RFC 3647 (rfc3647) - Page 2 of 94

Internet X

Alternative Format: Original Text Document
< Previous
Next >
RFC 3647        Internet X.509 Public Key Infrastructure   November 2003


             3.3.1.  Certificate Policies Extension . . . . . . . . . 12
             3.3.2.  Policy Mappings Extension. . . . . . . . . . . . 13
             3.3.3.  Policy Constraints Extension . . . . . . . . . . 13
             3.3.4.  Policy Qualifiers. . . . . . . . . . . . . . . . 14
       3.4.  Certification Practice Statement . . . . . . . . . . . . 15
       3.5.  Relationship Between CP and CPS. . . . . . . . . . . . . 16
       3.6.  Relationship Among CPs, CPSs, Agreements, and
             Other Documents. . . . . . . . . . . . . . . . . . . . . 17
       3.7.  Set of Provisions. . . . . . . . . . . . . . . . . . . . 20
   4.  Contents of a Set of Provisions. . . . . . . . . . . . . . . . 21
       4.1.  Introduction . . . . . . . . . . . . . . . . . . . . . . 22
             4.1.1.  Overview . . . . . . . . . . . . . . . . . . . . 22
             4.1.2.  Document Name and Identification . . . . . . . . 22
             4.1.3.  PKI Participants . . . . . . . . . . . . . . . . 23
             4.1.4.  Certificate Usage. . . . . . . . . . . . . . . . 24
             4.1.5.  Policy Administration. . . . . . . . . . . . . . 24
             4.1.6.  Definitions and Acronyms . . . . . . . . . . . . 24
       4.2.  Publication and Repository Responsibilities. . . . . . . 25
       4.3.  Identification and Authentication (I&A). . . . . . . . . 25
             4.3.1.  Naming . . . . . . . . . . . . . . . . . . . . . 25
             4.3.2.  Initial Identity Validation. . . . . . . . . . . 26
             4.3.3.  I&A for Re-key Requests. . . . . . . . . . . . . 27
             4.3.4.  I&A for Revocation Requests. . . . . . . . . . . 27
       4.4.  Certificate Life-Cycle Operational Requirements. . . . . 27
             4.4.1.  Certificate Application. . . . . . . . . . . . . 28
             4.4.2.  Certificate Application Processing . . . . . . . 28
             4.4.3.  Certificate Issuance . . . . . . . . . . . . . . 28
             4.4.4.  Certificate Acceptance . . . . . . . . . . . . . 29
             4.4.5.  Key Pair and Certificate Usage . . . . . . . . . 29
             4.4.6.  Certificate Renewal. . . . . . . . . . . . . . . 30
             4.4.7.  Certificate Re-key . . . . . . . . . . . . . . . 30
             4.4.8.  Certificate Modification . . . . . . . . . . . . 31
             4.4.9.  Certificate Revocation and Suspension. . . . . . 31
             4.4.10. Certificate Status Services. . . . . . . . . . . 33
             4.4.11. End of Subscription. . . . . . . . . . . . . . . 33
             4.4.12. Key Escrow and Recovery. . . . . . . . . . . . . 33
       4.5.  Facility, Management, and Operational Controls . . . . . 33
             4.5.1.  Physical Security Controls . . . . . . . . . . . 34
             4.5.2.  Procedural Controls. . . . . . . . . . . . . . . 35
             4.5.3.  Personnel Controls . . . . . . . . . . . . . . . 35
             4.5.4.  Audit Logging Procedures . . . . . . . . . . . . 36
             4.5.5.  Records Archival . . . . . . . . . . . . . . . . 37
             4.5.6.  Key Changeover . . . . . . . . . . . . . . . . . 38
             4.5.7.  Compromise and Disaster Recovery . . . . . . . . 38
             4.5.8.  CA or RA Termination . . . . . . . . . . . . . . 38
        4.6. Technical Security Controls. . . . . . . . . . . . . . . 39
             4.6.1.  Key Pair Generation and Installation . . . . . . 39
             4.6.2.  Private Key Protection and Cryptographic



Chokhani, et al.             Informational
< Previous
Next >