RECOMMENDATION ITU-T X.509 – Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks
Summary
FOREWORD
CONTENTS
Introduction
SECTION 1 – GENERAL
1 Scope
2 Normative references
     2.1 Identical Recommendations | International Standards
     2.2 Paired Recommendations | International Standards equivalent in technical content
     2.3 Recommendations
     2.4 Other references
3 Definitions
     3.1 OSI Reference Model security architecture definitions
     3.2 Baseline identity management terms and definitions
     3.3 Directory model definitions
     3.4 Access control framework definitions
     3.5 Public-key and attribute certificate definitions
4 Abbreviations
5 Conventions
6 Frameworks overview
     6.1 Digital signatures
     6.2 Public-key cryptography and cryptographic algorithms
          6.2.1 Formal specification of public-key cryptography
          6.2.2 Formal definitions of cryptographic algorithms
          6.2.3 Migration of cryptographic algorithms
     6.3 Distinguished encoding of basic encoding rules
     6.4 Applying distinguished encoding
     6.5 Using repositories
SECTION 2 – PUBLIC-KEY CERTIFICATE FRAMEWORK
7 Public keys and public-key certificates
     7.1 Introduction
     7.2 Public-key certificate
          7.2.1 Public-key certificate syntax
          7.2.2 Multiple cryptographic algorithms for public-key certificates
     7.3 Public-key certificate extensions
     7.4 Types of public-key certificates
     7.5 Trust anchor
     7.6 Entity relationship
     7.7 Certification path
     7.8 Generation of key pairs
     7.9 Public-key certificate creation
     7.10 Certificate revocation list
          7.10.1 Certificate revocation list principles
          7.10.2 Certificate revocation list syntax
          7.10.3 Multiple cryptographic algorithms for certificate revocation lists
     7.11 Uniqueness of names
     7.12 Indirect CRLs
          7.12.1 Introduction
          7.12.2 Indirect CRL contents
     7.13 Repudiation of a digital signing
8 Trust models
     8.1 Three-cornered trust model
     8.2 Four cornered trust model
9 Public-key certificate and CRL extensions
     9.1 Policy handling
          9.1.1 Certificate policy
          9.1.2 Cross-certificates and policy handling
          9.1.3 Policy mapping
          9.1.4 Certification path processing
          9.1.5 Self-issued certificates
     9.2 Key and policy information extensions
          9.2.1 Requirements
          9.2.2 Public-key certificate and CRL extensions
               9.2.2.1 Authority key identifier extension
               9.2.2.2 Subject key identifier extension
               9.2.2.3 Key usage extension
               9.2.2.4 Extended key usage extension
               9.2.2.5 Private key usage period extension
               9.2.2.6 Certificate policies extension
               9.2.2.7 Policy mappings extension
               9.2.2.8 Authorization and validation extension
     9.3 Subject and issuer information extensions
          9.3.1 Requirements
          9.3.2 Certificate and CRL extensions
               9.3.2.1 Subject alternative name extension
               9.3.2.2 Issuer alternative name extension
               9.3.2.3 Subject directory attributes extension
               9.3.2.4 Associate information extension
     9.4 Certification path constraint extensions
          9.4.1 Requirements
          9.4.2 Public-key certificate extensions
               9.4.2.1 Basic constraints extension
               9.4.2.2 Name constraints extension
               9.4.2.3 Policy constraints extension
               9.4.2.4 Inhibit any policy extension
     9.5 Basic CRL extensions
          9.5.1 Requirements
          9.5.2 CRL extensions
               9.5.2.1 CRL number extension
               9.5.2.2 Status referral extension
               9.5.2.3 CRL stream identifier extension
               9.5.2.4 Ordered list extension
               9.5.2.5 Delta Information extension
               9.5.2.6 To be revoked extension
               9.5.2.7 Revoked group of certificates extension
               9.5.2.8 Expired certificates on CRL extension
          9.5.3 CRL entry extension
               9.5.3.1 Reason code extension
               9.5.3.2 Hold instruction code extension
               9.5.3.3 Invalidity date extension
     9.6 CRL distribution points and delta CRL extensions
          9.6.1 Requirements
          9.6.2 CRL distribution point and delta CRL extensions
               9.6.2.1 CRL distribution points extension
               9.6.2.2 Issuing distribution point extension
               9.6.2.3 Certificate issuer extension
               9.6.2.4 Delta CRL indicator extension
               9.6.2.5 Base update time extension
               9.6.2.6 Freshest CRL extension
     9.7 Authorization and validation list extensions
          9.7.1 Introduction
          9.7.2 Protocol restrictions extensions
     9.8 Alternative cryptographic algorithms and digital signature extensions
          9.8.1 Introduction
          9.8.2 Subject alternative public key information extension
          9.8.3 Alternative signature algorithm extension
          9.8.4 Alternative signature value
10 Delta CRL relationship to base
11 Authorization and validation lists
     11.1 Authorization and validation list concept
     11.2 The authorizer
     11.3 Authorization and validation list syntax
     11.4 Multiple cryptographic algorithms for authorization and validation list
12 Certification path processing procedure
     12.1 Path processing inputs
     12.2 Path processing outputs
     12.3 Path processing variables
     12.4 Initialization step
     12.5 Public-key certificate processing
          12.5.1 Basic public-key certificate checks
          12.5.2 Processing intermediate certificates
          12.5.3 Explicit policy indicator processing
          12.5.4 Final processing
13 PKI directory schema
     13.1 PKI directory object classes and name forms
          13.1.1 PKI user object class
          13.1.2 PKI CA object class
          13.1.3 CRL distribution points object class and name form
          13.1.4 Delta CRL object class
          13.1.5 Certificate Policy and CPS object class
          13.1.6 PKI certification path object class
     13.2 PKI directory attributes
          13.2.1 User certificate attribute
          13.2.2 CA certificate attribute
          13.2.3 Cross-certificate pair attribute type
          13.2.4 Public-key certificate revocation list attribute type
          13.2.5 End-entity public-key certificate revocation list attribute type
          13.2.6 CA revocation list attribute type
          13.2.7 Delta revocation list attribute
          13.2.8 Supported algorithms attribute
          13.2.9 Certification practice statement attribute
          13.2.10 Certificate policy attribute
          13.2.11 PKI path attribute
          13.2.12 Supported public-key algorithms attribute type
     13.3 PKI directory matching rules
          13.3.1 Certificate exact match
          13.3.2 Certificate match
          13.3.3 Certificate pair exact match
          13.3.4 Certificate pair match
          13.3.5 Certificate list exact match
          13.3.6 Certificate list match
          13.3.7 Algorithm identifier match
          13.3.8 Policy match
          13.3.9 PKI path match
          13.3.10 Enhanced certificate match
     13.4 PKI directory syntax definitions
          13.4.1 X.509 Certificate syntax
          13.4.2 X.509 Certificate List syntax
          13.4.3 X.509 Certificate Pair syntax
          13.4.4 X.509 Supported Algorithm
          13.4.5 X.509 Certificate Exact Assertion
          13.4.6 X.509 Certificate Assertion
          13.4.7 X.509 Certificate Pair Exact Assertion
          13.4.8 X.509 Certificate Pair Assertion
          13.4.9 X.509 Certificate List Exact Assertion syntax
          13.4.10 X.509 Certificate List Assertion syntax
          13.4.11 X.509 Algorithm Identifier syntax
          13.4.12 Supported public-key algorithms syntax
SECTION 3 – ATTRIBUTE CERTIFICATE FRAMEWORK
14 Attribute certificates
     14.1 General
     14.2 Attribute certificate syntax
     14.3 Multiple cryptographic algorithms for attribute certificates
     14.4 Delegation paths
     14.5 Attribute certificate revocation lists
          14.5.1 Attribute certificate revocation list principles
          14.5.2 Attribute certificate revocation list syntax
          14.5.3 Multiple cryptographic algorithms for attribute certificate revocation lists
15 Attribute authority, source of authority and certification authority relationship
     15.1 Privilege in attribute certificates
     15.2 Privilege in public-key certificates
16 PMI models
     16.1 General model
          16.1.1 PMI in access control context
          16.1.2 PMI in a non-repudiation context
     16.2 Control model
     16.3 Delegation model
     16.4 Group assignment model
          16.4.1 Direct group naming
          16.4.2 Group role naming
     16.5 Roles model
          16.5.1 Role attribute type
     16.6 Recognition of Authority Model
     16.7 XML privilege information attribute
     16.8 Permission attribute and matching rule
          16.8.1 Permission attribute
          16.8.2 Dual string matching rule
17 Attribute certificate and attribute certificate revocation list extensions
     17.1 Basic privilege management extensions
          17.1.1 Requirements
          17.1.2 Basic privilege management extension
               17.1.2.1 Time specification extension
                    17.1.2.1.1 Time specification extension definition
                    17.1.2.1.2 Time specification matching rule
               17.1.2.2 Targeting information extension
               17.1.2.3 User notice extension
               17.1.2.4 Acceptable privilege policies extension
               17.1.2.5 Single use extension
               17.1.2.6 Group attribute certificate extension
               17.1.2.7 Authority key identifier extension
     17.2 Privilege revocation extensions
          17.2.1 Requirements
          17.2.2 Privilege revocation extensions
               17.2.2.1 Use of CRL distribution points extension as ACRL extension
               17.2.2.2 AA issuing distribution point extension
               17.2.2.3 Use of certificate issuer extension
               17.2.2.4 Use of delta CRL indicator extension
               17.2.2.5 Use of base update extension
               17.2.2.6 Use of freshest CRL extension
               17.2.2.7 No revocation information available extension
               17.2.2.8 Use of CRL number extension for ACRL
               17.2.2.9 Use of status referral extension for ACRL
               17.2.2.10 Use of CRL stream identifier for ACRL
               17.2.2.11 Use of order list extension for ACRL
               17.2.2.12 Use of delta information extension for ACRL
               17.2.2.13 Use of expired certificates on ACRL extension
               17.2.2.14 Use of to be revoked extension as ACRL extension
               17.2.2.15 Use of revoked group of certificates extension as ACRL extension
          17.2.3 Use of CRL entry extensions
               17.2.3.1 Use of reason code extension
               17.2.3.2 Use of hold instruction code extension
     17.3 Source of authority extensions
          17.3.1 Requirements
          17.3.2 SOA extensions
               17.3.2.1 SOA identifier extension
                    17.3.2.1.1 SOA identifier extension definition
                    17.3.2.1.2 SOA identifier matching rule
               17.3.2.2 Attribute descriptor extension
                    17.3.2.2.1 Attribute descriptor extension definition
                    17.3.2.2.2 Attribute descriptor matching rule
     17.4 Role extensions
          17.4.1 Requirements
          17.4.2 Role extensions
               17.4.2.1 Role specification certificate identifier extension
                    17.4.2.1.1 Role specification certificate identifier extension definition
                    17.4.2.1.2 Role specification certificate ID matching rule
     17.5 Delegation extensions
          17.5.1 Requirements
          17.5.2 Delegation extensions
               17.5.2.1 Basic attribute constraints extension
                    17.5.2.1.1 Basic attribute constraints extension definition
                    17.5.2.1.2 Basic attribute constraints matching rule
               17.5.2.2 Delegated name constraints extension
                    17.5.2.2.1 Delegated name constraints extension definition
                    17.5.2.2.2 Delegated name constraints matching rule
               17.5.2.3 Acceptable certificate policies extension
                    17.5.2.3.1 Acceptable certificate policies extension definition
                    17.5.2.3.2 Acceptable certificate policies matching rule
               17.5.2.4 Authority attribute identifier extension
                    17.5.2.4.1 Authority attribute identifier extension definition
                    17.5.2.4.2 AA identifier matching rule
               17.5.2.5 Indirect issuer extension
               17.5.2.6 Issued on behalf of extension
               17.5.2.7 No assertion extension
     17.6 Recognition of authority extensions
          17.6.1 Requirements
          17.6.2 RoA extensions
               17.6.2.1 Allowed attribute assignments extension
               17.6.2.2 Attribute mappings extension
               17.6.2.3 Holder name constraints extension
               17.6.2.4 Relationship of delegated name constraints to holder name constraints
     17.7 Use of alternative digital signature algorithm and digital signature extensions
          17.7.1 Introduction
          17.7.2 Use of alternative signature algorithm extension
          17.7.3 Use of alternative signature value extension
18 Delegation path processing procedure
     18.1 Basic processing procedure
     18.2 Role processing procedure
     18.3 Delegation processing procedure
          18.3.1 Verify integrity of domination rule
          18.3.2 Establish valid delegation path
               18.3.2.1 Use of authority information access extension
               18.3.2.2 Use of authority key identifier
          18.3.3 Verify privilege delegation
          18.3.4 Pass/fail determination
19 PMI directory schema
     19.1 PMI directory object classes
          19.1.1 PMI user object class
          19.1.2 PMI AA object class
          19.1.3 PMI SOA object class
          19.1.4 Attribute certificate CRL distribution point object class
          19.1.5 PMI delegation path object class
          19.1.6 Privilege policy object class
          19.1.7 Protected privilege policy object class
     19.2 PMI directory attributes
          19.2.1 Attribute certificate attribute
          19.2.2 AA certificate attribute
          19.2.3 Attribute descriptor certificate attribute
          19.2.4 Attribute certificate revocation list attribute
          19.2.5 End-entity attribute certificate revocation list attribute type
          19.2.6 AA certificate revocation list attribute
          19.2.7 Delegation path attribute
          19.2.8 Privilege policy attribute
          19.2.9 Protected privilege policy attribute
          19.2.10 XML Protected privilege policy attribute
     19.3 PMI general directory matching rules
          19.3.1 Attribute certificate exact match
          19.3.2 Attribute certificate match
          19.3.3 Holder issuer match
          19.3.4 Delegation path match
          19.3.5 Extension presence match
Annex A – Public-key and attribute certificate frameworks
Annex B – Reference definition of cryptographic algorithms
Annex C – Certificate extension attribute types
     C.1 Certificate extension attribute concept
     C.2 Formal specification for certificate extension attribute types
Annex D – External ASN.1 modules
Annex E – CRL generation and processing rules
     E.1 Introduction
          E.1.1 CRL types
          E.1.2 CRL processing
     E.2 Determine parameters for CRLs
     E.3 Determine CRLs required
          E.3.1 End-entity public-key certificate with critical CRL distribution point extension
          E.3.2 End-entity public-key certificate with no critical CRL distribution point extension
          E.3.3 CA with critical CRL DP
          E.3.4 CA with no critical CRL DP
     E.4 Obtain CRLs
     E.5 Process CRLs
          E.5.1 Validate base CRL scope
               E.5.1.1 Complete CRL
               E.5.1.2 Complete EPRL
               E.5.1.3 Complete CARL
               E.5.1.4 Distribution point based CRL/EPRL/CARL
          E.5.2 Validate delta CRL scope
          E.5.3 Validity and currency checks on the base CRL
          E.5.4 Validity and checks on the delta CRL
Annex F – Examples of delta CRL issuance
Annex G – Privilege policy and privilege attribute definition examples
     G.1 Introduction
     G.2 Sample syntaxes
          G.2.1 First example
          G.2.2 Second example
     G.3 Privilege attribute example
Annex H – An introduction to public key cryptography2)
Annex I – Examples of use of certification path constraints
     I.1 Example 1: Use of basic constraints
     I.2 Example 2: Use of policy mapping and policy constraints
     I.3 Use of name constraints extension
          I.3.1 Examples of public-key certificate format with name constraints extension
               I.3.1.1 Examples of permittedsubtrees
               I.3.1.2 Examples of excludedsubtrees
               I.3.1.3 Examples of permittedsubtrees and excludedsubtrees
          I.3.2 Examples of certificate handling with name constraints extension
               I.3.2.1 Name spaces constraints by permitted-subtrees indistinguished  name form
               I.3.2.2 Name spaces constraints by excluded-subtrees in distinguished name form
               I.3.2.3 Name spaces constraints by permitted-subtrees in multiple name forms
               I.3.2.4 Name spaces constraints by excluded-subtrees in multiple name forms
          I.3.3 Examples where multiple cross-certificates with name constraints extension are needed
               I.3.3.1 Conflicting name space constraints requirements
               I.3.3.2 Disjunctive evaluation of name space constraints
Annex J – Guidance on determining for which policies a certification path is valid
     J.1 Certification path valid for a user-specified policy required
     J.2 Certification path valid for any policy required
     J.3 Certification path valid regardless of policy
     J.4 Certification path valid for a user-specific policy desired, but not required
Annex K – Key usage certificate extension issues
Annex L – Deprecated extensions
     L.1 CRL scope extension
Annex M – Directory concepts
     M.1 Scope
     M.2 The directory attribute concept
     M.3 Basic directory concepts
     M.4 Subtrees
     M.5 Directory distinguished names
     M.6 Directory schema
Annex N – Considerations on strong authentication
     N.1 Introduction
     N.2 One-way authentication
     N.3 Two-way authentication
     N.4 Three-way authentication
     N.5 Five-way authentication (initiated by A)
     N.6 Five-way authentication (initiated by B)
Annex O – Alphabetical list of information item definitions
Annex P – Amendments and corrigenda
Bibliography