Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

10.16 Raytheon Root CA CRL Format Field Value Version V2 Issuer Signature Algorithm sha-1WithRSAEncryption {1 2 840 113549 1 1 5} or sha256 WithRSAEncryption {1 2 840 113549 1 1 11} Issuer Distinguished Name ou=RaytheonRoot, o=CAs, dc=raytheon, dc=com Effective date expressed in UTCTime until 2049 Next update expressed in UTCTime until 2049 (>= thisUpdate + CRL issuance frequency) Revoked certificates list 0 or more 2-tuple of certificate serial number and revocation date (in Generalized Time) Issuer’s Signature sha-1WithRSAEncryption {1 2 840 113549 1 1 5} or sha256 WithRSAEncryption {1 2 840 113549 1 1 11} CRL Extension Value CRL Number c=no; monotonically increasing integer (never repeated) Authority Key Identifier c=no; Octet String (same as in Authority Key Identifier field in certificates issued by the CA) Issuing Distribution Point c=yes; distribution point field must contain a full name (i.e., distribution point field may not contain nameRelativetoCRLIssuer); the following fields must all be absent: onlySomeReasons, indirectCRL, and onlyContainsAttributeCerts CRL Entry Extension Value Reason Code c=no; optional, must be included when reason code = key compromise or CA compromise 106 7/25/2011
10.17 Medium Assurance CA CRL Format Field Value Version V2 Issuer Signature Algorithm sha-1WithRSAEncryption {1 2 840 113549 1 1 5} or sha256 WithRSAEncryption {1 2 840 113549 1 1 11} Issuer Distinguished Name ou=class3, o=CAs, dc=raytheon, dc=com Effective date expressed in UTCTime until 2049 Next update expressed in UTCTime until 2049 (>= thisUpdate + CRL issuance frequency) Revoked certificates list 0 or more 2-tuple of certificate serial number and revocation date (in Generalized Time) Issuer’s Signature sha-1WithRSAEncryption {1 2 840 113549 1 1 5} or sha256 WithRSAEncryption {1 2 840 113549 1 1 11} CRL Extension Value CRL Number c=no; monotonically increasing integer (never repeated) Authority Key Identifier c=no; Octet String (same as in Authority Key Identifier field in certificates issued by the CA) Issuing Distribution Point c=yes; distribution point field must contain a full name (i.e., distribution point field may not contain nameRelativetoCRLIssuer); the following fields must all be absent: onlySomeReasons, indirectCRL and onlyContainsAttributeCerts CRL Entry Extension Value Reason Code c=no; ; optional, must be included when reason code = key compromise or CA compromise Hold Instruction c=no; optional, id-holdinstruction-reject 32 32 may be present only if reason code = certificateHold 107 7/25/2011
Page 1 and 2:
Raytheon Company Public Key Infrast
Page 3 and 4:
Table of Contents 1 INTRODUCTION ..
Page 5 and 6:
4.6.7 Notification of Certificate I
Page 7 and 8:
5.4.8 Vulnerability Assessments ...
Page 9 and 10:
9 OTHER BUSINESS AND LEGAL MATTERS
Page 11 and 12:
1 INTRODUCTION This Certificate Pol
Page 13 and 14:
1.1.3 Scope The following diagram r
Page 15 and 16:
1. The CAs asserting id-raytheon-SH
Page 17 and 18:
approval of the PMA. The ROA activi
Page 19 and 20:
� Raytheon employees and eligible
Page 21 and 22:
1.5 Policy Administration 1.5.1 Org
Page 23 and 24:
3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26:
establishing how the applicant is k
Page 27 and 28:
4. The Identity Verifier shall reco
Page 29 and 30:
3.3.1 Identification and Authentica
Page 31 and 32:
For subscriber certificates, the pr
Page 33 and 34:
4.3.1 CA Actions during Certificate
Page 35 and 36:
4.7.4 Notification of New Certifica
Page 37 and 38:
Any CA may unilaterally revoke anot
Page 39 and 40:
4.9.8 Maximum Latency for CRLs The
Page 41 and 42:
4.12.2 Session Key Encapsulation an
Page 43 and 44:
depart shall initial a sign-out she
Page 45 and 46:
� Performing or overseeing intern
Page 47 and 48:
� Be trustworthy; � Have no oth
Page 49 and 50:
administrative documents (e.g., Adm
Page 51 and 52:
REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54:
It is acceptable for the system to
Page 55 and 56: 5.6 Key Changeover A CA uses a sign
Page 57 and 58: If a RA signature keys are compromi
Page 59 and 60: show that appropriate role separati
Page 61 and 62: Hashing: Cryptographic Function Has
Page 63 and 64: 6.2 Private Key Protection and Cryp
Page 65 and 66: 6.3 Other Aspects of Key Management
Page 67 and 68: � All hardware must be shipped or
Page 69 and 70: 7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71 and 72: When multiple values exist for an a
Page 73 and 74: 8 COMPLIANCE AUDIT AND OTHER ASSESS
Page 75 and 76: 9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78: � There are no material misrepres
Page 79 and 80: � Ensure that certificate and rev
Page 81 and 82: as a termination of this CP unless
Page 83 and 84: enforce the agreement to arbitrate,
Page 85 and 86: 10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88: Field Value Policy Mapping For SHA-
Page 89 and 90: 10.3 Raytheon Root CA Certificate (
Page 91 and 92: 91 7/25/2011
Page 93 and 94: 10.6 Medium Assurance Signing CA Ce
Page 95 and 96: Field Value Entrust Version Info c=
Page 97 and 98: 10.9 Medium Assurance Code Signing
Page 99 and 100: Field Value Entrust Version Info En
Page 101 and 102: 10.12 Medium Assurance Domain Contr
Page 103 and 104: 10.13 Medium Assurance Role Signatu
Page 105: 10.15 OCSP Responder Certificate Th
Page 109 and 110: 11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112: BIBLIOGRAPHY The following document
Page 113 and 114: HTTP Hypertext Transfer Protocol IA
Page 115 and 116: 13 GLOSSARY Access Ability to make
Page 117 and 118: Client (application) A system entit
Page 119 and 120: Non-Repudiation Assurance that the
Page 121 and 122: other CA. (See superior CA). Subscr
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

Create successful ePaper yourself

Delete template?

Save as template?