RFC 2527 (rfc2527) - Page 1 of 45


Internet X



Alternative Format: Original Text Document



Network Working Group                                        S. Chokhani
Request for Comments: 2527                      CygnaCom Solutions, Inc.
Category: Informational                                          W. Ford
                                                          VeriSign, Inc.
                                                              March 1999


                Internet X.509 Public Key Infrastructure
        Certificate Policy and Certification Practices Framework

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This document presents a framework to assist the writers of
   certificate policies or certification practice statements for
   certification authorities and public key infrastructures.  In
   particular, the framework provides a comprehensive list of topics
   that potentially (at the writer's discretion) need to be covered in a
   certificate policy definition or a certification practice statement.

1. INTRODUCTION

1.1  BACKGROUND

   A public-key certificate (hereinafter "certificate") binds a public-
   key value to a set of information that identifies the entity (such as
   person, organization, account, or site) associated with use of the
   corresponding private key (this entity is known as the "subject" of
   the certificate).  A certificate is used by a "certificate user" or
   "relying party" that needs to use, and rely upon the accuracy of, the
   public key distributed via that certificate (a certificate user is
   typically an entity that is verifying a digital signature from the
   certificate's subject or an entity sending encrypted data to the
   subject).  The degree to which a certificate user can trust the
   binding embodied in a certificate depends on several factors. These
   factors include the practices followed by the certification authority
   (CA) in authenticating the subject; the CA's operating policy,
   procedures, and security controls; the subject's obligations (for
   example, in protecting the private key); and the stated undertakings



Chokhani & Ford              Informational