draft-ietf-sidr-cps-02.txt   draft-ietf-sidr-cps-03.txt 
Secure Inter-Domain Routing (sidr) Kent, S. Secure Inter-Domain Routing (sidr) Kent, S.
Internet Draft Kong, D. Internet Draft Kong, D.
Expires: January 2014 Seo, K. Expires: April 2014 Seo, K.
Intended Status: BCP BBN Technologies Intended Status: BCP BBN Technologies
July 2013 October 2013
Template for a Certification Practice Statement (CPS) for the Template for a Certification Practice Statement (CPS) for the
Resource PKI (RPKI) Resource PKI (RPKI)
draft-ietf-sidr-cps-02.txt draft-ietf-sidr-cps-03.txt
Abstract Abstract
This document contains a template to be used for creating a This document contains a template to be used for creating a
Certification Practice Statement (CPS) for an Organization that is Certification Practice Statement (CPS) for an Organization that is
part of the Resource Public Key Infrastructure (RPKI), e.g., a part of the Resource Public Key Infrastructure (RPKI), e.g., a
resource allocation registry or an ISP. resource allocation registry or an ISP.
Status of this Memo Status of this Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as work in progress." material or to cite them other than as work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on January 31,2014. This Internet-Draft will expire on April 31,2014.
Table of Contents Table of Contents
Preface...........................................................7 Preface...........................................................7
1. Introduction...................................................8 1. Introduction...................................................8
1.1. Overview..................................................8 1.1. Overview..................................................8
1.2. Document Name and Identification..........................9 1.2. Document Name and Identification..........................9
1.3. PKI Participants..........................................9 1.3. PKI Participants..........................................9
1.3.1. Certification Authorities............................9 1.3.1. Certification Authorities............................9
1.3.2. Registration Authorities............................10 1.3.2. Registration Authorities............................10
skipping to change at page 4, line 42 skipping to change at page 4, line 42
5.3.1. Qualifications, experience, and clearance requirements28 5.3.1. Qualifications, experience, and clearance requirements28
5.3.2. Background check procedures.........................28 5.3.2. Background check procedures.........................28
5.3.3. Training requirements...............................28 5.3.3. Training requirements...............................28
5.3.4. Retraining frequency and requirements...............28 5.3.4. Retraining frequency and requirements...............28
5.3.5. Job rotation frequency and sequence.................28 5.3.5. Job rotation frequency and sequence.................28
5.3.6. Sanctions for unauthorized actions..................28 5.3.6. Sanctions for unauthorized actions..................28
5.3.7. Independent contractor requirements.................28 5.3.7. Independent contractor requirements.................28
5.3.8. Documentation supplied to personnel.................28 5.3.8. Documentation supplied to personnel.................28
5.4. Audit Logging Procedures.................................28 5.4. Audit Logging Procedures.................................28
5.4.1. Types of Events Recorded............................28 5.4.1. Types of Events Recorded............................28
5.4.2. Frequency of Processing Log.........................28 5.4.2. Frequency of Processing Log.........................29
5.4.3. Retention Period for Audit Log......................29 5.4.3. Retention Period for Audit Log......................29
5.4.4. Protection of Audit Log.............................29 5.4.4. Protection of Audit Log.............................29
5.4.5. Audit Log Backup Procedures.........................29 5.4.5. Audit Log Backup Procedures.........................29
5.4.6. Audit Collection System (Internal vs. External) 5.4.6. Audit Collection System (Internal vs. External)
[OMITTED]..................................................29 [OMITTED]..................................................29
5.4.7. Notification to Event-causing Subject [OMITTED].....29 5.4.7. Notification to Event-causing Subject [OMITTED].....29
5.4.8. Vulnerability Assessments...........................29 5.4.8. Vulnerability Assessments...........................29
5.5. Records Archival [OMITTED]...............................29 5.5. Records Archival [OMITTED]...............................29
5.6. Key Changeover...........................................29 5.6. Key Changeover...........................................29
5.7. Compromise and Disaster Recovery.........................29 5.7. Compromise and Disaster Recovery.........................29
5.8. CA or RA Termination.....................................29 5.8. CA or RA Termination.....................................30
6. Technical Security Controls...................................30 6. Technical Security Controls...................................31
6.1. Key Pair Generation and Installation.....................30 6.1. Key Pair Generation and Installation.....................31
6.1.1. Key Pair Generation.................................30 6.1.1. Key Pair Generation.................................31
6.1.2. Private Key Delivery to Subscriber..................30 6.1.2. Private Key Delivery to Subscriber..................31
6.1.3. Public Key Delivery to Certificate Issuer...........30 6.1.3. Public Key Delivery to Certificate Issuer...........31
6.1.4. CA Public Key Delivery to Relying Parties...........30 6.1.4. CA Public Key Delivery to Relying Parties...........31
6.1.5. Key Sizes...........................................30 6.1.5. Key Sizes...........................................31
6.1.6. Public Key Parameters Generation and Quality Checking31 6.1.6. Public Key Parameters Generation and Quality Checking32
6.1.7. Key Usage Purposes (as per X.509 v3 Key Usage Field)31 6.1.7. Key Usage Purposes (as per X.509 v3 Key Usage Field)32
6.2. Private Key Protection and Cryptographic Module Engineering 6.2. Private Key Protection and Cryptographic Module Engineering
Controls......................................................31 Controls......................................................32
6.2.1. Cryptographic module standards and controls.........31 6.2.1. Cryptographic module standards and controls.........32
6.2.2. Private Key (n out of m) Multi-Person Control.......31 6.2.2. Private Key (n out of m) Multi-Person Control.......32
6.2.3. Private Key Escrow..................................31 6.2.3. Private Key Escrow..................................32
6.2.4. Private Key Backup..................................31 6.2.4. Private Key Backup..................................32
6.2.5. Private Key Archival................................32 6.2.5. Private Key Archival................................33
6.2.6. Private Key Transfer into or from a Cryptographic Module 6.2.6. Private Key Transfer into or from a Cryptographic Module
...........................................................32 ...........................................................33
6.2.7. Private Key Storage on Cryptographic Module.........32 6.2.7. Private Key Storage on Cryptographic Module.........33
6.2.8. Method of Activating Private Key....................32 6.2.8. Method of Activating Private Key....................33
6.2.9. Method of Deactivating Private Key..................32 6.2.9. Method of Deactivating Private Key..................33
6.2.10. Method of Destroying Private Key...................32 6.2.10. Method of Destroying Private Key...................33
6.2.11. Cryptographic Module Rating........................32 6.2.11. Cryptographic Module Rating........................33
6.3. Other aspects of Key Pair Management.....................32 6.3. Other aspects of Key Pair Management.....................33
6.3.1. Public Key Archival.................................32 6.3.1. Public Key Archival.................................33
6.3.2. Certificate Operational Periods and Key Pair Usage 6.3.2. Certificate Operational Periods and Key Pair Usage
Periods....................................................33 Periods....................................................34
6.4. Activation data..........................................33 6.4. Activation data..........................................34
6.4.1. Activation Data Generation and Installation.........33 6.4.1. Activation Data Generation and Installation.........34
6.4.2. Activation data protection..........................33 6.4.2. Activation data protection..........................34
6.4.3. Other Aspects of Activation Data....................33 6.4.3. Other Aspects of Activation Data....................34
6.5. Computer Security Controls...............................33 6.5. Computer Security Controls...............................34
6.6. Life cycle Technical Controls............................33 6.6. Life cycle Technical Controls............................34
6.6.1. System Development Controls.........................33 6.6.1. System Development Controls.........................34
6.6.2. Security Management Controls........................33 6.6.2. Security Management Controls........................34
6.6.3. Life Cycle Security Controls........................34 6.6.3. Life Cycle Security Controls........................35
6.7. Network Security Controls................................34 6.7. Network Security Controls................................35
6.8. Time-stamping............................................34 6.8. Time-stamping............................................35
7. Certificate and CRL Profiles..................................35 7. Certificate and CRL Profiles..................................36
8. Compliance Audit and Other Assessments........................36 8. Compliance Audit and Other Assessments........................37
9. Other Business And Legal Matters..............................37 9. Other Business And Legal Matters..............................38
9.1. Fees.....................................................37 9.1. Fees.....................................................38
9.1.1. Certificate issuance or renewal fees................37 9.1.1. Certificate issuance or renewal fees................38
9.1.2. Fees for other services (if applicable).............37 9.1.2. Fees for other services (if applicable).............38
9.1.3. Refund policy.......................................37 9.1.3. Refund policy.......................................38
9.2. Financial responsibility.................................37 9.2. Financial responsibility.................................38
9.2.1. Insurance coverage..................................37 9.2.1. Insurance coverage..................................38
9.2.2. Other assets........................................37 9.2.2. Other assets........................................38
9.2.3. Insurance or warranty coverage for end-entities.....37 9.2.3. Insurance or warranty coverage for end-entities.....38
9.3. Confidentiality of business information..................37 9.3. Confidentiality of business information..................38
9.3.1. Scope of confidential information...................37 9.3.1. Scope of confidential information...................38
9.3.2. Information not within the scope of confidential 9.3.2. Information not within the scope of confidential
information................................................37 information................................................38
9.3.3. Responsibility to protect confidential information..37 9.3.3. Responsibility to protect confidential information..38
9.4. Privacy of personal information..........................38 9.4. Privacy of personal information..........................39
9.4.1. Privacy plan........................................38 9.4.1. Privacy plan........................................39
9.4.2. Information treated as private......................38 9.4.2. Information treated as private......................39
9.4.3. Information not deemed private......................38 9.4.3. Information not deemed private......................39
9.4.4. Responsibility to protect private information.......38 9.4.4. Responsibility to protect private information.......39
9.4.5. Notice and consent to use private information.......38 9.4.5. Notice and consent to use private information.......39
9.4.6. Disclosure pursuant to judicial or administrative 9.4.6. Disclosure pursuant to judicial or administrative
process....................................................38 process....................................................39
9.4.7. Other information disclosure circumstances..........38 9.4.7. Other information disclosure circumstances..........39
9.5. Intellectual property rights (if applicable).............38 9.5. Intellectual property rights (if applicable).............39
9.6. Representations and warranties...........................38 9.6. Representations and warranties...........................39
9.6.1. CA representations and warranties...................38 9.6.1. CA representations and warranties...................39
9.6.2. Subscriber representations and warranties...........38 9.6.2. Subscriber representations and warranties...........39
9.6.3. Relying party representations and warranties........38 9.6.3. Relying party representations and warranties........39
9.7. Disclaimers of warranties................................38 9.7. Disclaimers of warranties................................39
9.8. Limitations of liability.................................38 9.8. Limitations of liability.................................39
9.9. Indemnities..............................................38 9.9. Indemnities..............................................39
9.10. Term and termination....................................38 9.10. Term and termination....................................39
9.10.1. Term...............................................38 9.10.1. Term...............................................39
9.10.2. Termination........................................38 9.10.2. Termination........................................39
9.10.3. Effect of termination and survival.................38 9.10.3. Effect of termination and survival.................39
9.11. Individual notices and communications with participants.38 9.11. Individual notices and communications with participants.39
9.12. Amendments..............................................38 9.12. Amendments..............................................39
9.12.1. Procedure for amendment............................38 9.12.1. Procedure for amendment............................39
9.12.2. Notification mechanism and period..................38 9.12.2. Notification mechanism and period..................39
9.13. Dispute resolution provisions...........................39 9.13. Dispute resolution provisions...........................40
9.14. Governing law...........................................39 9.14. Governing law...........................................40
9.15. Compliance with applicable law..........................39 9.15. Compliance with applicable law..........................40
9.16. Miscellaneous provisions................................39 9.16. Miscellaneous provisions................................40
9.16.1. Entire agreement...................................39 9.16.1. Entire agreement...................................40
9.16.2. Assignment.........................................39 9.16.2. Assignment.........................................40
9.16.3. Severability.......................................39 9.16.3. Severability.......................................40
9.16.4. Enforcement (attorneys' fees and waiver of rights).39 9.16.4. Enforcement (attorneys' fees and waiver of rights).40
9.16.5. Force Majeure......................................39 9.16.5. Force Majeure......................................40
10. Security Considerations......................................40 10. Security Considerations......................................41
11. IANA Considerations..........................................40 11. IANA Considerations..........................................41
12. Acknowledgments..............................................40 12. Acknowledgments..............................................41
13. References...................................................41 13. References...................................................42
13.1. Normative References....................................41 13.1. Normative References....................................42
13.2. Informative References..................................41 13.2. Informative References..................................42
Author's Addresses...............................................42 Author's Addresses...............................................43
Copyright Statement..............................................42 Copyright Statement..............................................44
Preface Preface
This document contains a template to be used for creating a This document contains a template to be used for creating a
Certification Practice Statement (CPS) for an Organization that is Certification Practice Statement (CPS) for an Organization that is
part of the Resource Public Key Infrastructure (RPKI). (Throughout part of the Resource Public Key Infrastructure (RPKI). (Throughout
this document the term "organization" is used broadly, e.g., the this document the term "organization" is used broadly, e.g., the
entity in question might be a business unit of a larger entity in question might be a business unit of a larger
organization.) The user of this document should: organization.) The user of this document should:
skipping to change at page 7, line 30 skipping to change at page 7, line 30
Public Key Infrastructure (RPKI)" with date, author, etc. There Public Key Infrastructure (RPKI)" with date, author, etc. There
is no expectation that a CPS will be published as an RFC. is no expectation that a CPS will be published as an RFC.
2. leave the table of contents intact 2. leave the table of contents intact
3. delete this Preface, headers and footers (but keep page numbers) 3. delete this Preface, headers and footers (but keep page numbers)
4. fill in the information indicated below by <text in angle 4. fill in the information indicated below by <text in angle
brackets> brackets>
5. delete sections 10, 11, 13.1, Acknowledgments, Author's 5. delete sections 10, 11, Acknowledgments, Author's Addresses, and
Addresses, Intellectual Property Statement, Disclaimer of Copyright Statement; leaving a reference section (omitting RFC
Validity, and Copyright Statement; leaving a reference section 2119)
with just the references in 13.2
6. update the table of contents to reflect the changes required by 6. update the table of contents to reflect the changes required by
steps 4 and 5 above . steps 4 and 5 above .
This document has been generated to complement the Certificate Policy This document has been generated to complement the Certificate Policy
(CP) for the RPKI [RFC6484]. Like the RFC 6484, it is based on the (CP) for the RPKI [RFC6484]. Like the RFC 6484, it is based on the
template specified in RFC 3647. A number of sections contained in the template specified in RFC 3647. A number of sections contained in the
template were omitted from this CPS because they did not apply to template were omitted from this CPS because they did not apply to
this PKI. However, we have retained the section numbering scheme this PKI. However, we have retained the section numbering scheme
employed in the RFC to facilitate comparison with the section employed in the RFC to facilitate comparison with the section
skipping to change at page 9, line 25 skipping to change at page 9, line 25
. In the future, the PKI also may include end entity certificates in . In the future, the PKI also may include end entity certificates in
support of access control for the repository system as described in support of access control for the repository system as described in
Section 2.4. Section 2.4.
1.2. Document Name and Identification 1.2. Document Name and Identification
The name of this document is "<Name of Organization>'s Certification The name of this document is "<Name of Organization>'s Certification
Practice Statement for the Resource Public Key Infrastructure (RPKI) Practice Statement for the Resource Public Key Infrastructure (RPKI)
". <If this document is available via the Internet, the CA can ". <If this document is available via the Internet, the CA can
provide the URI for the CPS here. It should be the same URI as that provide the URI for the CPS here. It SHOULD be the same URI as that
which appears as a policy qualifier in the CA certificate for the CA, which appears as a policy qualifier in the CA certificate for the CA,
if the CA elects to make use of that feature.> if the CA elects to make use of that feature.>
1.3. PKI Participants 1.3. PKI Participants
Note that in a PKI, the term "subscriber" refers to an individual or Note that in a PKI, the term "subscriber" refers to an individual or
organization that is a subject of a certificate issued by a CA. The organization that is a subject of a certificate issued by a CA. The
term is used in this fashion throughout this document, without term is used in this fashion throughout this document, without
qualification, and should not be confused with the networking use of qualification, and should not be confused with the networking use of
the term to refer to an individual or organization that receives the term to refer to an individual or organization that receives
skipping to change at page 14, line 9 skipping to change at page 14, line 9
certificates issued under this PKI. The content and format of certificates issued under this PKI. The content and format of
these data constructs depend on the context in which validation these data constructs depend on the context in which validation
of claims of current holdings of INRs takes place. Examples of of claims of current holdings of INRs takes place. Examples of
these objects are repository manifests [RFC6486] and Route these objects are repository manifests [RFC6486] and Route
Origin Authorizations (ROAs) [RFC6482]. Origin Authorizations (ROAs) [RFC6482].
2. Publication and Repository Responsibilities 2. Publication and Repository Responsibilities
2.1. Repositories 2.1. Repositories
As per the CP, certificates, CRLs and RPKI-signed objects must be As per the CP, certificates, CRLs and RPKI-signed objects MUST be
made available for downloading by all relying parties, to enable them made available for downloading by all relying parties, to enable them
to validate this data. to validate this data.
The <Name of Organization> RPKI CA will publish certificates, CRLs, The <Name of Organization> RPKI CA will publish certificates, CRLs,
and RPKI-signed objects via a repository that is accessible via and RPKI-signed objects via a repository that is accessible via
<Insert SIDR-designated protocol name here> at <insert URL here>. <Insert IETF-designated protocol name here> at <insert URL here>.
This repository will conform to the structure described in [RFC6481]. This repository will conform to the structure described in [RFC6481].
2.2. Publication of Certification Information 2.2. Publication of Certification Information
<Name of Organization> will publish certificates, CRLs and RPKI- <Name of Organization> will publish certificates, CRLs and RPKI-
signed objects issued by it to a repository that operates as part of signed objects issued by it to a repository that operates as part of
a worldwide distributed system of RPKI repositories. a worldwide distributed system of RPKI repositories.
2.3. Time or Frequency of Publication 2.3. Time or Frequency of Publication
<Describe here your procedures for publication (to the global <Describe here your procedures for publication (to the global
repository system) of the certificates, CRLs and RPKI-signed objects repository system) of the certificates, CRLs and RPKI-signed objects
that you issue. If you choose to outsource publication of PKI data, that you issue. If you choose to outsource publication of PKI data,
you still need to provide this information for relying parties. This you still need to provide this information for relying parties. This
should include the period of time within which a certificate will be MUST include the period of time within which a certificate will be
published after the CA issues the certificate, and the period of time published after the CA issues the certificate, and the period of time
within which a CA will publish a CRL with an entry for a revoked within which a CA will publish a CRL with an entry for a revoked
certificate, after the CA revokes that certificate.> certificate, after the CA revokes that certificate.>
The <Name of Organization> CA will publish its CRL prior to the The <Name of Organization> CA will publish its CRL prior to the
nextUpdate value in the scheduled CRL previously issued by the CA. nextUpdate value in the scheduled CRL previously issued by the CA.
2.4. Access Controls on Repositories 2.4. Access Controls on Repositories
<Describe the access controls used by the Organization to ensure that <Describe the access controls used by the Organization to ensure that
skipping to change at page 15, line 22 skipping to change at page 15, line 22
identified by an X.500 Distinguished Name (DN). The distinguished identified by an X.500 Distinguished Name (DN). The distinguished
name will consist of a single Common Name (CN) attribute with a name will consist of a single Common Name (CN) attribute with a
value generated by <Name of Organization>. Optionally, the value generated by <Name of Organization>. Optionally, the
serialNumber attribute may be included along with the common name serialNumber attribute may be included along with the common name
(to form a terminal relative distinguished name set), to distinguish (to form a terminal relative distinguished name set), to distinguish
among successive instances of certificates associated with the same among successive instances of certificates associated with the same
entity. entity.
3.1.2. Need for Names to be Meaningful 3.1.2. Need for Names to be Meaningful
The name of the subscriber will not be "meaningful" in the The Subject name in each certificate SHOULD NOT be "meaningful",in
conventional, human-readable sense. The rationale here is that these the conventional, human-readable sense. The rationale here is that
certificates are used for authorization in support of applications these certificates are used for authorization in support of
that make use of attestations of INR holdings. They are not used to applications that make use of attestations of INR holdings. They are
identify subjects. not used to identify subjects.
3.1.3. Anonymity or Pseudonymity of Subscribers 3.1.3. Anonymity or Pseudonymity of Subscribers
Although Subject names in certificates issued by this Organization Although Subject names in certificates issued by this Organization
need not be meaningful, and may appear "random," anonymity is not a SHOULD NOT be meaningful, and may appear "random," anonymity is not a
function of this PKI; thus no explicit support for this feature is function of this PKI; thus no explicit support for this feature is
provided. provided.
3.1.4. Rules for Interpreting Various Name Forms 3.1.4. Rules for Interpreting Various Name Forms
None None
3.1.5. Uniqueness of Names 3.1.5. Uniqueness of Names
<Name of Organization> certifies subject names that are unique among <Name of Organization> certifies subject names that are unique among
the certificates that it issues. Although it is desirable that these the certificates that it issues. Although it is desirable that these
subject names be unique throughout the PKI, to facilitate certificate subject names be unique throughout the PKI, to facilitate certificate
path discovery, such uniqueness is neither mandated nor enforced path discovery, such uniqueness is neither mandated nor enforced
through technical means. <Name of Organization> generates subject through technical means. <Name of Organization> generates subject
names to minimize the chances that two entities in the RPKI will be names to minimize the chances that two entities in the RPKI will be
assigned the same name. Specifically, <insert subject name generation assigned the same name. Specifically, <insert subject name generation
description here, or cite RFC 6487.> description here, or cite RFC 6487.>
3.1.6. Recognition, Authentication, and Role of Rrademarks 3.1.6. Recognition, Authentication, and Role of Trademarks
Because the Subject names are not intended to be meaningful, <Name of Because the Subject names are not intended to be meaningful, <Name of
Organization> makes no provision to either recognize or authenticate Organization> makes no provision to either recognize or authenticate
trademarks, service marks, etc. trademarks, service marks, etc.
3.2. Initial Identity Validation 3.2. Initial Identity Validation
3.2.1. Method to Prove Possession of Private Key 3.2.1. Method to Prove Possession of Private Key
<Describe the method whereby each subscriber will be required to <Describe the method whereby each subscriber will be required to
skipping to change at page 17, line 11 skipping to change at page 17, line 11
<Describe the procedures that are used to identify at least one <Describe the procedures that are used to identify at least one
individual as a representative of each subscriber. This is done in individual as a representative of each subscriber. This is done in
support of issuance, renewal, and revocation of the certificate support of issuance, renewal, and revocation of the certificate
issued to the organization. For example, one might say "The <Name of issued to the organization. For example, one might say "The <Name of
Organization> BPKI (see Section 3.2.6) issues certificates that MUST Organization> BPKI (see Section 3.2.6) issues certificates that MUST
be used to identify individuals who represent <Name of Organization> be used to identify individuals who represent <Name of Organization>
subscribers." The procedures should be commensurate with those you subscribers." The procedures should be commensurate with those you
already employ in authenticating individuals as representatives for already employ in authenticating individuals as representatives for
INR holders. Note that this authentication is solely for use by you INR holders. Note that this authentication is solely for use by you
in dealing with the organizations to which you distribute (or sub- in dealing with the organizations to which you distribute (or sub-
distribute) INRs, and thus must not be relied upon outside of this distribute) INRs, and thus MUST NOT be relied upon outside of this
CA/subscriber relationship.> CA/subscriber relationship.>
3.2.4. Non-verified Subscriber Information 3.2.4. Non-verified Subscriber Information
No non-verified subscriber data is included in certificates issued No non-verified subscriber data is included in certificates issued
under this certificate policy except for Subject Information Access under this certificate policy except for Subject Information Access
(SIA) extensions [RFC6487]. (SIA) extensions [RFC6487].
3.2.5. Validation of Authority 3.2.5. Validation of Authority
skipping to change at page 18, line 9 skipping to change at page 18, line 9
used to ensure that a subscriber requesting routine re-key is the used to ensure that a subscriber requesting routine re-key is the
legitimate holder of the certificate to be re-keyed. State the legitimate holder of the certificate to be re-keyed. State the
approach for establishing PoP of the private key corresponding to the approach for establishing PoP of the private key corresponding to the
new public key. If you operate a BPKI, describe how that BPKI is used new public key. If you operate a BPKI, describe how that BPKI is used
to authenticate routine re-key requests.> to authenticate routine re-key requests.>
3.3.2. Identification and Authentication for Re-key after 3.3.2. Identification and Authentication for Re-key after
Revocation Revocation
<Describe the procedures used to ensure that an organization <Describe the procedures used to ensure that an organization
requesting a re-key after revocation is the legitimate holder of the requesting a re-key after revocation is the legitimate holder of the
INRs in the certificate being re-keyed. This should also include the INRs in the certificate being re-keyed. This MUST also include the
method employed for verifying PoP of the private key corresponding to method employed for verifying PoP of the private key corresponding to
the new public key. If you operate a BPKI, describe how that BPKI is the new public key. If you operate a BPKI, describe how that BPKI is
used to authenticate re-key requests. With respect to authentication used to authenticate re-key requests. With respect to authentication
of the subscriber, the procedures should be commensurate with those of the subscriber, the procedures should be commensurate with those
you already employ in the maintenance of INR distribution records.> you already employ in the maintenance of INR distribution records.>
3.4. Identification and Authentication for Revocation Request 3.4. Identification and Authentication for Revocation Request
<Describe the procedures used by an RPKI subscriber to make a <Describe the procedures used by an RPKI subscriber to make a
revocation request. Describe the manner by which it is ensured that revocation request. Describe the manner by which it is ensured that
skipping to change at page 22, line 10 skipping to change at page 22, line 10
Certificate renewal will incorporate the same public key as the Certificate renewal will incorporate the same public key as the
previous certificate, unless the private key has been reported as previous certificate, unless the private key has been reported as
compromised (see Section 4.9.3). If a new key pair is being used, compromised (see Section 4.9.3). If a new key pair is being used,
the stipulations of Section 4.7 will apply. the stipulations of Section 4.7 will apply.
4.6.2. Who May Request Renewal 4.6.2. Who May Request Renewal
The subscriber or <Name of Organization> may initiate the renewal The subscriber or <Name of Organization> may initiate the renewal
process. <For the case of the subscriber, describe the procedures process. <For the case of the subscriber, describe the procedures
that will be used to ensure that the requester is the legitimate that will be used to ensure that the requester is the legitimate
holder of the INRs in the certificate being renewed. This should also holder of the INRs in the certificate being renewed. This MUST also
include the method employed for verifying PoP of the private key include the method employed for verifying PoP of the private key
corresponding to the public key in the certificate being renewed or corresponding to the public key in the certificate being renewed or
the new public key if the public key is being changed. With respect the new public key if the public key is being changed. With respect
to authentication of the subscriber, the procedures should be to authentication of the subscriber, the procedures should be
commensurate with those you already employ in the maintenance of INR commensurate with those you already employ in the maintenance of INR
distribution records. If you operate a BPKI for this, describe how distribution records. If you operate a BPKI for this, describe how
that business-based PKI is used to authenticate renewal requests and that business-based PKI is used to authenticate renewal requests and
refer to 3.2.6.> refer to 3.2.6.>
4.6.3. Processing Certificate Renewal Requests 4.6.3. Processing Certificate Renewal Requests
skipping to change at page 23, line 20 skipping to change at page 23, line 20
required, based on: required, based on:
1. knowledge or suspicion of compromise or loss of the associated 1. knowledge or suspicion of compromise or loss of the associated
private key, or private key, or
2. the expiration of the cryptographic lifetime of the associated key 2. the expiration of the cryptographic lifetime of the associated key
pair pair
If a certificate is revoked to replace the RFC 3779 extensions, the If a certificate is revoked to replace the RFC 3779 extensions, the
replacement certificate will incorporate the same public key, not a replacement certificate will incorporate the same public key, not a
new key, unless the subscriber requests a re-key at the same time. new key.
If the re-key is based on a suspected compromise, then the previous If the re-key is based on a suspected compromise, then the previous
certificate will be revoked. certificate will be revoked.
4.7.2. Who May Request Certification of a New Public Key 4.7.2. Who May Request Certification of a New Public Key
Only the holder of a certificate may request a re-key. In addition, Only the holder of a certificate may request a re-key. In addition,
<Name of Organization> may initiate a re-key based on a verified <Name of Organization> may initiate a re-key based on a verified
compromise report. <If the subscriber (certificate Subject) requests compromise report. <If the subscriber (certificate Subject) requests
the rekey, describe how authentication is effected, e.g., using the the rekey, describe how authentication is effected, e.g., using the
skipping to change at page 28, line 43 skipping to change at page 28, line 43
. Messages received requesting CA actions (e.g., certificate . Messages received requesting CA actions (e.g., certificate
requests, certificate revocation requests, compromise requests, certificate revocation requests, compromise
notifications) notifications)
. Certificate creation, modification, revocation, or renewal actions . Certificate creation, modification, revocation, or renewal actions
. Posting of any material to a repository . Posting of any material to a repository
. Any attempts to change or delete audit data . Any attempts to change or delete audit data
. Key generation
. Software and/or configuration updates to the CA
. Clock adjustments
<List here any additional types of events that will be audited.> <List here any additional types of events that will be audited.>
5.4.2. Frequency of Processing Log 5.4.2. Frequency of Processing Log
<Describe your procedures for review of audit logs.> <Describe your procedures for review of audit logs.>
5.4.3. Retention Period for Audit Log 5.4.3. Retention Period for Audit Log
<Describe your policies for retention of audit logs.> <Describe your policies for retention of audit logs.>
5.4.4. Protection of Audit Log 5.4.4. Protection of Audit Log
<Describe your policies for protection of the audit logs.> <Describe your policies for protection of the audit logs.>
5.4.5. Audit Log Backup Procedures 5.4.5. Audit Log Backup Procedures
skipping to change at page 30, line 32 skipping to change at page 31, line 32
<If the procedures in 6.1.1 include providing key pair generation <If the procedures in 6.1.1 include providing key pair generation
services for subscribers, describe the means by which private keys services for subscribers, describe the means by which private keys
are delivered to subscribers in a secure fashion. Otherwise say this are delivered to subscribers in a secure fashion. Otherwise say this
is not applicable.> is not applicable.>
6.1.3. Public Key Delivery to Certificate Issuer 6.1.3. Public Key Delivery to Certificate Issuer
<Describe the procedures that will be used to deliver a subscriber's <Describe the procedures that will be used to deliver a subscriber's
public keys to the <Name of Organization> RPKI CA. These procedures public keys to the <Name of Organization> RPKI CA. These procedures
should ensure that the public key has not been altered during transit MUST ensure that the public key has not been altered during transit
and that the subscriber possesses the private key corresponding to and that the subscriber possesses the private key corresponding to
the transferred public key.> See RFC 6487 for details. the transferred public key.> See RFC 6487 for details.
6.1.4. CA Public Key Delivery to Relying Parties 6.1.4. CA Public Key Delivery to Relying Parties
CA public keys for all entities (other than trust anchors) are CA public keys for all entities (other than trust anchors) are
contained in certificates issued by other CAs and will be published contained in certificates issued by other CAs and will be published
to the RPKI repository system. Relying parties will download these to the RPKI repository system. Relying parties will download these
certificates from this system. Public key values and associated data certificates from this system. Public key values and associated data
for (putative) trust anchors will be distributed out of band and for (putative) trust anchors will be distributed out of band and
skipping to change at page 33, line 10 skipping to change at page 34, line 10
<Because this PKI does not support non-repudiation, there is no need <Because this PKI does not support non-repudiation, there is no need
to archive public keys. If keys are not archived, say so. If they to archive public keys. If keys are not archived, say so. If they
are, describe the archive processes and procedures.> are, describe the archive processes and procedures.>
6.3.2. Certificate Operational Periods and Key Pair Usage 6.3.2. Certificate Operational Periods and Key Pair Usage
Periods Periods
The <Name of Organization> CA's key pair will have a validity The <Name of Organization> CA's key pair will have a validity
interval of <insert number of years>. <These key pairs and interval of <insert number of years>. <These key pairs and
certificates should have reasonably long validity intervals, e.g., 10 certificates should have reasonably long validity intervals, e.g., 10
years, to minimize the disruption caused by key changeover.> years, to minimize the disruption caused by key changeover. Note that
the CA's key lifetime is under the control of its issuer, so the CPS
MUST reflect the key lifetime imposed by the issuer.>
6.4. Activation data 6.4. Activation data
6.4.1. Activation Data Generation and Installation 6.4.1. Activation Data Generation and Installation
<Describe how activation data for your CA will be generated.> <Describe how activation data for your CA will be generated.>
6.4.2. Activation data protection 6.4.2. Activation data protection
Activation data for the CA private key will be protected by <Describe Activation data for the CA private key will be protected by <Describe
skipping to change at page 37, line 9 skipping to change at page 38, line 9
8. Compliance Audit and Other Assessments 8. Compliance Audit and Other Assessments
<List here any audit and other assessments used to ensure the <List here any audit and other assessments used to ensure the
security of the administration of INRs. These are sufficient for the security of the administration of INRs. These are sufficient for the
RPKI systems.> RPKI systems.>
9. Other Business And Legal Matters 9. Other Business And Legal Matters
<The sections below are optional. Fill them in as appropriate for <The sections below are optional. Fill them in as appropriate for
your organization. The CP says that CAs should cover 9.1 to 9.11 and your organization. The CP says that CAs should cover 9.1 to 9.11 and
9.13 to 9.17 although not every CA will choose to do so. Note that 9.13 to 9.16 although not every CA will choose to do so. Note that
the manner in which you manage your business and legal matters for the manner in which you manage your business and legal matters for
this PKI should be commensurate with the way in which you manage this PKI should be commensurate with the way in which you manage
business and legal matters for the distribution of INRs.> business and legal matters for the distribution of INRs.>
9.1. Fees 9.1. Fees
9.1.1. Certificate issuance or renewal fees 9.1.1. Certificate issuance or renewal fees
9.1.2. Fees for other services (if applicable) 9.1.2. Certificate access fees [OMITTED]
9.1.3. Refund policy 9.1.3. Revocation or status information access fees [OMITTED]
9.1.4. Fees for other services (if applicable)
9.1.5. Refund policy
9.2. Financial responsibility 9.2. Financial responsibility
9.2.1. Insurance coverage 9.2.1. Insurance coverage
9.2.2. Other assets 9.2.2. Other assets
9.2.3. Insurance or warranty coverage for end-entities 9.2.3. Insurance or warranty coverage for end-entities
9.3. Confidentiality of business information 9.3. Confidentiality of business information
skipping to change at page 41, line 23 skipping to change at page 42, line 23
Policy (CP) for the Resource PKI (RPKI)," February 2012. Policy (CP) for the Resource PKI (RPKI)," February 2012.
[RFC6487] Huston, G., Michaelson, G., and Loomans, R., "A Profile for [RFC6487] Huston, G., Michaelson, G., and Loomans, R., "A Profile for
X.509 PKIX Resource Certificates," February 2012. X.509 PKIX Resource Certificates," February 2012.
[RFC6485] Huston, G., "A Profile for Algorithms and Key Sizes for Use [RFC6485] Huston, G., "A Profile for Algorithms and Key Sizes for Use
in the Resource Public Key Infrastructure," February 2012. in the Resource Public Key Infrastructure," February 2012.
13.2. Informative References 13.2. Informative References
[FIPS] Federal Information Processing Standards Publication 140-3 [FIPS] Federal Information Processing Standards Publication 140-3
(FIPS-140-3), "Security Requirements for Cryptographic (FIPS-140-3), "Security Requirements for Cryptographic
Modules", Information Technology Laboratory, National Modules", Information Technology Laboratory, National
Institute of Standards and Technology, work in progress. Institute of Standards and Technology, work in progress.
[RFC3647] Chokhani, S., Ford, W., Sabett, R., Merrill, C., and Wu,
S., "Internet X.509 Public Key Infrastructure Certificate
Policy and Certification Practices Framework", RFC 3647,
November 2003.
[RFC6480] M. Lepinski, S. Kent, "An Infrastructure to Support Secure [RFC6480] M. Lepinski, S. Kent, "An Infrastructure to Support Secure
Internet Routing," February 2012. Internet Routing," February 2012.
[RFC6481] G. Huston, R. Loomans, G. Michaelson, "A Profile for [RFC6481] G. Huston, R. Loomans, G. Michaelson, "A Profile for
Resource Certificate Repository Structure," February 2012. Resource Certificate Repository Structure," February 2012.
[RFC6482] M. Lepinski, S. Kent, D. Kong, "A Profile for Route Origin [RFC6482] M. Lepinski, S. Kent, D. Kong, "A Profile for Route Origin
Authorizations (ROAs)," February 2012. Authorizations (ROAs)," February 2012.
[RFC6486] R. Austein, G. Huston, S. Kent, M. Lepinski, "Manifests for [RFC6486] R. Austein, G. Huston, S. Kent, M. Lepinski, "Manifests for
the Resource Public Key Infrastructure (RPKI)," February the Resource Public Key Infrastructure (RPKI)," February
2012. 2012.
[RFC6489] G. Huston, G. Michaelson, S. Kent, "Certification Authority [RFC6489] G. Huston, G. Michaelson, S. Kent, "Certification Authority
(CA) Key Rollover in the Resource Public Key Infrastructure (CA) Key Rollover in the Resource Public Key Infrastructure
(RPKI), February 2012. (RPKI), February 2012.
[RSA] Rivest, R., Shamir, A., and Adelman, L. M. 1978. A method [RSA] Rivest, R., Shamir, A., and Adelman, L. M. 1978. A method
for obtaining digital signatures and public-key for obtaining digital signatures and public-key
cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126. cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126.
Author's Addresses Author's Addresses
Stephen Kent Stephen Kent
BBN Technologies BBN Technologies
10 Moulton Street 10 Moulton Street
Cambridge MA 02138 Cambridge MA 02138
USA USA
 End of changes. 34 change blocks. 
123 lines changed or deleted 140 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/