|
|
 |
SPYRUS Policies and Procedures - Certificate Profile
SPYRUS offers as part of its Policies and Procedures Suite a template for Certificate Profile, based on X.509 v.3 and the pertinent IETF specifications. Certificates may be either Public-Key (PKC) or Attribute (AC). Both types are ASN.1 encoded structures with a number of mandatory fields and optional extensions, selected on the basis of the particular application or types of transactions. SPYRUS templates provide guidance of structuring PKCs and ACs to meet business objectives, as set out in the Certificate Policy, and to conform to the appropriate standards for interoperability within a certain jurisdiction or world-wide.
PKCs must be formatted on the basis of the detailed specifications in IETF RFC 3280: PKI Certificate and Certificate Revocation List (CRL) Profile (April 2002), and its accompanying RFC 3279: Algorithms and Identifiers for the Internet X.509 PKI Certificate and Certificate Revocation List (CRL) Profile (April 2002). RFC 3280 is compatible with ITU-T X.509 v.3.
ACs must be formatted on the basis of IETF RFC 3281: An Internet Attribute Certificate Profile for Authorization (May 2002).
In addition, there are related standards and specifications that SPYRUS brings into its templates, not only to ensure conformance to standards, but also to provide a comprehensive and complete coverage of certificate structures and formatting. For example, SPYRUS has a certificate profile template specifically designed for Qualified Certificates (QC), which accommodate the European Union Directive on electronic signature (1999/93/EC). The SPYRUS QC profile template conforms to IETF RFC 3039 Qualified Certificates. RFC 3039 does not directly reference the EU Directive, but it does enable its enforcement. The QC format enables certificates to be qualified under the EU Directive and pursuant regulations, yet it is sufficiently adaptable to enable certificate management under other pertinent jurisdiction.
Because SPYRUS is an active participant in IETF, SPYRUS brings into its Certificate Profile Templates, as well as other P&P templates, developing standards that impact certificate format and use. One such developing standard is the certificate warranty extension, which allows certification service providers (for example, CAs) to offer base or extended warranty to subscribers and relying parties. The developing IETF Internet Draft contains parameters and syntax for this optional extension.
With our strong belief in the importance of standardization, and our attention to the details of legal, business and technical requirements, SPYRUS can provide the most complete, current and conforming Certificate Profiles for any PKI.
|
|
