|
Work item:
|
X.rs-certi
|
|
Subject/title:
|
Framework for risk assessment of server certificate in application
|
|
Status:
|
Under study
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2027-04 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
If certificate subscribers who obtain certificates issued by Certification Authority (CA) do not have a certificate verification process (including security verification of the issued certificate itself and security verification of the deployment environment) and directly deploy them, it would lead to security risks in the subsequent application process (e.g., establishment of secure communication channel using certificates) of the deployed certificate. In addition, since the certificate subscribers lack monitoring of the certificate application process on servers, there would also be security risks such as secret key leakage and man-in-middle attacks if revoked or expired certificates are used during the application process after certificate deployment.
Currently, although there are some recommendations or specifications on syntax format and automated certificate management, there is no standardization work on risk assessment of server certificates in application.
This proposed recommendation would recommend risk assessment of server certificate in application. The risk assessment would mainly analyse and notify the risk status of the applied certificate from the perspective of operational security of certificate subscribers.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2025-04-16 16:31:01
|
|
Last update:
2025-04-17 12:15:16
|
