|
|
 |
PKI Policies and Procedures: Certificate Profile
Certificates can be either of two types: public-key certificates or attribute certificates. Both types are ASN.1-encoded structures with several mandatory fields and optional extensions, selected on the basis of the particular application or types of transactions. SPYRUS templates provide guidance for structuring public-key certificates and attribute certificates to meet the business objectives set out in the certificate policy and conforming to the appropriate standards for interoperability within a certain jurisdiction or worldwide.
Public-key certificates must be formatted according to the specifications in IETF RFC 3280: PKI Certificate and Certificate Revocation List (CRL) Profile (April 2002), and its accompanying RFC 3279: Algorithms and Identifiers for the Internet X.509 PKI Certificate and Certificate Revocation List (CRL) Profile (April 2002). RFC 3280 is compatible with ITU-T X.509 v.3.
Attribute certificates must be formatted according to IETF RFC 3281: An Internet Attribute Certificate Profile for Authorization (May 2002).
SPYRUS also brings related standards and specifications into its templates, to ensure conformance to standards and also to provide comprehensive and complete coverage of certificate structures and formatting. For example, SPYRUS has a certificate profile template specifically designed for qualified certificates, which accommodate the European Union directive on electronic signature (1999/93/EC). The SPYRUS qualified certificate profile template conforms to IETF RFC 3039: Qualified Certificates. RFC 3039 does not directly reference the EU directive, but it does enable its enforcement. The qualified certificate format enables certificates to be qualified under the EU directive and pursuant regulations, yet it is sufficiently adaptable to enable certificate management under other pertinent jurisdictions.
Because SPYRUS is an active participant in IETF, SPYRUS brings developing standards that impact certificate format and use into all its PKI policy and procedure templates. An example is the certificate warranty extension, which allows certification service providers (CAs) to offer a base or extended warranty to subscribers and relying parties.
SPYRUS strongly believes in the importance of standardization, and our attention to the details of legal, business, and technical requirements enables us to provide the most complete, current, and conforming certificate profiles for any PKI system.
|
|
