x509 Gatekeeper Certificate and CRL Profile

advertisement
Ar
c
hi
ve
d
Gatekeeper PKI Framework
February 2009
X.509 Certificate
and
Certificate Revocation List Profiles
ve
d
hi
Ar
c
Department of Finance and Deregulation
Australian Government Information Management Office
© Commonwealth of Australia 2009
This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any
process without prior written permission from the Commonwealth.
Requests and inquiries concerning reproduction and rights should be addressed to the Commonwealth Copyright
Administration, Attorney-General’s Department, Robert Garran Offices, National Circuit, Barton ACT 2600 or posted at
http://www.ag.gov.au/cca
2
X.509 Certificate and CRL Profiles
February 2009
CONTENTS
3.
Background..................................................................................................................4
1.2
Scope ............................................................................................................................5
1.3
References....................................................................................................................5
1.4
Definitions ...................................................................................................................6
1.5
Acronyms and abbreviations .....................................................................................7
1.6
Conformance ...............................................................................................................8
1.7
Document structure ...................................................................................................8
ve
d
1.1
CERTIFICATE PROFILE............................................................................................................8
2.1
General.........................................................................................................................8
2.2
Certificate fields ..........................................................................................................9
2.3
Certificate extensions...............................................................................................11
hi
2.
INTRODUCTION ....................................................................................................................4
CRL PROFILE .........................................................................................................................16
Ar
c
1.
3.1
CRL fields ....................................................................................................................16
3.2
CRL extensions...........................................................................................................17
3.3
CRL entry extensions.................................................................................................18
APPENDIX A : PROFILE SUMMARIES ...........................................................................................20
A1
Required Capability...................................................................................................20
APPENDIX B : DIVERGENCE FROM AS4539.1.2.1 (2001) .............................................................23
B1
General.......................................................................................................................23
B2
Certificate Profile Differences..................................................................................23
B3
CRL Profile Differences..............................................................................................26
3
X.509 Certificate and CRL Profiles
February 2009
1. INTRODUCTION
1.1
Background
The Australian Government’s vision is to make greater use of Information and Communications
Technology (ICT) to enable a transformation of the business of government. A critical element of
enabling electronic service delivery is having the means to authenticate and secure online Transactions.
Choice of service models will be available but increasingly individuals and businesses are choosing to
utilise electronic authentication to participate in electronic Transactions.
Simplified sign-on procedures to access connected government services in an environment of privacy and
security may reduce the cost and complexity of interacting with government.
ve
d
One of the initiatives taken by Government to achieve this vision has been the development of a revised
Gatekeeper Framework for the use of PKI by citizens and business in their interactions with government.
The Framework:
Facilitates the deployment of a broader range of digital certificates designed to meet specific
business requirements of agencies and their clients.
•
Facilitates adoption of a risk management approach aligned to the National e-Authentication
Framework (NeAF) and Government Security Standards.
•
Facilitates increased use of PKI by both business and the broader community through reducing
the cost and complexity of producing, acquiring and using digital certificates.
•
Fosters a competitive market for digital certificates.
Ar
c
hi
•
A copy of the Framework can be found at: http://www.gatekeeper.gov.au
The Framework comprises three certificate categories – Special, General and High Assurance for
individuals and businesses. These categories are broadly aligned to the four levels of risk in the NeAF
which can be found at http://www.finance.gov.au/e-government/security-andauthentication/authentication-framework.html.
The Framework is characterised by flexibility in Evidence of Identity (EOI) requirements and the ability of
Relying Parties to readily distinguish between EOI models and EOI assurance levels within those models.
All certificates issued under the Framework will be X.5091 compliant and will be issued by Gatekeeper
Accredited / Recognised Certification Authorities (CAs) or Gatekeeper accredited Registration Authority
Extended Services (RAES).
1
X.509 is an International Telecommunication Union Telecommunication Standardization Sector (ITU-T) standard for Public Key
Infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates and a certification path validation
algorithm.
4
X.509 Certificate and CRL Profiles
February 2009
Based on risk assessments, agencies will select the type of certificates appropriate for their clients to use
in conducting online Transactions.
1.2
Scope
This document provides a recommended profile for Certificates and Certificate Revocation Lists issued by
Gatekeeper Accredited/Recognised Certification Authorities (CAs). Implementation guidance is provided
for CAs and certificate processing entities.
Conformance with, or divergence from AS4539.1.2.1-2001 (Information Technology – PKAF – General) is
documented for each certificate field. Where appropriate, reasons for making a particular
recommendation are also provided.
References
AS 4539
Australian Standard AS 4539
AS4539.
1.2.12001
ve
d
Information technology—Public Key Authentication Framework
(PKAF)
Information Technology—Public Key Authentication Framework
(PKAF) Part 1.2.1: General – X.509 Certificate and Certificate
Revocation Lists (CRL) profile
hi
AS4539.1 Information Technology—Public Key Authentication Framework
.2.2-2001 (PKAF) Part 1.2.2: General—PICs Proforma For Digital Signature
Certificates
Ar
c
1.3
AS4539.1 Information Technology—Public Key Authentication Framework
.2.3-2001 (PKAF) Part 1.2.3: General—PICS Proforma for
Certificate Revocation Lists (CRL)
AS
4539.1.31999
Information Technology - Public Key Authentication Framework
(PKAF) - General - X.509 supported algorithms profile
GS-1998
Gatekeeper A strategy for public key technology use in the
Government Office of Government Information Technology, The
Commonwealth of Australia, 6 May 1998. ISBN 0 642 32032 2
MP 59 –
2000
Naming and addressing in the Australian OSI environment,
RFC
2459
IETF RFC 2459
Standards Australia miscellaneous publication, Third edition, 2000.
Internet X.509 Public Key Infrastructure Certificate and CRL Profile
5
X.509 Certificate and CRL Profiles
February 2009
RFC
2560
IETF RFC 2560
X.509 Internet Public key Infrastructure Online Certificate Status
Protocol - OCSP
X.509
ITU-T Recommendation X.509 | ISO/IEC 9594-8:
Information Technology – Open Systems Interconnection – The
Directory: Public Key and Attribute Certificate Frameworks.
Definitions
A certificate issued to a Gatekeeper accredited Certification
Authority that is part of the PKAF.
Conforming
application
An application that can process conforming certificates and
CRLs, and may process other certificates or CRLs.
Conforming CA
A CA that issues conforming certificates and CRLs.
Conforming CA
certificate
A CA or External Domain certificate that conforms to this
profile.
Conforming
certificate
A certificate that conforms to this profile.
Conforming CRL
A Certification Revocation List that conforms to this profile.
EE certificate
A certificate issued by a Gatekeeper accredited CA to an End
Entity (EE).
hi
ve
d
CA certificate
Ar
c
1.4
External domain
certificate
A certificate issued to a CA outside of the PKAF, but which is
considered useable by applications within the PKAF.
Gatekeeper
Policy
Committee
The Committee established by the Department of Finance
and Deregulation (Finance) to provide a forum for the
discussion, development and endorsement of
recommendations to the Gatekeeper Competent Authority
for policy and administrative changes to the Gatekeeper
accreditation and recognition programs.
6
X.509 Certificate and CRL Profiles
February 2009
An entity responsible for approval of policy and monitoring
compliance for a PKAF.
Within the Gatekeeper infrastructure, the Policy Approval
Authority is the General Manager, Australian Government
Information Management Office, acting on the
recommendations of the Gatekeeper Policy Committee.
Policy Creation
Authority
An entity delegated by a Policy Approving Authority (PAA)
for the creation of certificate policy(ies) as part of a
hierarchical implementation of a PKAF.
Acronyms and abbreviations
Australian Government Information Management Office
ASN.1
Abstract Syntax Notation One
CA
Certification Authority
CRL
Certificate Revocation List
DN
Distinguished Name
EE
End Entity (i.e. Subscriber – either individual or organisation))
EOI
Evidence Of Identity
GPC
IETF
ISO
hi
ve
d
AGIMO
Ar
c
1.5
Policy Approval
Authority
Gatekeeper Policy Committee
Internet Engineering Task Force
International Organization for Standardization
OID
Object Identifier
PAA
Policy Approval Authority
PCA
Policy Creation Authority
PKAF
Public Key Authentication Framework
RFC
Request For Comment
SHA-1
Secure Hash Algorithm
7
X.509 Certificate and CRL Profiles
February 2009
1.6 Conformance
An implementation conforming to this profile shall also conform to AS4539.1.2.1-2001.
1.7 Document structure
This document follows a similar structure to that of AS4539.1.2.1-2001 on which it is based.
• Section 2 describes the recommended Gatekeeper Certificate Profile2.
• Section 3 describes the recommended Gatekeeper CRL profile.
• Appendix A provides a summary of the requirements for the inclusion of elements in conforming
certificates and CRLs, and required processing for conforming applications.
• Appendix B describes where this profile differs from the recommendations of AS4539.1.2.1-2001, for
2. CERTIFICATE PROFILE
2.1 General
ve
d
each field in the certificate and CRL.
hi
All certificate fields must conform to AS4539.1.2.1-2001. However, this document imposes further
restrictions and interpretations on some fields.
Ar
c
If the recommendation for a field remains unchanged from the standard, this is indicated by a
reference to the standard at the end of the clause describing the field. If no reference is provided, the
field diverges from the draft standard and a description of this divergence is provided in Appendix B.
The recommendations for some fields include additional recommendations to those of the standard.
In these cases, this is indicated by prefixing the additional recommendations with “In addition”.
Unless otherwise specified, the recommendations of this certificate profile shall apply to all
conforming certificates (i.e. CA, EE).
2
Note that under the Gatekeeper PKI Framework scope exists for the development of a range of Supplementary Certificates and also for
the issuance of tailored certificates within the Special Category for operation within defined Communities of Interest. Accordingly,
this document will only apply to certificates issued within the General and High Assurance categories of the Framework.
8
X.509 Certificate and CRL Profiles
February 2009
2.2
2.2.1
Certificate fields
Version
The version generated by conforming CAs shall be V3 as all certificates in this profile contain at least one
extension. Conforming applications shall accept V3 certificates and should accept V1 and V2 certificates.
[AS4539.1.2.1-2001.
[Note that ASN.1 notation starts from zero, so V3 has a value of 2].
2.2.2
Serial number
serialNumber is an integer assigned by the CA to each certificate.
2.2.3
Signature
ve
d
The value of serialNumber shall be unique for each certificate issued by a given CA (ie. the issuer (CA)
name and serial number shall identify a unique certificate). The value of serialNumber should be a
positive integer. [AS4539.1.2.1-2001]
signature identifies the algorithm identifier for the algorithm used by the CA to sign the certificate.
hi
The signature field shall be identical to the algorithmIdentifier field of the SIGNATURE macro defined
in X.509. The algorithms used should be identified using the OIDs and syntax given in Part 1.3: General –
X.509 supported algorithms profile.
Ar
c
Where signature algorithm parameters are required, they shall be included in PAA and External Domain
certificates. They shall be included in other conforming certificates if the subject’s parameters differ from
the certificate issuer’s, or if the issuer uses a different signing algorithm.
If the signature parameters are absent they shall be determined from the certificate issuer’s signature
parameters. [AS4539.1.2.1-2001]
In addition:
Certificates conforming to this profile must support specific encryption and hashing algorithms
depending on the purpose of the certificate (authentication certificate or confidentiality certificate). The
algorithms which must be supported are published independently of this profile at
www.gatekeeper.gov.au and also in ISM at www.dsd.gov.au.
2.2.4
Issuer
issuer identifies the entity (ie CA) that has signed and issued the certificate.
The issuer field shall contain a non-empty Distinguished Name (DN) conforming to Clause 4.1.2.4 of
RFC2459. [AS4539.1.2.1-2001]
9
X.509 Certificate and CRL Profiles
February 2009
The structure of the Issuer’s DN shall conform to MP 59 – 2000.
2.2.5
Validity
validity is the time interval during which the CA warrants that it will maintain information about the
status of the certificate.
Conforming certificates shall encode certificate validity times as specified in Clause 4.1.2.5 of RFC2459.
[AS4539.1.2.1-2001]
Clause 4.1.2.5 of the RFC specifies:
The field is represented as a sequence of two dates: the date on which the certificate validity
period begins (notBefore) and the date on which the certificate validity period ends (notAfter).
Both notBefore and notAfter may be encoded as UTCTime or GeneralizedTime.
●
CAs conforming to this profile MUST always encode certificate validity dates through the year
2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as
GeneralizedTime.
2.2.6
ve
d
●
Subject
subject identifies the entity associated with the public-key found in the subject public key field.
hi
The subject field shall contain a Distinguished Name (DN) conforming to Clause 4.1.2.6 of RFC2459.
[AS4539.1.2.1-2001]
2.2.7
Ar
c
The structure of the Subject’s DN shall conform with MP 59 – 2000.
Subject public key info
subjectPublicKeyInfo is used to carry the subject’s public key and identify the algorithm with which
the key is used.
For PAA and External Domain certificates, the sub-field algorithmIdentifier shall include the
algorithm parameters when required by the algorithm.
Conforming certificates shall use the public key algorithms published at at www.gatekeeper.gov.au
and also in ISM at www.dsd.gov.au.
2.2.8
Unique identifiers
The issuerUniqueIdentifier and subjectUniqueIdentifier extensions are used to uniquely identify
issuers and subjects in the case of name re-use.
Conforming certificates shall not contain these unique identifiers. Conforming applications should be
capable of processing these unique identifiers. [AS4539.1.2.1-2001]
10
X.509 Certificate and CRL Profiles
February 2009
2.3
2.3.1
Certificate extensions
General
A certificate extension consists of an extension identifier in the form of an OID, a criticality flag, and a
canonical encoding of a data value of the ASN.1 type associated with the identified extension.
AS4539.1.2.1-2001 defines a number of standard certificate extensions for use within PKAF certificates,
and also allows private extensions to be defined and used by communities to carry information unique
to their purposes.
2.3.2
Standard extensions
2.3.2.1
Authority key identifier
ve
d
In accordance with AS4539.1.2.1-2001 there should be no more than one instance of any particular
certificate extension in a certificate. Conforming applications shall recognise all standard extensions in
this profile that may be marked critical, and should recognise other non-critical extensions defined in
this profile. Conforming applications shall reject a certificate if they encounter a critically marked but
unrecognised certificate extension. An unrecognised certificate extension may be ignored if it is marked
non-critical.
hi
The authorityKeyIdentifier extension identifies the public key to be used to verify the signature in this
certificate. It enables distinct keys used by the same CA to be distinguished (eg. as key updating occurs).
2.3.2.2
Ar
c
Conforming certificates shall identify the key in the keyIdentifier field in the certificate extension. The
value of the keyIdentifier field should be 64 bits OCTET STRING. This is constructed by the 60 least
significant bits of a SHA-1 hash of the DER-encoding of the subjectPublicKeyInfo of the signing CA’s
certificate, prefixed by the hexadecimal value of 0x4 (0100 in binary). This extension shall be present in
EE, CA, PCA and External Domain certificates, and shall not be marked critical. [AS4539.1.2.1-2001]
Subject key identifier
The subjectKeyIdentifier extension identifies the public key being certified. It enables distinct keys used
by the same subject to be differentiated (e.g. as key updating occurs).
Conforming certificates shall identify the key using the keyIdentifier field as described in Clause 4.2.1.2
of RFC2459. The subject key identifier shall be identical to the authority key identifier extension in any
certificates issued by a CA using the identified public key.
This extension shall be present in all conforming certificates, and shall not be marked critical.
[AS4539.1.2.1-2001]
2.3.2.3
Key usage
The keyUsage extension defines the purpose (e.g. encipherment, signature, certificate signing) of the key
contained in the certificate. Recommendations for key usage are contained within AS 4539.1.3.
11
X.509 Certificate and CRL Profiles
February 2009
This extension shall be included in EE certificates, and should be included in PCA, CA and External
Domain certificates. It should only be included in PAA certificates where the PAA has multiple signature
certificates, each for a different purpose. Conforming applications shall use this extension to constrain
the keying material in the certificate to a specific purpose. The extension should be marked critical.
[AS4539.1.2.1-2001]
2.3.2.4
Certificate policies
The certificatePolicies extension contains one or more of the policy information terms, each of which
consists of an OID and optional qualifiers. These policy information terms indicate the policy under
which the certificates have been issued and the purposes for which the certificates may be used.
2.3.2.5
ve
d
This extension shall be present in PCA, CA, EE and External Domain certificates. Optional qualifiers may
be present, however, these qualifiers should be restricted to those defined in Clause 4.2.1.5 of RFC2459.
This extension is optional in PAA certificates, because to limit the subordinate authorities, the PAA need
only include the extension in the subordinate authority’s certificate. Conforming applications with
specific policy requirements shall have a list of those policies that they will accept. The extension may or
may not be marked critical. [AS4539.1.2.1-2001]
Policy mappings
hi
The policyMappings extension allows a certificate issuer to indicate that, for the purposes of the user of
a certification path containing this certificate, one of the issuer’s certificate policies can be considered
equivalent to a different certificate policy used in the subject CA’s domain.
2.3.2.6
Ar
c
This extension shall be included in External Domain certificates, but shall not be included in EE
certificates. It may be included in PAA, PCA or CA certificates. Conforming applications shall support this
extension. The extension shall not be marked critical. [AS4539.1.2.1-2001]
Subject alternative name
The subjectAltName extension contains one or more alternative names, using any of a variety of name
forms, for the entity that is bound by the CA to the certified public key. If present, alternative names
should be considered just as binding as the subject DN.
Conforming certificates that include the subjectAltName extension shall also conform to the
requirements in Clause 4.2.1.7 of RFC2459.
This extension may be present in any conforming certificate. The extension shall not be marked critical.
2.3.2.7
Issuer alternative name
The issuerAltName extension contains one or more alternative names, using any of a variety of name
forms, for the certificate issuer.
12
X.509 Certificate and CRL Profiles
February 2009
Conforming certificates that include the issuerAltName extension shall also conform to the
requirements in Clause 4.2.1.7 of RFC2459.
This extension may be present in any conforming certificate. The extension shall not be marked critical
[AS4539.1.2.1-2001].
2.3.2.8
Subject directory attributes
The subjectDirectoryAttributes extension conveys any desired Directory attribute values for the subject
of the certificate.
It may be present in any conforming certificate. The extension shall not be marked critical. [AS4539.1.2.12001]
2.3.2.9
Basic constraints
ve
d
The precise purpose of this extension is somewhat ambiguous, so caution is recommended if it is used, in
order to avoid incompatibilities with applications.
hi
The basicConstraints extension indicates if the subject may act as a CA, with the certified public key
being used to verify certificate signatures. If so, an optional path length constraint field can be specified
to indicate the maximum number of CA certificates that may follow this certificate in the certification
path. For example, a value of zero indicates that the CA can only issue EE certificates. If there is no path
length constraint, it indicates that there is no restriction on the length of the certification path.
2.3.2.10
Ar
c
This extension should be included in PAA certificates and shall be included in PCA, CA and External
Domain certificates with the cA field set to the value TRUE. Where it appears the pathLenConstraint
field shall be greater than or equal to zero. This extension should not be included in EE certificates. If the
extension is included PCA, CA and External Domain certificates it shall be marked critical. If the extension
is set in a PAA certificate it shall be marked non-critical. [AS4539.1.2.1-2001]
Name constraints
The nameConstraints extension, which shall be used only in a CA certificate, indicates a name space
within which all subject names in subsequent certificates in a certification path shall be located.
Conforming certificates that include the nameConstraints extension shall conform to the requirements
in Clause 4.2.1.11 of RFC2459.
This extension may be present in PAA, PCA, CA and External Domain certificates. It shall not be present in
EE Certificates. If present, the extension shall be marked critical. [AS4539.1.2.3-2001]
2.3.2.11
Policy constraints
The policyConstraints extension specifies constraints that may require explicit certificate policy
identification or inhibit policy mapping for the remainder of the certification path.
13
X.509 Certificate and CRL Profiles
February 2009
Conforming certificates that include the policyConstraints extension shall also conform to the
requirements in Clause 4.2.1.12 of RFC2459. [AS4539.1.2.1-2001]
This extension shall be included in PAA certificates with the requireExplicitPolicy field set to zero,
requiring each subsequent certificate in a chain to include policy identifier. It may be included in any
other conforming CA certificate. It shall be processed by any conforming application. The extension may
be marked critical.
2.3.2.12
CRL distribution points
The cRLDistributionPoints extension identifies how CRL information should be obtained.
Conforming certificates that include the cRLDistributionPoints extension shall also conform to the
requirements in Clause 4.2.1.14 of RFC2459.
2.3.2.13
ve
d
This extension may be included in any conforming certificate. It should be processed by any conforming
application. The extension should not be marked critical. [AS4539.1.2.1-2001]
Extended key usage
The extKeyUsage extension indicates one or more purposes for which the certified public key may be
used, in addition to or in place of the basic purposes indicated in the key usage extension field.
Private key usage period
Ar
c
2.3.2.14
hi
This extension may be included in any conforming certificate. It should be processed by conforming
applications. The extension shall be marked non-critical.
The privateKeyUsagePeriod extension allows the certificate issuer to specify a different validity period
for the Private Key than the certificate. The extension is intended for use with digital signature keys.
This extension consists of two optional components, notBefore and notAfter. The private key
associated with the certificate should not be used to sign objects before or after the times specified by
the two components, respectively. [RFC 2459]
Where used, notBefore and notAfter are represented as GeneralizedTime and shall be specified and
interpreted as defined in section 4.1.2.5.2 of RFC 2459.
The use of this extension is not recommended, but conforming certificates may include the extension if
the certificate is intended for use with digital signature keys. It should be processed by conforming
applications. If this extension is present, the notBefore and notAfter fields within the extension must
be specified. The extension shall not be marked critical.
14
X.509 Certificate and CRL Profiles
February 2009
2.3.3
Other certificate extensions
2.3.3.1
Authority information access
The authority information access extension indicates how to access CA information and services for the
issuer of a certificate. Information and services may include on-line validation services (i.e. through an
Online Certificate Status Protocol (OCSP) transponder) and CA policy data.
Conforming certificates that include the authority information access extension shall also conform to
the requirements in Clause 4.2.2.1 of RFC2459.
This extension may be included in any conforming certificate. It shall not be marked critical.
[AS4539.1.2.1-2001]
2.3.4
Future standard extensions
2.3.4.1
Inhibit any policy
ve
d
This section identifies some of the possible new future standard extensions that are specified in X.509
and recent IETF draft PKIX profiles. These extensions may eventually be included as part of the PKIX
certificate profile.
hi
The inhibitAnyPolicy extension conveys policy information that is similar in purpose to the
policyConstraints extension. It further defines the way a PKI user may interpret the issuing CA’s
policies.
Ar
c
This extension indicates that the special anypolicy OID is not considered to be an explicit match for other
certificate policies for all certificates in the certification path starting with a nominated CA [X.509].
If this extension is present, it shall be marked critical. Conforming applications should support and
process this certificate extension.
2.3.4.2
Freshest CRL (delta CRL distribution point)
The freshestCRL extension indicates how the delta CRL information can be obtained. It has the same
syntax as the cRLDistributionPoint extension.
Since the purpose and syntax for delta CRL Distribution point is similar to the cRLDistributionPoint
extension, it should have the same requirements. Specifically, this extension may be included in any
conforming certificate. It should be processed by conforming applications. The extension shall be
marked non-critical.
15
X.509 Certificate and CRL Profiles
February 2009
3.
3.1
3.1.1
CRL PROFILE
CRL fields
Version
version is the version of the encoded revocation list.
Conforming CAs shall generate CRLs with the version field set to V2 as all CRLs in this profile contain at
least one extension. Conforming applications shall process V2 CRLs.
3.1.2
Signature
signature identifies the algorithm used by the CA to sign the revocation list.
ve
d
The signature field shall be identical to the algorithmIdentifier field of the SIGNATURE macro defined
in X.509. The algorithms used should be identified using the OIDs and syntax given in Part 1.3: General –
X.509 supported algorithms profile.
3.1.3
Issuer name
hi
The parameters sub-field of the CRL signature field should not be used to pass signature algorithm
parameters; rather these parameters should be obtained from the subjectPublicKeyInfo field of the CRL
issuer’s certificate. [AS4539.1.2.1-2001]
Ar
c
issuer identifies the entity (eg CA) that has signed and issued the revocation list.
The issuer field shall contain a non-empty Distinguished Name (DN) conforming to Clause 4.1.2.4 of
RFC2459. [AS4539.1.2.1-2001]
3.1.4
This update
thisUpdate is the date/time that this CRL was issued.
Conforming CRLs shall encode times for the thisUpdate field as specified in Clause 4.1.2.5 of RFC2459.
[AS4539.1.2.1-2001]
3.1.5
Next update
nextUpdate indicates the time by which the next revocation list in this series will be issued. The next
revocation list could be issued before the indicated date, but it will not be issued any later.
Conforming CRLs shall encode times for the nextUpdate field as specified in Clause 4.1.2.5 of RFC2459.
This field shall be included in all conforming CRLs. [AS4539.1.2.1-2001]
16
X.509 Certificate and CRL Profiles
February 2009
3.1.6
Revoked certificates
revokedCertificates identifies certificates that have been revoked. The revoked certificates are named
by their serial numbers.
The time for the revocationDate sub-field shall be encoded as specified in Clause 4.1.2.5 of RFC2459.
If there are no unexpired, revoked certificates, this field may be empty; otherwise conforming CRLs shall
include this element. [AS4539.1.2.1-2001]
3.2
CRL extensions
3.2.1
General
3.2.2
ve
d
Conforming applications shall recognise all extensions listed in this profile that may appear in
conforming CRLs, and that may be marked critical. Conforming applications should recognise other noncritical extensions listed in this profile that may appear in conforming certificates.
Authority key identifier
The authorityKeyIdentifier extension identifies the public key to be used to verify the signature in this
CRL. It enables distinct keys used by the same CRL issuer to be distinguished (e.g. as key updating occurs).
hi
The value for the authorityKeyIdentifier field shall be generated in accordance with the clause for
standard certificate extension authorityKeyIdentifier.
3.2.3
Ar
c
This extension shall be included in all conforming CRLs. It shall not be marked critical. [AS4539.1.2.1-2001]
Issuer alternative name
The issuerAltName extension contains one or more alternative names, using any of a variety of name
forms, for the certificate issuer.
Conforming certificates that include the issuerAltName extension shall also conform to the
requirements in Clause 4.2.1.7 of RFC2459.
This extension may be included in conforming CRLs. The extension shall not be marked critical.
[AS4539.1.2.1-2001]
3.2.4
CRL number
The cRLNumber extension conveys an increment by 1 the sequence number for each CRL issued by a
given CRL issuer through a given authority directory attribute or CRL distribution point. It allows a CRL
user to detect whether CRLs issued prior to the one being processed were also seen and processed.
17
X.509 Certificate and CRL Profiles
February 2009
This extension shall be included in all conforming CRLs. The extension shall not be marked critical.
[AS4539.1.2.1-2001]
3.2.5
Delta CRL indicator
The deltaCRLIndicator is a critical CRL extension that identifies a CRL as being a delta CRL. Delta CRLs
contain updates to revocation information previously distributed, rather than all the information that
would appear in a complete CRL. The use of delta CRLs can significantly reduce network load and
processing time in some environments. Delta CRLs are generally smaller than the CRLs they update, so
applications that obtain delta CRLs consume less network bandwidth than applications that obtain the
corresponding complete CRLs. Applications which store revocation information in a format other than
the CRL structure can add new revocation information to the local database without reprocessing
information. [RFC 2459]
ve
d
When a conforming CA issues a delta CRL, the CA MUST also issue a CRL that is complete for the given
scope. Both the delta CRL and the complete CRL MUST include the CRL number extension (see sec. 3.2.4
above). The CRL number extension in the delta CRL and the complete CRL MUST contain the same value.
When a delta CRL is issued, it MUST cover the same set of reasons and same set of certificates that were
covered by the base CRL it references. [RFC 2459]
3.2.6
hi
If a conforming CRL is a delta CRL, then it shall include this extension and shall be marked critical. A
complete CRL may or may not include the extension. If this extension is present in a complete CRL, then
it may be marked critical or non-critical.
Issuing distribution point
Ar
c
The issuingDistributionPoint extension identifies the CRL distribution point for a CRL, and indicates if
the CRL is limited to revocations for EE certificates only, for authority certificates only, or for a limited set
of reasons only. The CRL is signed by the CRL issuer’s key — CRL distribution points do not have their own
key pairs. However, for a CRL distributed via an X.500 Directory, the CRL is stored in the entry of the CRL
distribution point, which may not be the directory entry of the CRL issuer.
Conforming CRLs that include this extension shall also conform to Clause 5.3 of RFC2459.
This extension may be included in any conforming CRL. The extension shall be marked critical.
[AS4539.1.2.1-2001]
3.3
3.3.1
CRL entry extensions
Reason code
The reasonCode extension identifies a reason for the certificate revocation. The reason code may be
used by applications to decide, based on local policy, how to react to posted revocations.
18
X.509 Certificate and CRL Profiles
February 2009
Conforming CRLs should include a reasonCode extension3. However, CAs should not generate CRLs with
the reasonCode extension set to the value unspecified, but should omit the reasonCode entry
extension if the reason is not known. The extension shall not be marked critical. [AS4539.1.2.1-2001]
3.3.2
Hold instruction code
The holdInstructionCode extension provides for inclusion of a registered instruction identifier to
indicate the action to be taken on encountering a held certificate.
Conforming CRLs that include a holdInstructionCode extension shall also conform to Clause 5.3.2 of
RFC2459.
Conforming CRLs that include a holdInstructionCode shall also include a reasonCode extension with
the value set to certificateHold. Conforming CRLs shall not contain a holdInstructionCode extension
with the OID id-holdinstruction-none. The extension shall not be marked critical. [AS4539.1.2.1-2001]
Invalidity date
ve
d
3.3.3
The invalidityDate extension indicates the date at which it is known or suspected that the private key
was compromised or that the certificate should otherwise be considered invalid. This date may be earlier
than the revocation date in the CRL entry, which is the date at which the authority processed the
revocation.
hi
Conforming CRLs that include an invalidityDate extension shall also conform to Clause 5.3.3 of RFC2459.
3.3.4
Ar
c
Conforming CRLs should include an invalidityDate extension where this information is available. The
extension shall not be marked critical. [AS4539.1.2.1-2001]
Certificate issuer
The certificateIssuer extension identifies the certificate issuer associated with an entry in an indirect
CRL, ie. a CRL that has the indirectCRL indicator set in its issuingDistributionPoint extension. If this
extension is not present on the first entry in an indirect CRL, the certificate issuer defaults to the CRL
issuer. On subsequent entries in an indirect CRL, if this extension is not present, the certificate issuer for
the entry is the same as that for the preceding entry.
This extension may be included in any conforming CRL. The extension shall be marked critical.
[AS4539.1.2.1-2001]
3
Gatekeeper privacy requirements preclude the publication of reasons for certificate revocation hence this extension should not be
included.
19
X.509 Certificate and CRL Profiles
February 2009
APPENDIX A : PROFILE SUMMARIES
A1
Required Capability
The following classifications are used to specify the requirements for inclusion of elements in
conforming certificates and CRLs, and required processing for conforming applications:
(m) Mandatory Conforming certificates shall include this element. Conforming applications
shall process this element.
●
(r) Recommended Conforming certificates should include this element. Conforming
applications should process this element
●
(o) Optional Conforming certificates may include this element. Conforming applications may
process this element.
●
(n) Not recommended Conforming certificates should not include this element. Conforming
applications should reject a certificate that contains this element.
●
(x) Prohibited Conforming certificates shall not include this element. Conforming
applications shall reject a certificate that contains this element.
●
(-) Not applicable The element is not applicable in the particular context in which the
classification is used.
hi
ve
d
●
Clause
Ar
c
Table 1 - Required Capability for certificate fields
Certificate
Field/Extension
Standard Fields
Inclusion
(c) = extn to be marked critical
if it is present
PAA
PCA
CA
EE
Ext.
Dom.
Application
support
2.2.1
version
m
m
m
m
m
m
2.2.2
serialNumber
m
m
m
m
m
m
2.2.3
signature
m
m
m
m
m
m
2.2.4
issuer
m
m
m
m
m
m
2.2.5
validity
m
m
m
m
m
m
2.2.6
subject
m
m
m
m
m
m
2.2.7
subjectPublicKeyInfo
m
m
m
m
m
m
2.2.8
issuerUniqueIdentifier
x
x
x
x
x
r*
20
X.509 Certificate and CRL Profiles
February 2009
Clause
Certificate
Field/Extension
Inclusion
(c) = extn to be marked critical
if it is present
PAA
PCA
CA
EE
Ext.
Dom.
Application
support
2.2.8
subjectUniqueIdentifier
x
x
x
x
x
r*
2.3
extensions
m
m
m
m
m
m
* Conforming applications should support this field, but are not required to process the
information contained within it
Standard Extensions
authorityKeyIdentifier
o
m
m
m
m
m
2.3.2.2
subjectKeyIdentifier
m
m
m
m
m
m
2.3.2.3
keyUsage
o
r(c)
r(c)
m(c)
r(c)
m
2.3.2.4
certificatePolicies
o
m
m
m
m
m
2.3.2.5
policyMappings
o
o
o
x
m
m
2.3.2.6
subjectAltName
o
o
o
o
o
m
2.3.2.7
issuerAltName
o
o
o
o
o
m
2.3.2.8
subjectDirectoryAttributes
n
n
n
n
o
o
2.3.2.9
basicConstraints
2.3.2.10
nameConstraints
2.3.2.11
policyConstraints
m
2.3.2.12
cRLDistributionPoints
2.3.2.13
hi
ve
d
2.3.2.1
m(c)
m(c)
n
m(c)
m
o(c)
o(c)
o(c)
x
o(c)
m
o
o
x
o
m
o
o
o
o
o
r
ExtKeyUsage
o
o
o
o
o
r
2.3.2.14
privateKeyUsagePeriod
o
o
o
o
o
r
2.3.3.1
authorityInformationAccess
o
o
o
o
o
o
o(c)
o(c)
o(c)
o(c)
o(c)
r
o
o
o
o
o
r
Ar
c
r
Future standard extensions
2.3.4.1
inhibitAnyPolicy
2.3.4.2
freshestCRL
21
X.509 Certificate and CRL Profiles
February 2009
Table 2 - Required Capability for CRL fields
Clause
CRL Field/Extension
Inclusion
Application
support
version
m
m
signature
m
m
issuer
m
m
thisUpdate
m
m
nextUpdate
m
m
revokedCertificates
o
m
m
m
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
CRL Extensions
3.2.3
3.2.4
3.2.5
3.2.6
authorityKeyIdentifier
issuerAltName
o
o
m
m
m(c) for delta CRLs
o for complete CRLs
m
o
m
reasonCode
r
r
holdInstructionCode
o
o
invalidityDate
r
o
certificateIssuer
o
m
cRLNumber
Ar
c
3.2.2
hi
3.1.1
ve
d
CRL
deltaCRLIndicator
issuingDistributionPoint
CRL Entry Extensions
3.3.1
3.3.2
3.3.3
3.3.4
22
X.509 Certificate and CRL Profiles
February 2009
APPENDIX B : DIVERGENCE FROM AS4539.1.2.1 (2001)
B1
General
This recommendation profiles Certificates and CRLs that conform to AS4539.1.2.1-2001. However, not all
certificates that conform to AS4539.1.2.1-2001 will conform to this profile. This section details the
differences between this recommendation and AS4539.1.2.1-2001.
Where differences occur, reasons are given for the recommendation and any alternative options that
were considered are also described.
B2
B2.1
Certificate Profile Differences
Version
B2.1.1
Other options considered
ve
d
This field does not differ from AS4539.1.2.1-2001.
Serial number
Ar
c
B2.2
hi
As there will be no V1 or V2 Gatekeeper compliant certificates, it was considered recommending that
conforming applications should not accept any certificates with versions V1 or V2. However, this would
require those applications to implement software modified from that required for conformance with the
Australian Standard. There is nothing to be gained in this, as CAs will only issue V3 Gatekeeper
certificates.
This field does not differ from AS4539.1.2.1-2001.
B2.3
Signature
AS4539.1.2.1 (2001) refers to AS 4539.1.3-1999 for a list of acceptable algorithms that may be used.
However, ISM is quite specific about acceptable algorithms for Commonwealth users and other users –
see www.dsd.gov.au.
However as new algorithms are likely to emerge over time this profile should be flexible enough to
accommodate new standards as they emerge, rather than require modification. Therefore, it is
preferable for a separate publication of acceptable algorithms to be maintained.
B2.4
Issuer
AS4539.1.2.1 (2001) recommends conformance with clause 4.1.2.4 of RFC2459, which in turn specifies
minimum sets of attribute types that conforming implementations must and should support.
23
X.509 Certificate and CRL Profiles
February 2009
This profile requires the Issuer DN to conform to the Standards Australia recommendation for naming
and addressing [MP 59 – 2000].
B2.5
Validity
This field does not differ from AS4539.1.2.1-2001.
B2.6
Subject
AS4539.1.2.1-2001 recommends conformance with clause 4.1.2.4 of RFC2459, which in turn specifies
minimum sets of attribute types that conforming implementations must and should support.
This profile requires the Subject DN to conform to the Standards Australia recommendation for naming
and addressing [MP 59 – 2000].
B2.7
Subject public key info
ve
d
AS4539.1.2.1-2001 requires conforming certificates to use the algorithms listed in AS 4539.1.3-1999. In
ISM DSD specifies acceptable algorithms for Commonwealth and other users – see www.dsd.gov.au .
B2.8
Unique identifiers
hi
However as new algorithms are likely to emerge over time this profile should be flexible enough to
accommodate new standards as they emerge, rather than require modification. Therefore, it is
preferable for a separate publication of acceptable algorithms to be maintained.
B2.9
Ar
c
This field does not differ from AS4539.1.2.1-2001.
Authority key identifier
This field does not differ from AS4539.1.2.1-2001.
B2.10
Subject key identifier
This field does not differ from AS4539.1.2.1-2001.
B2.11
Key usage
This field does not differ from AS4539.1.2.1-2001.
B2.12
Certificate policies
This field does not differ from AS4539.1.2.1-2001.
B2.13
Policy mappings
This field does not differ from AS4539.1.2.1-2001.
24
X.509 Certificate and CRL Profiles
February 2009
B2.14
Subject alternative name
AS4539.1.2.3-2001 specifies that if the subject field in an EE certificate is marked empty, this extension
shall be marked critical. However, this Gatekeeper profile does not allow the subject field to be marked
empty, so there is never a requirement to mark this certificate extension as critical.
B2.15
Issuer alternative name
This field does not differ from AS4539.1.2.1-2001.
B2.16
Subject directory attributes
B2.17
Basic constraints
ve
d
This field does not differ from AS4539.1.2.1-2001, except for the recommendation that it should be used
with caution, and avoided where possible. This is because its meaning is considered ambiguous in
AS 4539 and RFC 2459 and, although the extension is not currently in widespread use, there are several
applications known to utilise it for access control purposes.
This field does not differ from AS4539.1.2.1-2001.
B2.17.1
Other options considered
hi
There is a concern that by marking this extension critical, it could potentially break legacy applications.
Ar
c
However, since non-critical extensions can be treated as advisory information with the certificate, there
is a potential problem with EE certificates. The situation could arise where an entity which is not
authorised to be a CA could issue certificates, and a conforming application may unwittingly use such a
certificate.
Given that this recommendation aligns with RFC 2459 and several of its precursors and IETF draft
documents, legacy PKIX software compliant with the precursors of RFC 2459 should also recognise the
purpose of this extension. Thus the risk of disruption to legacy systems should be minimal.
B2.18
Name constraints
This field does not differ from AS4539.1.2.1-2001.
B2.19
Policy constraints
This field does not differ from AS4539.1.2.1-2001.
B2.20
CRL distribution points
This field does not differ from AS4539.1.2.1-2001.
25
X.509 Certificate and CRL Profiles
February 2009
The availability of applications to process CRLs is not yet widespread, so compliance with AS4539.1.2.12001 is recommended.
B2.21
Extended key usage
AS4539.1.2.1-2001 states that this extension may be marked critical or non-critical, whereas this profile
specifies non-critical only. Conforming applications should support and process this extension, and if it
is marked critical, they shall only use the certificate for one of the purposes indicated. RFC 2459 identifies
some extended key usage OIDs, but the list is not exhaustive. It is felt that interoperability may become
a problem if this extension is marked critical.
B2.22
Private key usage period
AS4539.1.2.1-2001 does not include any recommendation regarding the use of this extension. The
recommendation in this profile conforms with that of RFC 2459.
Authority information access
ve
d
B2.23
This field does not differ from AS4539.1.2.1-2001.
B2.24
Inhibit any policy
B2.25
Freshest CRL
hi
This is a possible future field and does not occur in AS4539.1.2.1-2001.
B3
B3.1
Ar
c
This is a possible future field and does not occur in AS4539.1.2.1-2001.
CRL Profile Differences
Version
AS4539.1.2.1-2001 recommends that conforming applications should process V1 CRLs. However, as there
will not be any V1 Gatekeeper CRLs this recommendation has been removed.
B3.2
Signature
This field only differs from AS4539.1.2.1-2001 to the extent that it recognises that the CRL may be issued
by a different entity from the original CA, and so refers to the CRL issuer’s certificate, rather than the
issuing CA’s certificate.
B3.3
Issuer name
This field does not differ from AS4539.1.2.1-2001.
26
X.509 Certificate and CRL Profiles
February 2009
B3.4
This update
This field does not differ from AS4539.1.2.1-2001.
B3.5
Next update
This field does not differ from AS4539.1.2.1-2001.
B3.6
Revoked certificates
This field does not differ from AS4539.1.2.1-2001.
B3.7
Authority key identifier
This field only differs from AS4539.1.2.1-2001 to the extent that it recognises that the CRL may be issued
by a different entity from the original CA, and so refers to the CRL issuer, rather than the CA.
Issuer alternative name
ve
d
B3.8
This field does not differ from AS4539.1.2.1-2001.
B3.9
CRL number
B3.10
Delta CRL indicator
hi
This field does not differ from AS4539.1.2.1-2001.
B3.11
Ar
c
This field is not present in AS4539.1.2.1-2001. It was an editorial decision to exclude a description of this
extension as there was an indication that it would be deprecated. The recommendation in this profile
conforms to RFC 2459.
Issuing distribution point
This field does not differ from AS4539.1.2.1-2001.
B3.12
Reason code
This field does not differ from AS4539.1.2.1-2001.
B3.12.1
Other options considered
There are privacy issues relating to acceptable values for this field. Gatekeeper privacy requirements do
not allow publication of the reasons for certificate revocation and this will be addressed as part of the
Gatekeeper Accreditation / Recognition of Service Providers.
B3.13
Hold instruction code
This field does not differ from AS4539.1.2.1-2001.
27
X.509 Certificate and CRL Profiles
February 2009
B3.14
Invalidity date
This field does not differ from AS4539.1.2.1-2001.
B3.15
Certificate issuer
Ar
c
hi
ve
d
This field does not differ from AS4539.1.2.1-2001.
28
X.509 Certificate and CRL Profiles
February 2009
Download