Privacy enhancement for Internet electronic mail: Part II - certificate-based key management
RFC 1114

Document Type RFC - Historic (August 1989; No errata)
Obsoleted by RFC 1422
Authors John Linn  , Stephen Kent 
Last updated 2013-03-02
Stream Legacy
Formats plain text html pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 1114 (Historic)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                            S. Kent
Request for Comments:  1114                                        BBNCC
                                                                 J. Linn
                                                  IAB Privacy Task Force
                                                             August 1989

           Privacy Enhancement for Internet Electronic Mail:
              Part II -- Certificate-Based Key Management


   This RFC suggests a draft standard elective protocol for the Internet
   community, and requests discussion and suggestions for improvements.
   Distribution of this memo is unlimited.


   This RFC is the outgrowth of a series of IAB Privacy Task Force
   meetings and of internal working papers distributed for those
   meetings.  We would like to thank the members of the Privacy Task
   Force for their comments and contributions at the meetings which led
   to the preparation of this RFC: David Balenson, Curt Barker, Matt
   Bishop, Morrie Gasser, Russ Housley, Dan Nessett, Mike Padlipsky, Rob
   Shirey, and Steve Wilbur.

Table of Contents

   1.  Executive Summary                                               2
   2.  Overview of Approach                                            3
   3.  Architecture                                                    4
   3.1  Scope and Restrictions                                         4
   3.2  Relation to X.509 Architecture                                 7
   3.3  Entities' Roles and Responsibilities                           7
   3.3.1  Users and User Agents                                        8
   3.3.2  Organizational Notaries                                      9
   3.3.3  Certification Authorities                                   11  Interoperation Across Certification Hierarchy Boundaries  14  Certificate Revocation                                    15
   3.4  Certificate Definition and Usage                              17
   3.4.1  Contents and Use                                            17  Version Number                                            18  Serial Number                                             18  Subject Name                                              18  Issuer Name                                               19  Validity Period                                           19  Subject Public Component                                  20

Kent & Linn                                                     [Page 1]
RFC 1114              Mail Privacy: Key Management           August 1989  Certificate Signature                                     20
   3.4.2  Validation Conventions                                      20
   3.4.3  Relation with X.509 Certificate Specification               22
   NOTES                                                              24

1.  Executive Summary

   This is one of a series of RFCs defining privacy enhancement
   mechanisms for electronic mail transferred using Internet mail
   protocols.  RFC-1113 (the successor to RFC 1040) prescribes protocol
   extensions and processing procedures for RFC-822 mail messages, given
   that suitable cryptographic keys are held by originators and
   recipients as a necessary precondition.  RFC-1115 specifies
   algorithms for use in processing privacy-enhanced messages, as called
   for in RFC-1113.  This RFC defines a supporting key management
   architecture and infrastructure, based on public-key certificate
   techniques, to provide keying information to message originators and
   recipients.  A subsequent RFC, the fourth in this series, will
   provide detailed specifications, paper and electronic application
   forms, etc. for the key management infrastructure described herein.

   The key management architecture described in this RFC is compatible
   with the authentication framework described in X.509.  The major
   contributions of this RFC lie not in the specification of computer
   communication protocols or algorithms but rather in procedures and
   conventions for the key management infrastructure.  This RFC
   incorporates numerous conventions to facilitate near term
   implementation.  Some of these conventions may be superceded in time
   as the motivations for them no longer apply, e.g., when X.500 or
   similar directory servers become well established.

   The RSA cryptographic algorithm, covered in the U.S. by patents
   administered through RSA Data Security, Inc. (hereafter abbreviated
   RSADSI) has been selected for use in this key management system.
   This algorithm has been selected because it provides all the
   necessary algorithmic facilities, is "time tested" and is relatively
   efficient to implement in either software or hardware.  It is also
Show full document text