RFC 2527:Internet X.509 Public Key Infrastructure ...
RFC-Ref

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X

certificate policy

Click on the red underlined text to get to the source

1. INTRODUCTION
... Version 3 X.509 certificate may contain a field declaring that one or more specific certificate policies applies to that certificate [ISO1 ...
... [ISO1]. According to X.509, a certificate policy is "a named set of rules that indicates the applicability of a certificate to a ...
... particular community and/or class of application with common security requirements." A certificate policy may be used by a certificate user to help in deciding whether a certificate ...
... binding therein, is sufficiently trustworthy for a particular application. The certificate policy concept is an outgrowth of the policy statement concept developed for Internet Privacy ...
... The purpose of this document is to establish a clear relationship between certificate policies and CPSs, and to present a framework to assist the writers of certificate policies ...
... certificate policies and CPSs, and to present a framework to assist the writers of certificate policies or CPSs with their tasks. In particular, the framework identifies the elements ...
... framework identifies the elements that may need to be considered in formulating a certificate policy or a CPS. The purpose is not to define particular certificate policies ...
... certificate policy or a CPS. The purpose is not to define particular certificate policies or CPSs, per se. ...
... The scope of this document is limited to discussion of the contents of a certificate policy (as defined in X.509) or CPS (as defined in ...
... the ABA Guidelines). In particular, this document describes the types of information that should be considered for inclusion in a certificate policy definition or a CPS. While the framework as ...
... elements that are considered of particular relevance to certificate policies or CPSs. This document does not define a specific certificate policy ...
... certificate policies or CPSs. This document does not define a specific certificate policy or CPS. ...


2. DEFINITIONS
... CA. Certificate policy - A named set of rules that indicates the applicability of a certificate to a particular community and/or ...
... class of application with common security requirements. For example, a particular certificate policy might indicate applicability of a type of certificate to the authentication ...
... Policy qualifier - Policy-dependent information that accompanies a certificate policy identifier in an X.509 certificate. ...
... statements, spanning a range of standard topics, for use in expressing a certificate policy definition or CPS employing the approach described in this framework ...


3. CONCEPTS
... This section explains the concepts of certificate policy and CPS, and describes their relationship. Other related concepts are also ...
... describes their relationship. Other related concepts are also described. Some of the material covered in this section and in some other sections is specific to certificate policies extensions as defined X.509 version 3 ...
... CERTIFICATE POLICY ...
... The X.509 standard defines a certificate policy as "a named set of rules that indicates the applicability of a certificate to a ...
... Version 3 certificate may contain an indication of certificate policy, which may be used by a certificate user to decide whether or not to trust ...
... purpose. A certificate policy, which needs to be recognized by both the issuer and user of a certificate ...
... registers the Object Identifier also publishes a textual specification of the certificate policy, for examination by certificate users. Any one certificate ...
... certificate users. Any one certificate will typically declare a single certificate policy or, possibly, be issued consistent with a small number of different policies. ...
... small number of different policies. Certificate policies also constitute a basis for accreditation of CAs. Each CA ...
... CAs. Each CA is accredited against one or more certificate policies which it is recognized as implementing. When one CA issues a CA ...
... CA, the issuing CA must assess the set of certificate policies for which it trusts the subject CA (such ...
... CA (such assessment may be based upon accreditation with respect to the certificate policies involved). The assessed set of certificate policies is then indicated by the issuing CA in the CA ...
... assessment may be based upon accreditation with respect to the certificate policies involved). The assessed set of certificate policies is then indicated by the issuing CA in the CA-certificate ...
... X.509 certification path processing logic employs these certificate policy indications in its well-defined trust model. ...
... CERTIFICATE POLICY EXAMPLES ...
... For example purposes, suppose that IATA undertakes to define some certificate policies for use throughout the airline industry, in a public-key infrastructure operated by IATA in combination with ...
... public-key infrastructures operated by individual airlines. Two certificate policies are defined - the IATA General-Purpose policy, and the IATA Commercial-Grade policy. ...
... extension fields in an X.509 certificate are used to support certificate policies: * Certificate Policies ...
... certificate policies: * Certificate Policies extension; * Policy Mappings extension; and * Policy Constraints ...
... Certificate Policies Extension ...
... The Certificate Policies extension has two variants - one with the field flagged non-critical and one with the field flagged critical ...
... A non-critical Certificate Policies field lists certificate policies ...
... critical Certificate Policies field lists certificate policies that the certification authority declares are applicable. However, ...
... certificates issued to regular airline employees will contain the object identifier for certificate policy for the General-Purpose policy. The certificates issued to the employees with disbursement ...
... authority will contain the object identifiers for both the General- Purpose policy and the Commercial-Grade policy. The Certificate Policies field may also optionally convey qualifier values for each identified policy; use of qualifiers is discussed in Section 3.4. ...
... The non-critical Certificate Policies field is designed to be used by applications as follows. Each application is pre-configured to know what policy it requires. Using the example in Section 3.2, ...
... When processing a certification path, a certificate policy that is acceptable to the certificate-using application must be present in ...
... end entity certificates. If the Certificate Policies field is flagged critical, it serves the same purpose as described above but also has an additional role ...
... that the certificate must only be used in accordance with the provisions of one of the listed certificate policies. This field is intended to protect the certification authority ...
... certificate for an inappropriate purpose or in an inappropriate manner, as stipulated in the applicable certificate policy definition. For example, the Internal Revenue Service ...
... to protect itself against claims for damages in such circumstances. The critical-flagged Certificate Policies extension is intended to mitigate the risk to the certificate issuer ...
... applications are configured with and employee certificates are populated with their respective certificate policies. One possible solution is to reconfigure all of the financial applications to require either policy and to reissue all the certificates ...
... first is the ability for a certification authority to require that explicit certificate policy indications be present in all subsequent certificates in a certification path ...
... domain, i.e., certification authorities are trusted for all purposes so no particular certificate policy is needed in the Certificate Policies extension. Such certificates ...
... all purposes so no particular certificate policy is needed in the Certificate Policies extension. Such certificates need not contain explicit indications of certificate policy ...
... Certificate Policies extension. Such certificates need not contain explicit indications of certificate policy. However, when a certification authority in the trusted domain ...
... domain, it can activate the requirement for explicit certificate policy in subsequent certificates in the certification path. ...
... The Certificate Policies extension field has a provision for conveying, along with each certificate policy identifier ...
... Certificate Policies extension field has a provision for conveying, along with each certificate policy identifier, additional policy-dependent information in a qualifier field. The X.509 ...
... Policy qualifiers can be used to support the definition of generic, or parameterized, certificate policy definitions. Provided the base certificate policy definition so provides, policy qualifier types can ...
... or parameterized, certificate policy definitions. Provided the base certificate policy definition so provides, policy qualifier types can be defined to convey, on a per-certificate basis, additional specific ...
... RELATIONSHIP BETWEEN CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT ...
... The concepts of certificate policy and CPS come from different sources and were developed for different reasons. However, their ...
... certificate users (relying parties). Although the level of detail may vary among CPSs, they will generally be more detailed than certificate policy definitions. Indeed, CPSs may be quite comprehensive, robust documents providing a description of the precise service ...
... interoperability between CAs operated by different organizations. Rather, certificate policies best serve as the vehicle on which to base common interoperability ...
... CA with a single CPS may support multiple certificate policies (used for different application purposes and/or by different certificate user communities). Also, ...
... CAs, with non-identical certification practice statements, may support the same certificate policy. For example, the Federal Government might define a government-wide ...
... For example, the Federal Government might define a government-wide certificate policy for handling confidential human resources information. The certificate policy definition will be a broad ...
... certificate policy for handling confidential human resources information. The certificate policy definition will be a broad statement of the general characteristics of that certificate policy, ...
... information. The certificate policy definition will be a broad statement of the general characteristics of that certificate policy, and an indication of the types of applications for which it is suitable for use. Different departments or agencies that operate ...
... certification authorities with different certification practice statements might support this certificate policy. At the same time, such certification authorities may support other certificate policies ...
... certificate policy. At the same time, such certification authorities may support other certificate policies. The main difference between certificate policy ...
... certificate policies. The main difference between certificate policy and CPS can therefore be summarized as follows: ...
... (b) There is strong incentive, on the other hand, for a certificate policy to apply more broadly than to just a single organization. If a particular certificate policy is widely ...
... certificate policy to apply more broadly than to just a single organization. If a particular certificate policy is widely recognized and imitated, it has great potential as the basis of automated certificate ...
... certificates. In addition to populating the certificate policies field with the certificate policy identifier, a certification authority ...
... In addition to populating the certificate policies field with the certificate policy identifier, a certification authority may include, in certificates ...
... certificates it issues, a reference to its certification practice statement. A standard way to do this, using a certificate policy qualifier, is described in Section 3.4. ...
... statements, spanning a range of standard topics, for use in expressing a certificate policy definition or CPS employing the approach described in this framework ...
... framework. A certificate policy can be expressed as a single set of provisions. A CPS ...
... component addressing the requirements of one or more certificate policies, or, alternatively, as an organized collection of sets of provisions. For example, a CPS could be expressed as a combination ...
... of the following: (a) a list of certificate policies supported by the CPS; ...
... CPS; (b) for each certificate policy in (a), a set of provisions which contains statements that refine that certificate policy by ...
... (b) for each certificate policy in (a), a set of provisions which contains statements that refine that certificate policy by filling in details not stipulated in that policy or expressly left to the discretion of the CPS ...
... filling in details not stipulated in that policy or expressly left to the discretion of the CPS by that certificate policy; such statements serve to state how this particular CPS ...
... CPS implements the requirements of the particular certificate policy; (c) a set of provisions that contains statements regarding the ...
... certification practices on the CA, regardless of certificate policy. The statements provided in (b) and (c) may augment or refine the ...
... The statements provided in (b) and (c) may augment or refine the stipulations of the applicable certificate policy definition, but must not conflict with any of the stipulations of such certificate policy definition. ...
... stipulations of the applicable certificate policy definition, but must not conflict with any of the stipulations of such certificate policy definition. This framework ...


4. CONTENTS OF A SET OF PROVISIONS
... introduced in Section 3.7. The topics identified in this section are, consequently, candidate topics for inclusion in a certificate policy definition or CPS. ...
... While many topics are identified, it is not necessary for a certificate policy or a CPS to include a concrete statement for every such topic. Rather, a particular certificate policy ...
... certificate policy or a CPS to include a concrete statement for every such topic. Rather, a particular certificate policy or CPS may state ...
... "no stipulation" for a component, subcomponent, or element on which the particular certificate policy or CPS imposes no requirements. In ...
... this sense, the list of topics can be considered a checklist of topics for consideration by the certificate policy or CPS writer. It is recommended that each and every component and subcomponent be ...
... CPS writer. It is recommended that each and every component and subcomponent be included in a certificate policy or CPS, even if there is "no stipulation"; this will indicate to the reader that a conscious ...
... against inadvertent omission of a topic, while facilitating comparison of different certificate policies or CPSs, e.g., when making policy mapping decisions. ...
... making policy mapping decisions. In a certificate policy definition, it is possible to leave certain components, subcomponents, and/or elements unspecified, and to ...
... elements unspecified, and to stipulate that the required information will be indicated in a policy qualifier. Such certificate policy definitions can be considered parameterized definitions. The set of provisions should reference or define the required policy qualifier types and should specify any ...
... authority that is responsible for the registration, maintenance, and interpretation of this certificate policy or CPS. It also includes the name, electronic mail ...
... This subcomponent contains any applicable provisions regarding interpretation and enforcement of the certificate policy or CPS, addressing ...
... * Access control on published information objects including certificate policy definitions, CPS, certificates, certificate status ...
... name constraints; * Applicable certificate policy Object Identifier(s); ...
... * Processing semantics for the critical certificate policy extension. ...
... This component is used to specify how this particular certificate policy definition or CPS will be maintained. ...
... It will occasionally be necessary to change certificate policies and Certification Practice Statements. Some of these changes will not ...
... Certification Practice Statements. Some of these changes will not materially reduce the assurance that a certificate policy or its implementation provides, and will be judged by the policy administrator ...
... certificates asserting the policy for the purposes for which they have been used. Such changes to certificate policies and Certification Practice Statements need not require a change in the certificate policy ...
... certificate policies and Certification Practice Statements need not require a change in the certificate policy Object Identifier or the CPS pointer (URL ...
... certificates for specific purposes, and these changes will require changes to the certificate policy Object Identifier or CPS pointer (URL ...
... elements thereof that can be changed without notification and without changes to the certificate policy Object Identifier or CPS ...
... elements thereof that may change following a notification period without changing the certificate policy Object Identifier or CPS ...
... parties (relying parties, certification authorities, etc.) of the certificate policy or CPS changes are described. The description of notification ...
... * A list of specification components, subcomponents, and/or elements, changes to which require a change in certificate policy Object Identifier or CPS pointer (URL ...
... exist but that are not made publicly available; (33) * Descriptions of mechanisms used to distribute the certificate policy definition or CPS, including access controls on such distribution. ...
... In a certificate policy definition, this subcomponent describes how the compliance of a specific CPS with the certificate policy ...
... certificate policy definition, this subcomponent describes how the compliance of a specific CPS with the certificate policy can be determined. ...


5. OUTLINE OF A SET OF PROVISIONS
... This section contains a possible outline for a set of provisions, intended to serve as a checklist or (with some further development) a standard template for use by certificate policy or CPS writers. Such a common outline will facilitate: ...
... (a) Comparison of two certificate policies during cross- certification (for the purpose of equivalency mapping). ...
... (b) Comparison of a CPS with a certificate policy definition to ensure that the CPS faithfully implements the policy. ...
... 7.1.5 Name constraints 7.1.6 Certificate policy Object Identifier 7.1.7 Usage of Policy Constraints ...
... 7.1.9 Processing semantics for the critical certificate policy extension ...


9. NOTES
... how. 24 For example, the certificate policy may impose personnel security requirements on the network system administrator ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org