!"

   A requestor would typically send a certification request after
   generating a public-key/private-key pair, but may also do so after a



Kaliski