Privacy enhancement for Internet electronic mail: Part II - certificate-based key management
RFC 1114
| Document | Type |
RFC - Historic
(August 1989; No errata)
Obsoleted by RFC 1422
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 1114 (Historic) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group S. Kent
Request for Comments: 1114 BBNCC
J. Linn
DEC
IAB Privacy Task Force
August 1989
Privacy Enhancement for Internet Electronic Mail:
Part II -- Certificate-Based Key Management
STATUS OF THIS MEMO
This RFC suggests a draft standard elective protocol for the Internet
community, and requests discussion and suggestions for improvements.
Distribution of this memo is unlimited.
ACKNOWLEDGMENT
This RFC is the outgrowth of a series of IAB Privacy Task Force
meetings and of internal working papers distributed for those
meetings. We would like to thank the members of the Privacy Task
Force for their comments and contributions at the meetings which led
to the preparation of this RFC: David Balenson, Curt Barker, Matt
Bishop, Morrie Gasser, Russ Housley, Dan Nessett, Mike Padlipsky, Rob
Shirey, and Steve Wilbur.
Table of Contents
1. Executive Summary 2
2. Overview of Approach 3
3. Architecture 4
3.1 Scope and Restrictions 4
3.2 Relation to X.509 Architecture 7
3.3 Entities' Roles and Responsibilities 7
3.3.1 Users and User Agents 8
3.3.2 Organizational Notaries 9
3.3.3 Certification Authorities 11
3.3.3.1 Interoperation Across Certification Hierarchy Boundaries 14
3.3.3.2 Certificate Revocation 15
3.4 Certificate Definition and Usage 17
3.4.1 Contents and Use 17
3.4.1.1 Version Number 18
3.4.1.2 Serial Number 18
3.4.1.3 Subject Name 18
3.4.1.4 Issuer Name 19
3.4.1.5 Validity Period 19
3.4.1.6 Subject Public Component 20
Kent & Linn [Page 1]
RFC 1114 Mail Privacy: Key Management August 1989
3.4.1.7 Certificate Signature 20
3.4.2 Validation Conventions 20
3.4.3 Relation with X.509 Certificate Specification 22
NOTES 24
1. Executive Summary
This is one of a series of RFCs defining privacy enhancement
mechanisms for electronic mail transferred using Internet mail
protocols. RFC-1113 (the successor to RFC 1040) prescribes protocol
extensions and processing procedures for RFC-822 mail messages, given
that suitable cryptographic keys are held by originators and
recipients as a necessary precondition. RFC-1115 specifies
algorithms for use in processing privacy-enhanced messages, as called
for in RFC-1113. This RFC defines a supporting key management
architecture and infrastructure, based on public-key certificate
techniques, to provide keying information to message originators and
recipients. A subsequent RFC, the fourth in this series, will
provide detailed specifications, paper and electronic application
forms, etc. for the key management infrastructure described herein.
The key management architecture described in this RFC is compatible
with the authentication framework described in X.509. The major
contributions of this RFC lie not in the specification of computer
communication protocols or algorithms but rather in procedures and
conventions for the key management infrastructure. This RFC
incorporates numerous conventions to facilitate near term
implementation. Some of these conventions may be superceded in time
as the motivations for them no longer apply, e.g., when X.500 or
similar directory servers become well established.
The RSA cryptographic algorithm, covered in the U.S. by patents
administered through RSA Data Security, Inc. (hereafter abbreviated
RSADSI) has been selected for use in this key management system.
This algorithm has been selected because it provides all the
necessary algorithmic facilities, is "time tested" and is relatively
efficient to implement in either software or hardware. It is also
Show full document text