RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039
Issues n n n References and other minor editorial Subject DN attributes Scope Key usage qc. Stataments - mandatory use for QC and criticality
Subject attributes n RFC 3039 text: q q n The subject field SHALL contain an appropriate subset of the following attributes: Other attributes may be present but MUST NOT be necessary to distinguish the subject name from other subject names within the issuer domain. Attributes under consideration: q q postal. Address (not supported by RFC 3280) Title (function/position within an organization)
Scope – The two ways n RFC 3039 way q n Profile for Qualified Certificates but scope is not limited to that. RFC 3039 bis way? q Profile for ID certificates that also defines specific tools for QC
Scope RFC 3039 n n n Abstract: This document forms a certificate profile for Qualified Certificates, based on RFC 2459, for use in the Internet. The term Qualified Certificate is used to describe a certificate with a certain qualified status within applicable governing law. Section 2: The term "Qualified Certificate" has been used by the European Commission to describe a certain type of certificates with specific relevance for European legislation. This specification is intended to support this class of certificates, but its scope is not limited to this application. Section 2: Within this standard the term "Qualified Certificate" is used more generally, describing the format for a certificate whose primary purpose is identifying a person with high level of assurance in public non-repudiation services. The actual mechanisms that will decide whether a certificate should or should not be considered to be a "Qualified Certificate" in regard to any legislation are outside the scope of this standard.
Scope – Reasons for change n Some functions of RFC 3039 are not specific to QC or “public non-repudiations services” q q biometric. Info Extension Issuer and Subject DN attribute set Attribute semantics definitions (PI definition) Subject. Directory attributes n date. Of. Birth; place. Of. Birth; gender; country. Of. Citizenship; and country. Of. Residence.
Scope – RFC 3039 bis 00. txt n n n Abstract: This document forms a certificate profile, based on RFC 3280, for identity certificates issued to physical persons. Abstract: The profile defines specific conventions for certificates that are qualified within a defined legal framework, named Qualified Certificates. The profile does however not define any legal requirements for such Qualified Certificates. Section 2: Within this standard the term "Qualified Certificate" is used generally, describing a certificate whose primary purpose is to identify a person with high level of assurance, where the certificate meet some qualification requirements defined by an applicable legal framework.
Key usage n RFC 3039 q n RFC 3039 bis 00. txt q n If the key usage non. Repudiation bit is asserted then it SHOULD NOT be combined with any other key usage , i. e. , if set, the key usage non-repudiation SHOULD be set exclusively. Key usage settings SHALL be set in accordance with RFC 3280 definitions. Further conventions for key usage setting MAY be defined by certificate policies and/or local legal regulations. Motivation for change is highly dependent on scope
qc. Statement Extension – mandatory use and criticality n ETSI TS 101 862 q q n RFC 3039 q n Based on clear definition of QC as context for the standard QC declaration through policy or qc. Statement No stipulation Proposal q q RFC 3039 bis – no stripulation TS 101862 bis – Mandatory use of qc. Statament, May be critical
Скачать презентацию RFC 3039 bis Qualified Certificates Profile Changes from
47a21b250f364bd046652a8ee63024fe.ppt