PKI
Click on the red underlined text to get to the source
... IKE ([IKEv1] and [IKEv2]) and PKI Systems. This
document contains requirements for a transaction-based approach ...
... PKC) lifecycle transactions between different VPN System and PKI
System products in order to better enable large scale, PKI-enabled
IPsec ...
... transactions between different VPN System and PKI
System products in order to better enable large scale, PKI-enabled
IPsec deployments ...
... Requirements
for both the IPsec and the PKI products are discussed. The
requirements are carefully designed to achieve security ...
... the sole interface for the VPN System and the PKI System.
- Authorize individual or batches of PKC ...
... certificate
management protocol that the VPN System will use to communicate with
the PKI System. Note that this profile will be in another document.
The certificate ...
... profile will also clarify and constrain
existing PKIX (PKI for X.509 Certificates) and IPsec standards to
...
... profile documents is that
both IPsec and PKI vendors create interoperable products to enable
...
... certificate management profile with any conforming PKI vendor's
implementation to perform the VPN ...
... transactions between the VPN
Systems and the PKI Systems and between the VPN Administration and
IPsec Peers ...
... excluded, but are intentionally not a focus.
Only VPN-PKI transactions that ease and enable scalable PKI-enabled
IPsec ...
...
The protocol specification for the VPN-PKI interactions will not be
addressed.
...
... PKI System
The PKI System, or simply PKI, is the set of functions needed to
authorize, issue, and manage PKCs ...
... PKI System
The PKI System, or simply PKI, is the set of functions needed to
authorize, issue, and manage PKCs. PKI System ...
... PKI, is the set of functions needed to
authorize, issue, and manage PKCs. PKI System is defined in more
detail in Section 2.2.
...
... VPN) Admin
The Admin is the VPN System function that interacts with the PKI
System to establish PKC provisioning for the VPN connections. See
...
... RA)
An optional entity in a PKI System given responsibility for
performing some of the administrative tasks necessary in the
registration ...
... CA)
An authority in a PKI System that is trusted by one or more users to
create and sign PKCs ...
... Repository
An Internet-accessible server in a PKI System that stores and makes
available for retrieval PKCs and Certificate Revocation Lists ...
... VPN deployment. First, an explanation of the VPN System is
presented. Second, key points about the PKI System are stated.
Third, the VPN-PKI architecture is presented.
...
... presented. Second, key points about the PKI System are stated.
Third, the VPN-PKI architecture is presented.
...
... responsibility within the VPN System. The Admin is a centralized
function used by the Operator to interact with the PKI System to
establish PKI policy (e.g., algorithms ...
... function used by the Operator to interact with the PKI System to
establish PKI policy (e.g., algorithms, key lengths, lifecycle
...
...
authorizes PKC issuance and can act as the Peer's PKI System
interface, which allows the Admin to perform many RA ...
... VPN Systems, the Operator
chooses to strengthen the VPN by using PKI; PKI is a bolt-on to
the VPN System ...
... chooses to strengthen the VPN by using PKI; PKI is a bolt-on to
the VPN System. The Operator will configure local security
policy ...
... the VPN System. The Operator will configure local security
policy in part through the Admin and its authorized PKI-enabled
Peers.
...
... Peers.
- It will interact directly with the PKI System to initiate
authorization for end entity ...
... out-of-band mechanism by the VPN Operator and the PKI Operator.
It will receive back from the PKI a unique tuple of authorization ...
... VPN Operator and the PKI Operator.
It will receive back from the PKI a unique tuple of authorization
identifiers ...
... PKI System ...
...
The PKI System, as depicted in Figure 2, can be set up and operated
by the Operator (in-house), be provided by third party PKI ...
... PKI System, as depicted in Figure 2, can be set up and operated
by the Operator (in-house), be provided by third party PKI providers
to which connectivity is available at the time of provisioning
(managed PKI ...
... PKI providers
to which connectivity is available at the time of provisioning
(managed PKI service), or be integrated with the VPN product.
...
... +---------------------------------------------+
Figure 2: PKI System
This framework ...
... PKC from a
Peer that is from a CA outside of the PKI community, but the auto
provision and life cycle management for such a PKC ...
... PKC fall out of scope.
The PKI System contains a mechanism for handling Admin's
authorization requests and PKC ...
... referred to as the Registration Authority (RA). The PKI System
contains a Repository for Peers to retrieve each other's PKCs and
...
... PKCs and
revocation information. Last, the PKI System contains the core
function of a CA that uses a public and private key pair ...
... VPN-PKI Interaction ...
...
The interaction between the VPN System and the PKI System is the key
focus of this requirements document, as shown in Figure 3.
...
...
+-----------------------------------------------+
| PKI System |
| |
| +--------------+ |
...
... [L], and [R] transactions between VPN and PKI Systems. To support
these transactions, the Admin and PKI ...
... PKI Systems. To support
these transactions, the Admin and PKI MUST exchange policy details,
identities, and keys. As such, the method of communication for [A],
...
... method MUST require that mutual trust be established
between the PKI and the Admin (see Section 3.7.1). [R] transactions
do not require authentication ...
... PKI Availability ...
... authorization transactions
between the PKI and Admin. Further availability is required in most
cases, but the extent of this availability is a decision point for
the Operator. Most requirements ...
... requirements and scenarios in this document
assume on-line availability of the PKI for the life of the VPN
System.
...
... Off-line interaction between the VPN and PKI Systems (i.e., where
physical media is used as the transport ...
...
PKI interactions are to be transparent to the user. Users SHOULD NOT
even be aware that PKI is in use. First time connections ...
... PKI interactions are to be transparent to the user. Users SHOULD NOT
even be aware that PKI is in use. First time connections SHOULD
consist of no more than a prompt for some identification and pass
...
... PKC Profile for PKI Interaction ...
... A PKC used for identity in VPN-PKI transactions MUST include all the
[CERTPROFILE] mandatory fields. It MUST also contain contents
...
... handling instructions will greatly aid interoperability efforts
between the PKI and VPN System products.
...
... profile. Bulk authorization occurs when the Admin requests of the
PKI that authorization be established for several different subjects
...
... authorization and the PKC enrollment request can be presented to the
PKI at the same time. Both of these authorization scenarios MUST be
supported.
...
...
The authorization scenario for VPN-PKI transactions involves a two-
step process: an authorization request and an authorization ...
... Authorization Request [A]. Admin sends a list of identities and
PKC contents for the PKI System to authorize enrollment. See
Section 3.2.4.
...
... based on a pre-agreed template. This template is agreed by the VPN
Operator and PKI Operator and is referred to in each authorization
request. This allows the authorization ...
... PKI System the set of PKC contents that it
wants the PKI to issue to a group of IPsec Peers. In other words, it
...
... group of IPsec Peers. In other words, it
tells the PKI System, "if you see a PKC request that looks like this,
from this person, process it and issue the PKC ...
...
When the VPN Operator and PKI Operator pre-agree on a template, they
MUST also agree on the local policy regarding PKC renewal and PKC
update ...
...
- Admin MUST specify if automatic renewals are allowed, that is,
the Admin authorizes the PKI to process a future renewal for the
specified Peer PKC.
...
... - Admin MUST specify if PKC update is allowed, that is, the Admin
authorizes the PKI to accept a future request for a new PKC with
changes to non-key-related fields.
...
...
- Who can renew, that is, can only the Admin send a renewal request
or can the Peer send a request directly to the PKI, or either.
- How long before the PKC ...
...
- How long before the PKC expiration date the PKI will accept and
process a renewal (i.e., N% of validity period, or the UTC time ...
...
- How long before the PKC expiration date the PKI will accept and
process an update (i.e., N% of validity ...
... authorization ID
and one-time authorization token that arrive at the PKI outside of
the validation period MUST be dropped, and the event logged.
...
...
The Protocol SHOULD consider what happens when Admin-requested
information conflicts with PKI settings such that the Admin request
cannot be issued as requested (e.g., Admin requests validation period
...
... Either the Admin or the Peer can send a cancel authorization message
to PKI. The canceling entity MUST provide the authorization ID and
...
... authorization.
At that point, the authorization will be erased from the PKI, and a
log entry of the event written.
...
... type of a process is REQUIRED to cover a lost connections scenario),
the PKI will accept a new authorization request with the exact same
contents as the canceled one, except that the identifier ...
... contents as the canceled one, except that the identifier MUST be new.
The PKI MUST NOT process duplicate authorization requests.
...
... authorization requests.
Note that if the PKI has already issued a PKC associated with an
authorization ...
... authorization is not possible
and the authorization request SHOULD be refused by the PKI. Once a
PKC has been issued it MUST be revoked in accordance with Section
...
...
If the authorization request is acceptable, the PKI will respond to
the Admin with a unique authorization identifier ...
... requirements.
The PKI can alter parameters of the authorization request submitted
by the Admin. In that event, the PKI ...
... PKI can alter parameters of the authorization request submitted
by the Admin. In that event, the PKI MUST return all the contents of
the authorization request (as modified) to the Admin with the
...
... After receiving a bulk authorization request from the Admin, the PKI
MUST be able to reply YES to those individual PKC authorizations that
...
...
A method is REQUIRED to identify if there is a change in PKI settings
between the time the authorization is granted and the PKC request ...
... elements labeled in Figure 3.
Once the PKI System has responded with authorization identifiers and
...
... requirements: at the IPsec Peer, at the Admin, or
at the PKI. The PKC request can come from either the IPsec Peer, a
...
...
Steps prior to these can be found in Section 3.2. The next step,
enrollment, can occur either directly between the Peer and PKI (see
Section 3.4.5) or through the Admin (see Section 3.4.6).
...
... SubjectAltName fields, and more are part of
the request, and must be communicated in some way from the Admin to
the PKI. Instead of creating a new mechanism, the authorization
schema can be reused. This also allows for the feature of role ...
... their own key pairs and the Admin function is a minimal
implementation. The PKI and Admin pre-agree to have the PKI generate
key pairs ...
... key pairs and the Admin function is a minimal
implementation. The PKI and Admin pre-agree to have the PKI generate
key pairs and PKCs ...
... PKC request
constructed, an enrollment process will need to occur to request that
the PKI issue a PKC and the corresponding PKC be returned.
...
...
The protocol MUST be exactly the same regardless of whether the
enrollment occurs from the Peer to the PKI or from the Admin to the
PKI.
...
... line connection between the Admin on behalf of the Peer or the Peer
itself and the PKI (RA/CA).
...
...
In this case, the IPsec Peer only communicates with the PKI after
being commanded to do so by the Admin. This enrollment mode is
depicted in Figure 9 and the letters in the following description
...
... IPsec. In this
case, the end entity needs to prove to the PKI that it has such a key
pair; this is normally done by the PKI sending the end entity ...
... end entity needs to prove to the PKI that it has such a key
pair; this is normally done by the PKI sending the end entity a
nonce ...
... +--------------------+ +--------+
Figure 9. VPN-PKI Interaction Steps:
IPsec Peer Generates Keys and PKC Request ...
... IPsec Peer Generates Keys and PKC Request,
Enrolls Directly with PKI
1) Enrollment Request [E]. The IPsec Peer ...
... public key.
2) Enrollment Response [E]. The PKI responds to the enrollment
request, providing either the new PKC that was generated or a
...
... PKC back to the Admin.
4) Enrollment Confirmation Receipt [E]. PKI sends enrollment
confirmation receipt back to the Peer.
...
... IPsec Peer has generated the key pair and the PKC
request, but does not enroll directly to the PKI System. Instead, it
automatically sends its request to the Admin, and the Admin redirects
the enrollment to the PKI System ...
... PKI System. Instead, it
automatically sends its request to the Admin, and the Admin redirects
the enrollment to the PKI System. The PKI System does not care where
the enrollment comes from, as long as it is a valid ...
... automatically sends its request to the Admin, and the Admin redirects
the enrollment to the PKI System. The PKI System does not care where
the enrollment comes from, as long as it is a valid enrollment. Once
...
... +--------------------+ +--------+
Figure 10. VPN-PKI Interaction Steps:
IPsec Peer Generates Keys and PKC Request ...
...
2) Enrollment Request [E]. The Admin forwards the enrollment request
to the PKI.
3) Enrollment Response [E]. The PKI ...
... PKI.
3) Enrollment Response [E]. The PKI responds to the enrollment
request, providing either the new PKC that was generated or a
...
...
6) Enrollment Confirmation [E]. Admin forwards enrollment
confirmation back to the PKI.
7) Enrollment Confirmation Receipt [E]. PKI ...
... PKI.
7) Enrollment Confirmation Receipt [E]. PKI sends enrollment
confirmation receipt back to the Admin.
...
... 8) Opaque Transaction [E]. Admin forwards PKI's enrollment
confirmation receipt back to the Peer.
...
... IPsec Peer has generated the key pair, but the PKC
request is constructed and signed by the Admin. The PKI System does
not care where the enrollment comes from, as long as it is a valid
...
... private key pair of sufficient strength for secure IPsec. In
this case, the Admin needs to prove to the PKI that it has such a key
pair; this is normally done by the PKI sending the Admin a nonce ...
... this case, the Admin needs to prove to the PKI that it has such a key
pair; this is normally done by the PKI sending the Admin a nonce,
which the Admin signs and returns to the PKI ...
... PKI sending the Admin a nonce,
which the Admin signs and returns to the PKI along with the end
entity's public key. A drawback to this case is that the private key ...
... +--------------------+ +--------+
Figure 11. VPN-PKI Interaction Steps:
IPsec Peer Generates Keys, Admin Constructs and
...
...
1) Enrollment Request [E]. The Admin requests a PKC from the PKI,
providing the generated public key.
...
... public key.
2) Enrollment Response [E]. The PKI responds to the enrollment
request, providing either the new PKC that was generated or a
...
...
5) Enrollment Confirmation [E]. Admin forwards enrollment
confirmation back to the PKI.
6) Enrollment Confirmation Receipt [E]. PKI ...
... PKI.
6) Enrollment Confirmation Receipt [E]. PKI sends enrollment
confirmation receipt back to the Admin.
...
... 7) Opaque Transaction [E]. Admin forwards PKI's enrollment
confirmation receipt back to the Peer.
...
... PKC request, and
digitally signs the PKC request. The PKI System does not care where
the enrollment comes from, as long as it is a valid enrollment. Once
...
... private key pair of sufficient strength for secure IPsec. In
this case, the Admin needs to prove to the PKI that it has such a key
pair; this is normally done by the PKI sending the Admin a nonce ...
... this case, the Admin needs to prove to the PKI that it has such a key
pair; this is normally done by the PKI sending the Admin a nonce,
which the Admin signs and returns to the PKI ...
... PKI sending the Admin a nonce,
which the Admin signs and returns to the PKI along with the end
entity's public key. A drawback to this case is that the private key ...
... +--------------------+ +--------+
Figure 12. VPN-PKI Interaction Steps:
Admin Generates Keys and PKC Request, and Enrolls Directly
...
... Admin Generates Keys and PKC Request, and Enrolls Directly
with PKI
1) Enrollment Request [E]. The Admin requests a PKC ...
...
1) Enrollment Request [E]. The Admin requests a PKC from the PKI,
providing the generated public key.
...
... public key.
2) Enrollment Response [E]. The PKI responds to the enrollment
request, providing either the new PKC that was generated or a
...
...
5) Enrollment Confirmation [E]. Admin forwards enrollment
confirmation back to the PKI.
6) Enrollment Confirmation Receipt [E]. PKI ...
... PKI.
6) Enrollment Confirmation Receipt [E]. PKI sends enrollment
confirmation receipt back to the Admin.
...
... 7) Opaque Transaction [E]. Admin forwards PKI's enrollment
confirmation receipt back to the Peer.
...
...
In this instance, the PKI and Admin have previously agreed to have
the PKI generate keys and certificates ...
... In this instance, the PKI and Admin have previously agreed to have
the PKI generate keys and certificates when the PKI receives an
...
... the PKI generate keys and certificates when the PKI receives an
authorization request. The PKI ...
... PKI receives an
authorization request. The PKI returns to the IPsec Peer through the
Admin, the final product of a key pair ...
... +--------------------+ +--------+
Figure 13. VPN-PKI Interaction Steps:
PKI Generates Keys, PKC Request ...
... Figure 13. VPN-PKI Interaction Steps:
PKI Generates Keys, PKC Request, and Enrolls
Directly with PKI ...
... PKI Generates Keys, PKC Request, and Enrolls
Directly with PKI
1) Enrollment Response [E]. The PKI ...
... PKI
1) Enrollment Response [E]. The PKI responds to the authorization
request sent, providing either the new PKC ...
...
4) Enrollment Confirmation [E]. Admin forwards enrollment
confirmation back to the PKI.
5) Enrollment Confirmation Receipt [E]. PKI ...
... PKI.
5) Enrollment Confirmation Receipt [E]. PKI sends enrollment
confirmation receipt back to the Admin.
...
... 6) Opaque Transaction [E]. Admin forwards PKI's enrollment
confirmation receipt back to the Peer.
...
...
Any time a new PKC is issued by the PKI, a confirmation of PKC
receipt MUST be sent back to the PKI ...
... PKI, a confirmation of PKC
receipt MUST be sent back to the PKI by the Peer or the Admin
(forwarding the Peer's confirmation).
...
... (forwarding the Peer's confirmation).
Operationally, the Peer MUST send a confirmation to the PKI verifying
that it has received the PKC, loaded it, and can use it effectively
...
... requirement exists so that:
- The PKI does not publish the new PKC in the repository for others
until that PKC ...
...
To assert such proof, the Peer MUST sign a portion of data with the
new key. The result MUST be sent to the PKI. The entity that
actually sends the result to the PKI ...
... PKI. The entity that
actually sends the result to the PKI MAY be either the Peer (sending
it directly to the PKI) or Admin (the Peer would send it to Admin,
...
... actually sends the result to the PKI MAY be either the Peer (sending
it directly to the PKI) or Admin (the Peer would send it to Admin,
and Admin can, in turn, send it to the PKI).
...
... it directly to the PKI) or Admin (the Peer would send it to Admin,
and Admin can, in turn, send it to the PKI).
The Admin MUST acknowledge the successful receipt of the
...
... PKC in IKE connections. The PKI MUST complete all the
processing necessary to enable the Peer's operational use of the new
PKC ...
... the confirmation acknowledgement. The Peer MUST NOT begin using the
PKC until the PKI's confirmation acknowledgement has been received.
...
... - Admin or Peer cannot send the request.
- Admin or Peer sent the request, but the PKI did not receive the
request.
...
... PKI received the request, but could not read it effectively.
- PKI received and read the request, but some contents of the
request violated the PKI's configured policy such that the PKI ...
... - PKI received and read the request, but some contents of the
request violated the PKI's configured policy such that the PKI
was unable to generate the PKC ...
... PKI received and read the request, but some contents of the
request violated the PKI's configured policy such that the PKI
was unable to generate the PKC.
...
... PKC, but could not send it.
- The PKI sent the PKC, but the requestor (Admin or Peer) did not
receive it.
...
... - The Requestor failed trying to send the confirmation.
- The Requestor sent the confirmation, but the PKI did not receive
it.
...
... it.
- The PKI received the confirmation but could not process it.
In each case the following questions MUST be addressed:
...
... - What does Peer do?
- What does Admin do?
- What does PKI do?
- Is Authorization used?
...
... Authorization used?
If a failure occurs after the PKI sends the PKC and before the Peer
receives it, then the Peer MUST re-request with the same
...
... authorization ID and one-time authorization token. The PKI, seeing
the authorization ID and authorization token ...
... elements labeled in Figure 3.
Once the PKI has issued a PKC for the end entity Peer, the Peer MUST
...
... PKC for the end entity Peer, the Peer MUST
be able to either contact the PKI directly or through the Admin for
any subsequent rekeys, renewals, updates, or revocations. The PKI ...
... PKI directly or through the Admin for
any subsequent rekeys, renewals, updates, or revocations. The PKI
MUST support either case for renewals, updates, and revocations.
...
... update requests, the entire contents of
the PKC request needs to be sent to the PKI, not just the changed
elements.
...
... update requests MUST be signed by the private
key of the old PKC. This will allow the PKI to verify the identity
of the requestor, and ensure that an attacker ...
... scenario is a matter of local security policy, and MUST be specified
by the Admin to the PKI in the original authorization request.
Reusing the same key is permitted, but not encouraged. If a new key
...
... rekey, renew, or update has been
processed and before PKI has received confirmation of the Peer's
successful receipt of the new PKC, both PKCs ...
... rekey, renewal, or update occurs, the question now exists
for the PKI of what to do about the old PKC. If the old PKC is to be
...
... PKC. If the old PKC is to be
made unusable, the PKI will need to add it to the revocation list,
removed ...
... if the old PKC should be made unusable is determined by local policy.
Either the PKI or the Admin MUST specify this parameter during the
authorization phase. In this case, the PKI ...
... PKI or the Admin MUST specify this parameter during the
authorization phase. In this case, the PKI or the Admin MUST also
specify the length of time from when the PKI receives the end entity ...
... authorization phase. In this case, the PKI or the Admin MUST also
specify the length of time from when the PKI receives the end entity
Peer's confirmation (of receipt of the PKC ...
... update
request and for rekey requests, once the Peer receives the
confirmation acknowledgement from the PKI, it is good practice for
the old key pair to be destroyed as soon as possible. Deletion can
...
... At the time of authorization, certain details about renewal
acceptance will be conveyed by the Admin to the PKI, as stated in
Section 3.2.4.2. The renewal request MUST match the conditions that
were specified in the original authorization ...
... PKC unusable.
If any of these conditions are not met, the PKI must reject the
renewal and log the event.
...
... authorization, certain details about update acceptance
can be conveyed by the Admin to the PKI, as stated in Section
3.2.4.2. The update request MUST match the conditions that were
...
... PKC unusable.
If any of these conditions are not met, the PKI MUST reject the
update and log the event.
...
... authorization was not made at the time of original
authorization, one can be made from Admin to the PKI at any time
during the PKC's valid ...
... update is desired, Admin
must notify the PKI System that an update is authorized for the end
entity and must specify the new contents. Admin then initiates the
...
... update request with the given contents in whichever mechanism the VPN
System employs (direct from end entity to PKI, from end entity
through Admin, or directly from Admin).
...
... requirements are the same as in Sections
3.2, 3.3, and 3.4 except that depending on the Administrative policy
the PKI MUST also issue a revocation on the original PKC before
...
... revocation request transaction occurs directly with the PKI or is
first sent to Admin (who proxies or forwards the request to the PKI ...
... PKI or is
first sent to Admin (who proxies or forwards the request to the PKI)
is a matter of implementation.
...
... PKC issued
under a template it controls. The Admin will identify itself to the
PKI by use of its own PKC; it MUST sign any revocation request to the
...
... PKC; it MUST sign any revocation request to the
PKI with the private key from its own PKC. The PKI ...
... PKI with the private key from its own PKC. The PKI MUST have the
ability to configure Admin(s) with revocation authority ...
... transactions:
- AFTER RENEW, BEFORE EXPIRATION: The PKI MUST be responsible for
the PKC revocation ...
... URL indicated in a CDP or AIA. The PKI SHOULD be
built such that URL contents do not contain referrals to other hosts ...
... PKC via its secure communication with
Admin. This requires the Peer to know less about interaction
with the PKI.
(b) Admin can command Peer to retrieve the root ...
... (b) Admin can command Peer to retrieve the root cert directly from
the PKI. How retrieval of the root cert takes place is beyond
the scope of this document, but is assumed to occur via an
...
...
The PKI System MUST provide a mechanism whereby Peers can check the
revocation status of PKCs ...
... refresh rate of the CRL issued
and published by the PKI. If more immediate deactivation of access
is required than the CRL refreshing can provide, then another
...
... deployment, and to maintaining the integrity of the PKI enrollment
and management processes. However, much of the responsibility for
...