Internet Engineering Task Force (IETF) S. Kent Request for Comments: 7382 D. Kong BCP: 173 K. Seo Category: Best Current Practice BBN Technologies ISSN: 2070-1721 April 2015
Template for a Certification Practice Statement (CPS) for the Resource PKI (RPKI)
Abstract
This document contains a template to be used for creating a Certification Practice Statement (CPS) for an organization that is part of the Resource Public Key Infrastructure (RPKI), e.g., a resource allocation registry or an ISP.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7382.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Kent, et al. Best Current Practice [Page 1]
RFC 7382 Template CPS for the RPKI April 2015
Table of Contents
Preface ............................................................8 1. Introduction ....................................................9 1.1. Overview ..................................................10 1.2. Document Name and Identification ..........................10 1.3. PKI Participants ..........................................11 1.3.1. Certification Authorities ..........................11 1.3.2. Registration Authorities ...........................11 1.3.3. Subscribers ........................................11 1.3.4. Relying Parties ....................................11 1.3.5. Other Participants .................................12 1.4. Certificate Usage .........................................12 1.4.1. Appropriate Certificate Uses .......................12 1.4.2. Prohibited Certificate Uses ........................12 1.5. Policy Administration .....................................12 1.5.1. Organization Administering the Document ............12 1.5.2. Contact Person .....................................12 1.5.3. Person Determining CPS Suitability for the Policy ..12 1.5.4. CPS Approval Procedures ............................13 1.6. Definitions and Acronyms ..................................13 2. Publication and Repository Responsibilities ....................14 2.1. Repositories ..............................................14 2.2. Publication of Certification Information ..................14 2.3. Time or Frequency of Publication ..........................14 2.4. Access Controls on Repositories ...........................15 3. Identification and Authentication ..............................15 3.1. Naming ....................................................15 3.1.1. Types of Names .....................................15 3.1.2. Need for Names to Be Meaningful ....................15 3.1.3. Anonymity or Pseudonymity of Subscribers ...........15 3.1.4. Rules for Interpreting Various Name Forms ..........15 3.1.5. Uniqueness of Names ................................16 3.1.6. Recognition, Authentication, and Role of Trademarks .........................................16 3.2. Initial Identity Validation ...............................16 3.2.1. Method to Prove Possession of Private Key ..........16 3.2.2. Authentication of Organization Identity ............16 3.2.3. Authentication of Individual Identity ..............17 3.2.4. Non-verified Subscriber Information ................17 3.2.5. Validation of Authority ............................17 3.2.6. Criteria for Interoperation ........................17
Kent, et al. Best Current Practice [Page 2]
RFC 7382 Template CPS for the RPKI April 2015
3.3. Identification and Authentication for Re-key Requests .....18 3.3.1. Identification and Authentication for Routine Re-key .....................................18 3.3.2. Identification and Authentication for Re-key after Revocation ............................18 3.4. Identification and Authentication for Revocation Request ..18 4. Certificate Life Cycle Operational Requirements ................18 4.1. Certificate Application ...................................18 4.1.1. Who Can Submit a Certificate Application ...........18 4.1.2. Enrollment Process and Responsibilities ............19 4.2. Certificate Application Processing ........................19 4.2.1. Performing Identification and Authentication Functions ...........................19 4.2.2. Approval or Rejection of Certificate Applications ..19 4.2.3. Time to Process Certificate Applications ...........19 4.3. Certificate Issuance ......................................19 4.3.1. CA Actions during Certificate Issuance .............19 4.3.2. Notification to Subscriber by the CA of Issuance of Certificate ............................20 4.3.3. Notification of Certificate Issuance by the CA to Other Entities ...............................20 4.4. Certificate Acceptance ....................................20 4.4.1. Conduct Constituting Certificate Acceptance ........20 4.4.2. Publication of the Certificate by the CA ...........20 4.4.3. Notification of Certificate Issuance by the CA to Other Entities ...............................20 4.5. Key Pair and Certificate Usage ............................20 4.5.1. Subscriber Private Key and Certificate Usage .......20 4.5.2. Relying Party Public Key and Certificate Usage .....21 4.6. Certificate Renewal .......................................21 4.6.1. Circumstance for Certificate Renewal ...............21 4.6.2. Who May Request Renewal ............................21 4.6.3. Processing Certificate Renewal Requests ............22 4.6.4. Notification of New Certificate Issuance to Subscriber .........................................22 4.6.5. Conduct Constituting Acceptance of a Renewal Certificate ................................22 4.6.6. Publication of the Renewal Certificate by the CA ...22 4.6.7. Notification of Certificate Issuance by the CA to Other Entities ...............................22 4.7. Certificate Re-key ........................................22 4.7.1. Circumstance for Certificate Re-key ................22 4.7.2. Who May Request Certification of a New Public Key ..23 4.7.3. Processing Certificate Re-keying Requests ..........23 4.7.4. Notification of New Certificate Issuance to Subscriber .........................................23
Kent, et al. Best Current Practice [Page 3]
RFC 7382 Template CPS for the RPKI April 2015
4.7.5. Conduct Constituting Acceptance of a Re-keyed Certificate ...............................23 4.7.6. Publication of the Re-keyed Certificate by the CA ..23 4.7.7. Notification of Certificate Issuance by the CA to Other Entities ...............................23 4.8. Certificate Modification ..................................23 4.8.1. Circumstance for Certificate Modification ..........23 4.8.2. Who May Request Certificate Modification ...........24 4.8.3. Processing Certificate Modification Requests .......24 4.8.4. Notification of Modified Certificate Issuance to Subscriber .............................24 4.8.5. Conduct Constituting Acceptance of Modified Certificate ........................................24 4.8.6. Publication of the Modified Certificate by the CA ..24 4.8.7. Notification of Certificate Issuance by the CA to Other Entities ...............................24 4.9. Certificate Revocation and Suspension .....................25 4.9.1. Circumstances for Revocation .......................25 4.9.2. Who Can Request Revocation .........................25 4.9.3. Procedure for Revocation Request ...................25 4.9.4. Revocation Request Grace Period ....................25 4.9.5. Time within Which CA Must Process the Revocation Request .................................25 4.9.6. Revocation Checking Requirement for Relying Parties ............................................25 4.9.7. CRL Issuance Frequency .............................26 4.9.8. Maximum Latency for CRLs ...........................26 4.10. Certificate Status Services ..............................26 5. Facility, Management, and Operational Controls .................26 5.1. Physical Controls .........................................26 5.1.1. Site Location and Construction .....................26 5.1.2. Physical Access ....................................26 5.1.3. Power and Air Conditioning .........................26 5.1.4. Water Exposures ....................................26 5.1.5. Fire Prevention and Protection .....................26 5.1.6. Media Storage ......................................26 5.1.7. Waste Disposal .....................................26 5.1.8. Off-Site Backup ....................................26 5.2. Procedural Controls .......................................27 5.2.1. Trusted Roles ......................................27 5.2.2. Number of Persons Required per Task ................27 5.2.3. Identification and Authentication for Each Role ....27 5.2.4. Roles Requiring Separation of Duties ...............27
Kent, et al. Best Current Practice [Page 4]
RFC 7382 Template CPS for the RPKI April 2015
5.3. Personnel Controls ........................................27 5.3.1. Qualifications, Experience, and Clearance Requirements .......................................27 5.3.2. Background Check Procedures ........................27 5.3.3. Training Requirements ..............................27 5.3.4. Retraining Frequency and Requirements ..............27 5.3.5. Job Rotation Frequency and Sequence ................27 5.3.6. Sanctions for Unauthorized Actions .................27 5.3.7. Independent Contractor Requirements ................27 5.3.8. Documentation Supplied to Personnel ................27 5.4. Audit Logging Procedures ..................................28 5.4.1. Types of Events Recorded ...........................28 5.4.2. Frequency of Processing Log ........................28 5.4.3. Retention Period for Audit Log .....................28 5.4.4. Protection of Audit Log ............................28 5.4.5. Audit Log Backup Procedures ........................28 5.4.6. Audit Collection System (Internal vs. External) [OMITTED] ................................29 5.4.7. Notification to Event-Causing Subject [OMITTED] ....29 5.4.8. Vulnerability Assessments ..........................29 5.5. Records Archival [OMITTED] ................................29 5.6. Key Changeover ............................................29 5.7. Compromise and Disaster Recovery ..........................29 5.8. CA or RA Termination ......................................29 6. Technical Security Controls ....................................29 6.1. Key Pair Generation and Installation ......................29 6.1.1. Key Pair Generation ................................29 6.1.2. Private Key Delivery to Subscriber .................30 6.1.3. Public Key Delivery to Certificate Issuer ..........30 6.1.4. CA Public Key Delivery to Relying Parties ..........30 6.1.5. Key Sizes ..........................................30 6.1.6. Public Key Parameter Generation and Quality Checking ...........................................30 6.1.7. Key Usage Purposes (as per X.509 v3 Key Usage Field) .......................................30 6.2. Private Key Protection and Cryptographic Module Engineering Controls ......................................31 6.2.1. Cryptographic Module Standards and Controls ........31 6.2.2. Private Key (n out of m) Multi-Person Control ......31 6.2.3. Private Key Escrow .................................31 6.2.4. Private Key Backup .................................31 6.2.5. Private Key Archival ...............................31 6.2.6. Private Key Transfer into or from a Cryptographic Module ...............................31 6.2.7. Private Key Storage on Cryptographic Module ........31 6.2.8. Method of Activating Private Key ...................32
Kent, et al. Best Current Practice [Page 5]
RFC 7382 Template CPS for the RPKI April 2015
6.2.9. Method of Deactivating Private Key .................32 6.2.10. Method of Destroying Private Key ..................32 6.2.11. Cryptographic Module Rating .......................32 6.3. Other Aspects of Key Pair Management ......................32 6.3.1. Public Key Archival ................................32 6.3.2. Certificate Operational Periods and Key Pair Usage Periods .................................32 6.4. Activation Data ...........................................32 6.4.1. Activation Data Generation and Installation ........32 6.4.2. Activation Data Protection .........................32 6.4.3. Other Aspects of Activation Data ...................33 6.5. Computer Security Controls ................................33 6.6. Life Cycle Technical Controls .............................33 6.6.1. System Development Controls ........................33 6.6.2. Security Management Controls .......................33 6.6.3. Life Cycle Security Controls .......................33 6.7. Network Security Controls .................................33 6.8. Time-Stamping .............................................33 7. Certificate and CRL Profiles ...................................33 8. Compliance Audit and Other Assessments .........................34 9. Other Business and Legal Matters ...............................34 9.1. Fees ......................................................34 9.1.1. Certificate Issuance or Renewal Fees ...............34 9.1.2. Certificate Access Fees [OMITTED] ..................34 9.1.3. Revocation or Status Information Access Fees [OMITTED] .....................................34 9.1.4. Fees for Other Services (if Applicable) ............34 9.1.5. Refund Policy ......................................34 9.2. Financial Responsibility ..................................34 9.2.1. Insurance Coverage .................................34 9.2.2. Other Assets .......................................34 9.2.3. Insurance or Warranty Coverage for End-Entities ....34 9.3. Confidentiality of Business Information ...................34 9.3.1. Scope of Confidential Information ..................34 9.3.2. Information Not within the Scope of Confidential Information ...........................34 9.3.3. Responsibility to Protect Confidential Information ........................................34 9.4. Privacy of Personal Information ...........................34 9.4.1. Privacy Plan .......................................34 9.4.2. Information Treated as Private .....................35 9.4.3. Information Not Deemed Private .....................35 9.4.4. Responsibility to Protect Private Information ......35 9.4.5. Notice and Consent to Use Private Information ......35 9.4.6. Disclosure Pursuant to Judicial or Administrative Process .............................35 9.4.7. Other Information Disclosure Circumstances .........35
Kent, et al. Best Current Practice [Page 6]
RFC 7382 Template CPS for the RPKI April 2015
9.5. Intellectual Property Rights (if Applicable) ..............35 9.6. Representations and Warranties ............................35 9.6.1. CA Representations and Warranties ..................35 9.6.2. Subscriber Representations and Warranties ..........35 9.6.3. Relying Party Representations and Warranties .......35 9.7. Disclaimers of Warranties .................................35 9.8. Limitations of Liability ..................................35 9.9. Indemnities ...............................................35 9.10. Term and Termination .....................................35 9.10.1. Term ..............................................35 9.10.2. Termination .......................................35 9.10.3. Effect of Termination and Survival ................35 9.11. Individual Notices and Communications with Participants ..35 9.12. Amendments ...............................................35 9.12.1. Procedure for Amendment ...........................35 9.12.2. Notification Mechanism and Period .................35 9.13. Dispute Resolution Provisions ............................35 9.14. Governing Law ............................................35 9.15. Compliance with Applicable Law ...........................36 9.16. Miscellaneous Provisions .................................36 9.16.1. Entire Agreement ..................................36 9.16.2. Assignment ........................................36 9.16.3. Severability ......................................36 9.16.4. Enforcement (Attorneys' Fees and Waiver of Rights) ...........................................36 9.16.5. Force Majeure .....................................36 10. Security Considerations .......................................36 11. References ....................................................37 11.1. Normative References .....................................37 11.2. Informative References ...................................37 Acknowledgments ...................................................38 Authors' Addresses ................................................38
Kent, et al. Best Current Practice [Page 7]
RFC 7382 Template CPS for the RPKI April 2015
Preface
This RFC contains text intended for use as a template as designated below by the markers <BEGIN TEMPLATE TEXT> and <END TEMPLATE TEXT>. Such Template Text is subject to the provisions of Section 9(b) of the Trust Legal Provisions.
This document contains a template to be used for creating a Certification Practice Statement (CPS) for an organization that is part of the Resource Public Key Infrastructure (RPKI). (Throughout this document, the term "organization" is used broadly, e.g., the entity in question might be a business unit of a larger organization.)
There is no expectation that a CPS will be published as an RFC. An organization will publish the CPS in a manner appropriate for access by the users of the RPKI, e.g., on the organization's web site. As a best current practice, organizations are expected to use this template instead of creating one from scratch. This template contains both text that SHOULD appear in all Certification Practice Statements and places for text specific to the organization in question (indicated by <text in angle brackets>).
The user of this document should:
1. Extract the text between the <BEGIN TEMPLATE TEXT> and <END TEMPLATE TEXT> delimiters.
2. Replace the instructions between the angle brackets with the required information.
This document has been generated to complement the Certificate Policy (CP) for the RPKI [RFC6484]. Like RFC 6484, it is based on the template specified in RFC 3647 [RFC3647]. A number of sections contained in the template were omitted from this CPS because they did not apply to this PKI. However, we have retained the section numbering scheme employed in that RFC to facilitate comparison with the section numbering scheme employed in that RFC and in RFC 6484.
Conventions Used in This Document:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
Kent, et al. Best Current Practice [Page 8]
RFC 7382 Template CPS for the RPKI April 2015
<BEGIN TEMPLATE TEXT>
<Create a title page saying, e.g., "<Name of organization> Certification Practice Statement for the Resource Public Key Infrastructure (RPKI)" with date, author, etc.>
<Create a table of contents.>
1. Introduction
This document is the Certification Practice Statement (CPS) of <name of organization>. It describes the practices employed by the <name of organization> Certification Authority (CA) in the Resource Public Key Infrastructure (RPKI). These practices are defined in accordance with the requirements of the Certificate Policy (CP) [RFC6484] for the RPKI.
The RPKI is designed to support validation of claims by current holders of Internet Number Resources (INRs) (Section 1.6) in accordance with the records of the organizations that act as CAs in this PKI. The ability to verify such claims is essential to ensuring the unique, unambiguous distribution of these resources.
This PKI parallels the existing INR distribution hierarchy. These resources are distributed by the Internet Assigned Numbers Authority (IANA) to the Regional Internet Registries (RIRs). In some regions, National Internet Registries (NIRs) form a tier of the hierarchy below the RIRs for INR distribution. Internet Service Providers (ISPs) and network subscribers form additional tiers below registries.
Conventions Used in This Document:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The name of this document is "<Name of organization> Certification Practice Statement for the Resource Public Key Infrastructure (RPKI)". <If this document is available via the Internet, the CA can provide the URI for the CPS here. It SHOULD be the same URI as the URI that appears as a policy qualifier in the CA certificate for the CA, if the CA elects to make use of that feature.>
Note that in a PKI the term "subscriber" refers to an individual or organization that is a subject of a certificate issued by a CA. The term is used in this fashion throughout this document, without qualification, and should not be confused with the networking use of the term to refer to an individual or organization that receives service from an ISP. In such cases, the term "network subscriber" will be used. Also note that, for brevity, this document always refers to PKI participants as organizations or entities, even though some of them are individuals.
<Describe the CAs that you will operate for the RPKI. One approach is to operate two CAs: one designated "offline" and the other designated "production". The offline CA is the top-level CA for the <name of organization> portion of the RPKI. It provides a secure revocation and recovery capability in case the production CA is compromised or becomes unavailable. Thus, the offline CA issues certificates only to instances of the production CA, and the CRLs it issues are used to revoke only certificates issued to the production CA. The production CA is used to issue RPKI certificates to <name of organization> members, to whom INRs have been distributed.>
<Describe how the Registration Authority (RA) function is handled for the CA(s) that you operate. The RPKI does not require establishment or use of a separate Registration Authority in addition to the CA function. The RA function MUST be provided by the same entity operating as a CA, e.g., entities listed in Section 1.3.1. An entity acting as a CA in this PKI already has a formal relationship with each organization to which it distributes INRs. These organizations already perform the RA function implicitly, since they already assume responsibility for distributing INRs.>
Entities or individuals that act in reliance on certificates or RPKI-signed objects issued under this PKI are relying parties. Relying parties may or may not be subscribers within this PKI. (See Section 1.6 for the definition of an RPKI-signed object.)
<Specify one or more entities that operate a repository holding certificates, CRLs, and other RPKI-signed objects issued by this organization, and provide a URL for the repository.>
The certificates issued under this hierarchy are for authorization in support of validation of claims of current holdings of INRs.
Additional uses of the certificates, consistent with the basic goal cited above, are also permitted under RFC 6484.
Some of the certificates that may be issued under this PKI could be used to support operation of this infrastructure, e.g., access control for the repository system as described in Section 2.4. Such uses also are permitted under the RPKI certificate policy.
1.5.3. Person Determining CPS Suitability for the Policy
Not applicable. Each organization issuing a certificate in this PKI is attesting to the distribution of INRs to the holder of the private key corresponding to the public key in the certificate. The issuing organizations are the same organizations as the ones that perform the distribution; hence, they are authoritative with respect to the accuracy of this binding.
Not applicable. Each organization issuing a certificate in this PKI is attesting to the distribution of INRs to the holder of the private key corresponding to the public key in the certificate. The issuing organizations are the same organizations as the ones that perform the distribution; hence, they are authoritative with respect to the accuracy of this binding.
BPKI Business PKI. A BPKI is an optional additional PKI used by an organization to identify members to whom RPKI certificates can be issued. If a BPKI is employed by a CA, it may have its own CP, separate from the RPKI CP.
CP Certificate Policy. A CP is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of applications with common security requirements. The CP for the RPKI is [RFC6484].
CPS Certification Practice Statement. A CPS is a document that specifies the practices that a Certification Authority employs in issuing certificates.
Distribution of INRs A process of distribution of the INRs along the respective number hierarchy. IANA distributes blocks of IP addresses and Autonomous System Numbers (ASNs) to the five Regional Internet Registries (RIRs). RIRs distribute smaller address blocks and Autonomous System Numbers to organizations within their service regions, who in turn distribute IP addresses to their customers.
IANA Internet Assigned Numbers Authority. IANA is responsible for global coordination of the Internet Protocol addressing systems and ASNs used for routing Internet traffic. IANA distributes INRs to RIRs.
INRs Internet Number Resources. INRs are number values for three protocol parameter sets, namely:
o IP version 4 addresses,
o IP version 6 addresses, and
o Identifiers used in Internet inter-domain routing, currently Border Gateway Protocol-4 ASNs.
Kent, et al. Best Current Practice [Page 13]
RFC 7382 Template CPS for the RPKI April 2015
ISP Internet Service Provider. An ISP is an organization managing and selling Internet services to other organizations.
NIR National Internet Registry. An NIR is an organization that manages the distribution of INRs for a portion of the geopolitical area covered by a Regional Internet Registry. NIRs form an optional second tier in the tree scheme used to manage INR distribution.
RIR Regional Internet Registry. An RIR is an organization that manages the distribution of INRs for a geopolitical area.
RPKI-signed object An RPKI-signed object is a digitally signed data object (other than a certificate or CRL) declared to be such an object by a Standards Track RFC. An RPKI-signed object can be validated using certificates issued under this PKI. The content and format of these data constructs depend on the context in which validation of claims of current holdings of INRs takes place. Examples of these objects are repository manifests [RFC6486] and Route Origin Authorizations (ROAs) [RFC6482].
As per the CP, certificates, CRLs, and RPKI-signed objects MUST be made available for downloading by all relying parties, to enable them to validate this data.
The <name of organization> RPKI CA will publish certificates, CRLs, and RPKI-signed objects via a repository that is accessible via <insert IETF-designated protocol name here> at <insert URL here>. This repository will conform to the structure described in [RFC6481].
<Name of organization> will publish certificates, CRLs, and RPKI-signed objects issued by it to a repository that operates as part of a worldwide distributed system of RPKI repositories.
<Describe here your procedures for publication (to the global repository system) of the certificates, CRLs, and RPKI-signed objects that you issue. If you choose to outsource publication of PKI data, you still need to provide this information for relying parties. This MUST include the period of time within which a certificate will be
Kent, et al. Best Current Practice [Page 14]
RFC 7382 Template CPS for the RPKI April 2015
published after the CA issues the certificate, and the period of time within which a CA will publish a CRL with an entry for a revoked certificate, after the CA revokes that certificate.>
The <name of organization> CA will publish its CRL prior to the nextUpdate value in the scheduled CRL previously issued by the CA.
<Describe the access controls used by the organization to ensure that only authorized parties can modify repository data, and any controls used to mitigate denial-of-service attacks against the repository. If the organization offers repository services to its subscribers, then describe here the protocol(s) that it supports for publishing signed objects from subscribers.>
The subject of each certificate issued by this organization is identified by an X.500 Distinguished Name (DN). The distinguished name will consist of a single Common Name (CN) attribute with a value generated by <name of organization>. Optionally, the serialNumber attribute may be included along with the common name (to form a terminal relative distinguished name set), to distinguish among successive instances of certificates associated with the same entity.
The Subject name in each certificate SHOULD NOT be "meaningful", in the conventional, human-readable sense. The rationale here is that these certificates are used for authorization in support of applications that make use of attestations of INR holdings. They are not used to identify subjects.
Although Subject names in certificates issued by this organization SHOULD NOT be meaningful and may appear "random", anonymity is not a function of this PKI; thus, no explicit support for this feature is provided.
<Name of organization> certifies Subject names that are unique among the certificates that it issues. Although it is desirable that these Subject names be unique throughout the PKI, to facilitate certificate path discovery, such uniqueness is not required, nor is it enforced through technical means. <Name of organization> generates Subject names to minimize the chances that two entities in the RPKI will be assigned the same name. Specifically, <insert Subject name generation description here, or cite RFC 6487>.
3.1.6. Recognition, Authentication, and Role of Trademarks
Because the Subject names are not intended to be meaningful, <name of organization> makes no provision either to recognize or to authenticate trademarks, service marks, etc.
<Describe the method whereby each subscriber will be required to demonstrate proof-of-possession (PoP) of the private key corresponding to the public key in the certificate, prior to certificate issuance.>
Certificates issued under this PKI do not attest to the organizational identity of subscribers. However, certificates are issued to subscribers in a fashion that preserves the accuracy of distributions of INRs as represented in <name of organization> records.
<Describe the procedures that will be used to ensure that each RPKI certificate that is issued accurately reflects your records with regard to the organization to which you have distributed (or sub-distributed) the INRs identified in the certificate. For example, a BPKI certificate could be used to authenticate a certificate request that serves as a link to the <name of organization> subscriber database that maintains the INR distribution records. The certificate request could be matched against the database record for the subscriber in question, and an RPKI certificate would be issued only if the INRs requested were a subset of those held by the subscriber. The specific procedures employed for this purpose should be commensurate with any you already employ in the maintenance of INR distribution.>
Certificates issued under this PKI do not attest to the individual identity of a subscriber. However, <name of organization> maintains contact information for each subscriber in support of certificate renewal, re-key, and revocation.
<Describe the procedures that are used to identify at least one individual as a representative of each subscriber. This is done in support of issuance, renewal, and revocation of the certificate issued to the organization. For example, one might say "The <name of organization> BPKI (see Section 3.2.6) issues certificates that MUST be used to identify individuals who represent <name of organization> subscribers." The procedures should be commensurate with those you already employ in authenticating individuals as representatives for INR holders. Note that this authentication is solely for use by you in dealing with the organizations to which you distribute (or sub-distribute) INRs and thus MUST NOT be relied upon outside of this CA/subscriber relationship.>
No non-verified subscriber data is included in certificates issued under this certificate policy except for Subject Information Access (SIA) extensions [RFC6487].
<Describe the procedures used to verify that an individual claiming to represent a subscriber is authorized to represent that subscriber in this context. For example, one could say "Only an individual to whom a BPKI certificate (see Section 3.2.6) has been issued may request issuance of an RPKI certificate. Each certificate issuance request is verified using the BPKI." The procedures should be commensurate with those you already employ in authenticating individuals as representatives of subscribers.>
The RPKI is neither intended nor designed to interoperate with any other PKI. <If you operate a separate, additional PKI for business purposes, e.g., a BPKI, then describe (or reference) how the BPKI is used to authenticate subscribers and to enable them to manage their resource distributions.>
Kent, et al. Best Current Practice [Page 17]
RFC 7382 Template CPS for the RPKI April 2015
3.3. Identification and Authentication for Re-key Requests
3.3.1. Identification and Authentication for Routine Re-key
<Describe the conditions under which routine re-key is required and the manner by which it is requested. Describe the procedures that are used to ensure that a subscriber requesting routine re-key is the legitimate holder of the certificate to be re-keyed. State the approach for establishing PoP of the private key corresponding to the new public key. If you operate a BPKI, describe how that BPKI is used to authenticate routine re-key requests.>
3.3.2. Identification and Authentication for Re-key after Revocation
<Describe the procedures used to ensure that an organization requesting a re-key after revocation is the legitimate holder of the INRs in the certificate being re-keyed. This MUST also include the method employed for verifying PoP of the private key corresponding to the new public key. If you operate a BPKI, describe how that BPKI is used to authenticate re-key requests. With respect to authentication of the subscriber, the procedures should be commensurate with those you already employ in the maintenance of INR distribution records.>
3.4. Identification and Authentication for Revocation Request
<Describe the procedures used by an RPKI subscriber to make a revocation request. Describe the manner by which it is ensured that the subscriber requesting revocation is the subject of the certificate (or an authorized representative thereof) to be revoked. Note that there may be different procedures for the case where the legitimate subject still possesses the original private key as opposed to the case when it no longer has access to that key. These procedures should be commensurate with those you already employ in the maintenance of subscriber records.>
4. Certificate Life Cycle Operational Requirements
Any subscriber in good standing who holds INRs distributed by <name of organization> may submit a certificate application to this CA. (The exact meaning of "in good standing" is in accordance with the policy of <name of organization>.)
<Describe your enrollment process for issuing certificates both for initial deployment of the PKI and as an ongoing process. Note that most of the certificates in this PKI are issued as part of your normal business practices, as an adjunct to INR distribution, and thus a separate application to request a certificate may not be necessary. If so, reference should be made to where these practices are documented.>
<Describe the certificate request/response processing that you will employ. You should make use of existing standards for certificate application processing (see [RFC6487]).>
4.2.1. Performing Identification and Authentication Functions
<Describe your practices for identification and authentication of certificate applicants. Often, existing practices employed by you to identify and authenticate organizations can be used as the basis for issuance of certificates to these subscribers. Reference can be made to documentation of such existing practices.>
4.2.2. Approval or Rejection of Certificate Applications
<Describe your practices for approval or rejection of applications, and refer to documentation of existing business practices relevant to this process. Note that according to the CP, certificate applications will be approved based on the normal business practices of the entity operating the CA, based on the CA's records of subscribers. The CP also says that each CA will follow the procedure specified in Section 3.2.1 to verify that the requester holds the private key corresponding to the public key that will be bound to the certificate the CA issues to the requester.>
<Describe your procedures for issuance and publication of a certificate.>
Kent, et al. Best Current Practice [Page 19]
RFC 7382 Template CPS for the RPKI April 2015
4.3.2. Notification to Subscriber by the CA of Issuance of Certificate
<Name of organization> will notify the subscriber when the certificate is published. <Describe here your procedures for notifying a subscriber when a certificate has been published.>
4.3.3. Notification of Certificate Issuance by the CA to Other Entities
<Describe here any other entities that will be notified when a certificate is published.>
When a certificate is issued, the <name of organization> CA will publish it to the repository and notify the subscriber. <This may be done without subscriber review and acceptance. State your policy with respect to subscriber certificate acceptance here.>
Certificates will be published at <insert repository URL here> once issued, following the conduct described in Section 4.4.1. This will be done within <specify the time frame within which the certificate will be placed in the repository and the subscriber will be notified>. <Describe any additional procedures with respect to publication of the certificate here.>
4.4.3. Notification of Certificate Issuance by the CA to Other Entities
<Describe here any other entities that will be notified when a certificate is published.>
A summary of the use model for the RPKI is provided below.
4.5.1. Subscriber Private Key and Certificate Usage
The certificates issued by <name of organization> to subordinate INR holders are CA certificates. The private key associated with each of these certificates is used to sign subordinate (CA or EE) certificates and CRLs.
Kent, et al. Best Current Practice [Page 20]
RFC 7382 Template CPS for the RPKI April 2015
4.5.2. Relying Party Public Key and Certificate Usage
The primary relying parties in this PKI are organizations that use RPKI EE certificates to verify RPKI-signed objects. Relying parties are referred to Section 4.5.2 of [RFC6484] for additional guidance with respect to acts of reliance on RPKI certificates.
As per RFC 6484, a certificate will be processed for renewal based on its expiration date or a renewal request from the certificate Subject. The request may be implicit, a side effect of renewing a resource holding agreement, or explicit. If <name of organization> initiates the renewal process based on the certificate expiration date, then <name of organization> will notify the subscriber <insert the period of advance warning, e.g., "2 weeks in advance of the expiration date", or the general policy, e.g., "in conjunction with notification of service expiration">. The validity interval of the new (renewed) certificate will overlap that of the previous certificate by <insert length of overlap period, e.g., 1 week>, to ensure uninterrupted coverage.
Certificate renewal will incorporate the same public key as the previous certificate, unless the private key has been reported as compromised (see Section 4.9.1). If a new key pair is being used, the stipulations of Section 4.7 will apply.
The subscriber or <name of organization> may initiate the renewal process. <For the case of the subscriber, describe the procedures that will be used to ensure that the requester is the legitimate holder of the INRs in the certificate being renewed. This MUST also include the method employed for verifying PoP of the private key corresponding to the public key in the certificate being renewed or the new public key if the public key is being changed. With respect to authentication of the subscriber, the procedures should be commensurate with those you already employ in the maintenance of INR distribution records. If you operate a BPKI for this, describe how that business-based PKI is used to authenticate renewal requests, and refer to Section 3.2.6.>
<Describe your procedures for handling certificate renewal requests. Describe how you verify that the requester is the subscriber or is authorized by the subscriber, and that the certificate in question has not been revoked.>
4.6.4. Notification of New Certificate Issuance to Subscriber
<Name of organization> will notify the subscriber when the certificate is published. <Describe your procedure for notification of new certificate issuance to the subscriber. This should be consistent with Section 4.3.2.>
4.6.5. Conduct Constituting Acceptance of a Renewal Certificate
See Section 4.4.1. <If you employ a different policy from that specified in Section 4.4.1, describe it here.>
4.6.6. Publication of the Renewal Certificate by the CA
As per RFC 6484, re-key of a certificate will be performed only when required, based on:
1. knowledge or suspicion of compromise or loss of the associated private key, or
2. the expiration of the cryptographic lifetime of the associated key pair
If a certificate is revoked to replace the RFC 3779 extensions, the replacement certificate will incorporate the same public key, not a new key.
If the re-key is based on a suspected compromise, then the previous certificate will be revoked.
Kent, et al. Best Current Practice [Page 22]
RFC 7382 Template CPS for the RPKI April 2015
4.7.2. Who May Request Certification of a New Public Key
Only the holder of a certificate may request a re-key. In addition, <name of organization> may initiate a re-key based on a verified compromise report. <If the subscriber (certificate Subject) requests the re-key, describe how authentication is effected, e.g., using the <name of registry> BPKI. Describe how a compromise report received from other than a subscriber is verified.>
<Describe your process for handling re-keying requests. As per the RPKI CP, this should be consistent with the process described in Section 4.3, so reference can be made to that section.>
4.7.4. Notification of New Certificate Issuance to Subscriber
<Describe your policy for notifying the subscriber regarding availability of the new re-keyed certificate. This should be consistent with the notification process for any new certificate issuance (see Section 4.3.2).>
4.7.5. Conduct Constituting Acceptance of a Re-keyed Certificate
When a re-keyed certificate is issued, the CA will publish it in the repository and notify the subscriber. See Section 4.4.1.
4.7.6. Publication of the Re-keyed Certificate by the CA
<Describe your policy regarding publication of the new certificate. This should be consistent with the publication process for any new certificate (see Section 4.4.2).>
4.7.7. Notification of Certificate Issuance by the CA to Other Entities
As per RFC 6484, modification of a certificate occurs to implement changes to the RFC 3779 extension values or the SIA extension in a certificate. A subscriber can request a certificate modification when this information in a currently valid certificate has changed, as a result of changes in the INR holdings of the subscriber, or as a result of change of the repository publication point data.
Kent, et al. Best Current Practice [Page 23]
RFC 7382 Template CPS for the RPKI April 2015
If a subscriber is to receive a distribution of INRs in addition to a current distribution, and if the subscriber does not request that a new certificate be issued containing only these additional INRs, then this is accomplished through a certificate modification. When a certificate modification is approved, a new certificate is issued. The new certificate will contain the same public key and the same expiration date as the original certificate, but with the incidental information corrected and/or the INR distribution expanded. When previously distributed INRs are to be removed from a certificate, then the old certificate will be revoked and a new certificate (reflecting the new distribution) issued.
The subscriber or <name of organization> may initiate the certificate modification process. <For the case of the subscriber, state here what steps will be taken to verify the identity and authorization of the entity requesting the modification.>
<Describe your procedures for verification of the modification request and procedures for the issuance of a new certificate. These should be consistent with the processes described in Sections 4.2 and 4.3.1.>
4.8.4. Notification of Modified Certificate Issuance to Subscriber
<Describe your procedure for notifying the subscriber about the issuance of a modified certificate. This should be consistent with the notification process for any new certificate (see Section 4.3.2).>
4.8.5. Conduct Constituting Acceptance of Modified Certificate
When a modified certificate is issued, <name of organization> will publish it to the repository and notify the subscriber. See Section 4.4.1.
4.8.6. Publication of the Modified Certificate by the CA
<Describe your procedure for publication of a modified certificate. This should be consistent with the publication process for any new certificate (see Section 4.4.2).>
4.8.7. Notification of Certificate Issuance by the CA to Other Entities
As per RFC 6484, certificates can be revoked for several reasons. Either <name of organization> or the subject may choose to end the relationship expressed in the certificate, thus creating cause to revoke the certificate. If one or more of the INRs bound to the public key in the certificate are no longer associated with the subject, that too constitutes a basis for revocation. A certificate also may be revoked due to loss or compromise of the private key corresponding to the public key in the certificate. Finally, a certificate may be revoked in order to invalidate data signed by the private key associated with that certificate.
The subscriber or <name of organization> may request a revocation. <For the case of the subscriber, describe what steps will be taken to verify the identity and authorization of the entity requesting the revocation.>
A subscriber is required to request revocation as soon as possible after the need for revocation has been identified.
4.9.5. Time within Which CA Must Process the Revocation Request
<Describe your policy on the time period within which you will process a revocation request.>
4.9.6. Revocation Checking Requirement for Relying Parties
As per RFC 6484, a relying party is responsible for acquiring and checking the most recent, scheduled CRL from the issuer of the certificate, whenever the relying party validates a certificate.
<State the CRL issuance frequency for the CRLs that you publish.> Each CRL contains a nextUpdate value, and a new CRL will be published at or before that time. <Name of organization> will set the nextUpdate value when it issues a CRL, to signal when the next scheduled CRL will be issued.
<Name of organization> does not support the Online Certificate Status Protocol (OCSP) or the Server-Based Certificate Validation Protocol (SCVP). <Name of organization> issues CRLs.
<As per RFC 6484, describe the physical controls that you employ for certificate management. These should be commensurate with those used in the management of INR distribution.>
<As per RFC 6484, describe the procedural security controls that you employ for certificate management. These should be commensurate with those used in the management of INR distribution.>
<As per RFC 6484, describe the personnel security controls that you employ for individuals associated with certificate management. These should be commensurate with those used in the management of INR distribution.>
5.3.1. Qualifications, Experience, and Clearance Requirements
Audit records will be generated for the basic operations of the Certification Authority computing equipment. Audit records will include the date, time, responsible user or process, and summary content data relating to the event. Auditable events include:
o Access to CA computing equipment (e.g., logon, logout)
o Messages received requesting CA actions (e.g., certificate requests, certificate revocation requests, compromise notifications)
o Certificate creation, modification, revocation, or renewal actions
o Posting of any material to a repository
o Any attempts to change or delete audit data
o Key generation
o Software and/or configuration updates to the CA
o Clock adjustments
<List here any additional types of events that will be audited.>
<Describe any vulnerability assessments that you will apply (or have already applied) to the PKI subsystems. This should include whether such assessments have taken place and any procedures or plans to perform or repeat/reassess vulnerabilities in the future.>
The <name of organization> CA certificate will contain a validity period that is at least as long as that of any certificate being issued under that certificate. When <name of organization> CA changes keys, it will follow the procedures described in [RFC6489].
<Describe the procedures used to generate the CA key pair and, if applicable, key pairs for subscribers. In most instances, public-key pairs will be generated by the subscriber, i.e., the organization receiving the distribution of INRs. However, your procedures may include one for generating key pairs on behalf of your subscribers if they so request.>
<If the procedures in Section 6.1.1 include providing key pair generation services for subscribers, describe the means by which private keys are delivered to subscribers in a secure fashion. Otherwise, say this is not applicable.>
<Describe the procedures that will be used to deliver a subscriber's public keys to the <name of organization> RPKI CA. These procedures MUST ensure that the public key has not been altered during transit and that the subscriber possesses the private key corresponding to the transferred public key.> See RFC 6487 for details.
CA public keys for all entities (other than trust anchors) are contained in certificates issued by other CAs and will be published to the RPKI repository system. Relying parties will download these certificates from this system. Public key values and associated data for (putative) trust anchors will be distributed out of band and accepted by relying parties on the basis of locally defined criteria, e.g., embedded in path validation software that will be made available to the Internet community.
The key sizes used in this PKI are as specified in [RFC6485].
6.1.6. Public Key Parameter Generation and Quality Checking
The public key algorithms and parameters used in this PKI are as specified in [RFC6485].
<If the procedures in Section 6.1.1 include subscriber key pair generation, EITHER insert here text specifying that the subscriber is responsible for performing checks on the quality of its key pair and saying that <name of organization> is not responsible for performing such checks for subscribers OR describe the procedures used by the CA for checking the quality of these subscriber key pairs.>
The KeyUsage extension bit values employed in RPKI certificates are specified in [RFC6487].
Kent, et al. Best Current Practice [Page 30]
RFC 7382 Template CPS for the RPKI April 2015
6.2. Private Key Protection and Cryptographic Module Engineering Controls
6.2.1. Cryptographic Module Standards and Controls
<Describe the standards and controls employed for the CA cryptographic module, e.g., it was evaluated under FIPS 140-2/3, at level 2 or 3. See [FIPS] for details.>
6.2.2. Private Key (n out of m) Multi-Person Control
<If you choose to use multi-person controls to constrain access to your CA's private keys, then insert the following text. "There will be private key <insert here n> out of <insert here m> multi-person control.">
<Describe the procedures used for backing up your CA's private key. The following aspects should be included. (1) The copying should be done under the same multi-party control as is used for controlling the original private key. (2) At least one copy should be kept at an off-site location for disaster recovery purposes.>
6.2.6. Private Key Transfer into or from a Cryptographic Module
The private key for the <name of organization> production CA <if appropriate, change "production CA" to "production and offline CAs"> will be generated by the cryptographic module specified in Section 6.2.1. The private keys will never leave the module except in encrypted form for backup and/or transfer to a new module.
6.2.7. Private Key Storage on Cryptographic Module
The private key for the <name of organization> production CA <if appropriate, change "production CA" to "production and offline CAs"> will be stored in the cryptographic module. It will be protected from unauthorized use <say how here>.
<Because this PKI does not support non-repudiation, there is no need to archive public keys. If keys are not archived, say so. If they are, describe the archive processes and procedures.>
6.3.2. Certificate Operational Periods and Key Pair Usage Periods
The <name of organization> CA's key pair will have a validity interval of <insert number of years>. <These key pairs and certificates should have reasonably long validity intervals, e.g., 10 years, to minimize the disruption caused by key changeover. Note that the CA's key lifetime is under the control of its issuer, so the CPS MUST reflect the key lifetime imposed by the issuer.>
<Describe your security requirements for the computers used to support this PKI, e.g., requirements for authenticated logins, audit capabilities, etc. These requirements should be commensurate with those used for the computers used for managing distribution of INRs.>
<Describe the security management controls that will be used for the RPKI software and equipment employed by the CA. These security measures should be commensurate with those used for the systems used by the CAs for managing and distributing INRs.>
<Describe how the equipment (hardware and software) used for RPKI functions will be procured, installed, maintained, and updated. This should be done in a fashion commensurate with the way in which equipment for the management and distribution of INRs is handled.>
<Describe the network security controls that will be used for CA operation. These should be commensurate with the network security controls employed for the computers used for managing distribution of INRs.>
<List here any audit and other assessments used to ensure the security of the administration of INRs. These are sufficient for the RPKI systems. However, additional forms of security assessments are a good idea and should be listed if performed.>
<The sections below are optional. Fill them in as appropriate for your organization. The CP says that CAs should cover Sections 9.1 to 9.11 and 9.13 to 9.16, although not every CA will choose to do so. Note that the manner in which you manage your business and legal matters for this PKI should be commensurate with the way in which you manage business and legal matters for the distribution of INRs.>
The degree to which a relying party can trust the binding embodied in a certificate depends on several factors. These factors can include
o the practices followed by the Certification Authority (CA) in authenticating the subject
o the CA's operating policy, procedures, and technical security controls, including the scope of the subscriber's responsibilities (for example, in protecting the private key)
o the stated responsibilities and liability terms and conditions of the CA (for example, warranties, disclaimers of warranties, and limitations of liability)
This document provides a framework to address the technical, procedural, personnel, and physical security aspects of Certification Authorities, Registration Authorities, repositories, subscribers, and relying party cryptographic modules, in order to ensure that the certificate generation, publication, renewal, re-key, usage, and revocation are done in a secure manner. Specifically, the following sections are oriented towards ensuring the secure operation of the PKI entities such as CA, RA, repository, subscriber systems, and relying party systems:
Section 3 ("Identification and Authentication" (I&A)) Section 4 ("Certificate Life Cycle Operational Requirements") Section 5 ("Facility, Management, and Operational Controls") Section 6 ("Technical Security Controls") Section 7 ("Certificate and CRL Profiles") Section 8 ("Compliance Audit and Other Assessments")
[RFC6485] Huston, G., "The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure (RPKI)", RFC 6485, February 2012, <http://www.rfc-editor.org/ info/rfc6485>.
[FIPS] Federal Information Processing Standards Publication 140-3 (FIPS-140-3), "Security Requirements for Cryptographic Modules", Information Technology Laboratory, National Institute of Standards and Technology, Work in Progress.
[RFC3647] Chokhani, S., Ford, W., Sabett, R., Merrill, C., and S. Wu, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework", RFC 3647, November 2003, <http://www.rfc-editor.org/info/rfc3647>.
[RFC6489] Huston, G., Michaelson, G., and S. Kent, "Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)", BCP 174, RFC 6489, February 2012, <http://www.rfc-editor.org/info/rfc6489>.
Acknowledgments
The authors would like to thank Matt Lepinski for help with the formatting, Ron Watro for assistance with the editing, and other members of the SIDR working group for reviewing this document.
Authors' Addresses
Stephen Kent BBN Technologies 10 Moulton Street Cambridge, MA 02138 United States
Phone: +1 (617) 873-3988 EMail: skent@bbn.com
Derrick Kong BBN Technologies 10 Moulton Street Cambridge, MA 02138 United States
Phone: +1 (617) 873-1951 EMail: dkong@bbn.com
Karen Seo BBN Technologies 10 Moulton Street Cambridge, MA 02138 United States