1 / 9

RFC 3039 bis

RFC 3039 bis. Qualified Certificates Profile Changes from RFC 3039. Issues. References and other minor editorial Subject DN attributes Scope Key usage qcStataments - mandatory use for QC and criticality. Subject attributes. RFC 3039 text:

favian
Download Presentation

RFC 3039 bis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039

  2. Issues • References and other minor editorial • Subject DN attributes • Scope • Key usage • qcStataments - mandatory use for QC and criticality

  3. Subject attributes • RFC 3039 text: • The subject field SHALL contain an appropriate subset of the following attributes: • Other attributes may be present but MUST NOT be necessary to distinguish the subject name from other subject names within the issuer domain. • Attributes under consideration: • postalAddress (not supported by RFC 3280) • Title (function/position within an organization)

  4. Scope – The two ways • RFC 3039 way • Profile for Qualified Certificates but scope is not limited to that. • RFC 3039 bis way? • Profile for ID certificates that also defines specific tools for QC

  5. Scope RFC 3039 • Abstract: This document forms a certificate profile for Qualified Certificates, based on RFC 2459, for use in the Internet. The term Qualified Certificate is used to describe a certificate with a certain qualified status within applicable governing law. • Section 2: The term "Qualified Certificate" has been used by the European Commission to describe a certain type of certificates with specific relevance for European legislation. This specification is intended to support this class of certificates, but its scope is not limited to this application. • Section 2: Within this standard the term "Qualified Certificate" is used more generally, describing the format for a certificate whose primary purpose is identifying a person with high level of assurance in public non-repudiation services. The actual mechanisms that will decide whether a certificate should or should not be considered to be a "Qualified Certificate" in regard to any legislation are outside the scope of this standard.

  6. Scope – Reasons for change • Some functions of RFC 3039 are not specific to QC or “public non-repudiations services” • biometricInfo Extension • Issuer and Subject DN attribute set • Attribute semantics definitions (PI definition) • SubjectDirectory attributes • dateOfBirth; placeOfBirth; gender; countryOfCitizenship; and countryOfResidence.

  7. Scope – RFC3039 bis 00.txt • Abstract: This document forms a certificate profile, based on RFC 3280, for identity certificates issued to physical persons. • Abstract: The profile defines specific conventions for certificates that are qualified within a defined legal framework, named Qualified Certificates. The profile does however not define any legal requirements for such Qualified Certificates. • Section 2: Within this standard the term "Qualified Certificate" is used generally, describing a certificate whose primary purpose is to identify a person with high level of assurance, where the certificate meet some qualification requirements defined by an applicable legal framework.

  8. Key usage • RFC 3039 • If the key usage nonRepudiation bit is asserted then it SHOULD NOT be combined with any other key usage , i.e., if set, the key usage non-repudiation SHOULD be set exclusively. • RFC 3039bis 00.txt • Key usage settings SHALL be set in accordance with RFC 3280 definitions. Further conventions for key usage setting MAY be defined by certificate policies and/or local legal regulations. • Motivation for change is highly dependent on scope

  9. qcStatement Extension – mandatory use and criticality • ETSI TS 101 862 • Based on clear definition of QC as context for the standard • QC declaration through policy or qcStatement • RFC 3039 • No stipulation • Proposal • RFC 3039 bis – no stripulation • TS 101862 bis – Mandatory use of qcStatament, May be critical

More Related