Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

More documents

Recommendations

Info

9.13.1 Disputes among Raytheon and Customers ............................................................. 82 9.13.2 Alternate Dispute Resolution Provisions ................................................................. 82 9.14 Governing Law .......................................................................................................... 83 9.15 Compliance with Applicable Law ............................................................................ 83 9.16 Miscellaneous Provisions ........................................................................................ 83 9.16.1 Entire Agreement .................................................................................................... 83 9.16.2 Assignment .............................................................................................................. 83 9.16.3 Severability .............................................................................................................. 83 9.16.4 Waiver of Rights ...................................................................................................... 83 9.16.5 Force Majeure ......................................................................................................... 83 9.17 Other Provisions ....................................................................................................... 84 10 CERTIFICATE, CRL, AND OCSP FORMATS ............................................................... 85 10.1 Raytheon Root CA � CBCA Cross-Certificate ...................................................... 86 10.2 PKCS 10 Request ..................................................................................................... 88 10.3 Raytheon Root CA Certificate (RRCA) .................................................................... 89 10.4 High Assurance Subscriber Signature Certificate ................................................ 90 10.5 High Assurance Subscriber Encryption Certificate .............................................. 92 10.6 Medium Assurance Signing CA Certificate (MASCA) ........................................... 93 10.7 Medium Assurance Subscriber Signature Certificate ........................................... 94 10.8 Medium Assurance Subscriber Encryption Certificate ......................................... 96 10.9 Medium Assurance Code Signing Certificate ........................................................ 97 10.10 Medium Assurance Application Certificate ............................................................ 98 10.11 Medium Assurance Device or Server Certificate ................................................... 99 10.12 Medium Assurance Domain Controller Certificate .............................................. 101 10.13 Medium Assurance Role Signature Certificate .................................................... 103 10.14 Medium Assurance Role Encryption Certificate .................................................. 104 10.15 OCSP Responder Certificate ................................................................................. 105 10.16 Raytheon Root CA CRL Format ............................................................................ 106 10.17 Medium Assurance CA CRL Format ..................................................................... 107 10.18 OCSP Request Format ........................................................................................... 108 10.19 OCSP Response Format ........................................................................................ 108 11 PKI REPOSITORY INTEROPERABILITY PROFILE ....................................................... 109 11.1 Protocol ................................................................................................................... 109 11.2 Authentication ........................................................................................................ 109 11.3 Naming .................................................................................................................... 109 11.4 Object Class ............................................................................................................ 109 11.5 Attributes ................................................................................................................. 110 12 ACRONYMS & ABBREVIATIONS ..................................................................... 112 13 GLOSSARY ....................................................................................................... 117 10 7/25/2011
1 INTRODUCTION This Certificate Policy (CP) governs the operation of a Public Key Infrastructure (PKI) consisting of products and services that provide and manage X.509 certificates for public-key cryptography. Certificates identify the individual named in the certificate, and bind that person to a particular public/private key pair. This CP defines several certificate policies that represent the test, low-software, low-hardware, medium-software, medium-CBP-software 1 , medium-hardware, medium-CBP-hardware, and high-hardware assurance levels for public key certificates. The word “assurance” used in this CP means how well a Relying Party can be certain of the identity binding between the public key and the individual whose subject name is cited in the certificate. In addition, it also reflects how well the Relying Party can be certain that the individual whose subject name is cited in the certificate is controlling the use of the private key that corresponds to the public key in the certificate, and how securely the system which was used to produce the certificate and (if appropriate) deliver the private key to the subscriber performs its task. Raytheon plans to operate a Certification Authority (CA) based on the policies in this CP to facilitate cross-certification with the CertiPath Bridge Certification Authority (CBCA) for interoperation among Aerospace PKIs. Raytheon programs require services such as authentication, confidentiality, technical nonrepudiation, and access control. These services are met with an array of network security devices such as users, workstations, firewalls, routers, network encryptors, and trusted database servers. The operation of these devices is supported and completed by use of publickey cryptography. As a system solution, the devices share the burden of the total system security. The use of public key certificates does not add any security services in a poorly designed or implemented system. Security management services provided by the PKI include: � Key Generation/Storage/Recovery � Certificate Generation, Update, Renewal, Re-key, and Distribution � Certificate Revocation List (CRL) Generation and Distribute � Directory Management of Certificate Related Items � Certificate Update, Renewal, Re-key, and Recovery � Certificate token initialization/programming/management � System Management functions (e.g. security audit, configuration management, archive, etc.) The security of these services is ensured by defining requirements on PKI activities, including the following: � Subscriber identification and authorization verification � Control of computer and cryptographic systems � Operation of computer and cryptographic systems � Usage of keys and public-key certificates by Subscribers and Relying Parties 1 Note: CBP stands for Commercial Best Practices 11 7/25/2011
Page 1 and 2: Raytheon Company Public Key Infrast
Page 3 and 4: Table of Contents 1 INTRODUCTION ..
Page 5 and 6: 4.6.7 Notification of Certificate I
Page 7 and 8: 5.4.8 Vulnerability Assessments ...
Page 9: 9 OTHER BUSINESS AND LEGAL MATTERS
Page 13 and 14: 1.1.3 Scope The following diagram r
Page 15 and 16: 1. The CAs asserting id-raytheon-SH
Page 17 and 18: approval of the PMA. The ROA activi
Page 19 and 20: � Raytheon employees and eligible
Page 21 and 22: 1.5 Policy Administration 1.5.1 Org
Page 23 and 24: 3.1 Naming 3 IDENTIFICATION & AUTHE
Page 25 and 26: establishing how the applicant is k
Page 27 and 28: 4. The Identity Verifier shall reco
Page 29 and 30: 3.3.1 Identification and Authentica
Page 31 and 32: For subscriber certificates, the pr
Page 33 and 34: 4.3.1 CA Actions during Certificate
Page 35 and 36: 4.7.4 Notification of New Certifica
Page 37 and 38: Any CA may unilaterally revoke anot
Page 39 and 40: 4.9.8 Maximum Latency for CRLs The
Page 41 and 42: 4.12.2 Session Key Encapsulation an
Page 43 and 44: depart shall initial a sign-out she
Page 45 and 46: � Performing or overseeing intern
Page 47 and 48: � Be trustworthy; � Have no oth
Page 49 and 50: administrative documents (e.g., Adm
Page 51 and 52: REVOCATION PROFILE MANAGEMENT Audit
Page 53 and 54: It is acceptable for the system to
Page 55 and 56: 5.6 Key Changeover A CA uses a sign
Page 57 and 58: If a RA signature keys are compromi
Page 59 and 60: show that appropriate role separati
Page 61 and 62:
Hashing: Cryptographic Function Has
Page 63 and 64:
6.2 Private Key Protection and Cryp
Page 65 and 66:
6.3 Other Aspects of Key Management
Page 67 and 68:
� All hardware must be shipped or
Page 69 and 70:
7 CERTIFICATE, CRL AND OCSP PROFILE
Page 71 and 72:
When multiple values exist for an a
Page 73 and 74:
8 COMPLIANCE AUDIT AND OTHER ASSESS
Page 75 and 76:
9.1 Fees 9 OTHER BUSINESS AND LEGAL
Page 77 and 78:
� There are no material misrepres
Page 79 and 80:
� Ensure that certificate and rev
Page 81 and 82:
as a termination of this CP unless
Page 83 and 84:
enforce the agreement to arbitrate,
Page 85 and 86:
10 CERTIFICATE, CRL, AND OCSP FORMA
Page 87 and 88:
Field Value Policy Mapping For SHA-
Page 89 and 90:
10.3 Raytheon Root CA Certificate (
Page 91 and 92:
91 7/25/2011
Page 93 and 94:
10.6 Medium Assurance Signing CA Ce
Page 95 and 96:
Field Value Entrust Version Info c=
Page 97 and 98:
10.9 Medium Assurance Code Signing
Page 99 and 100:
Field Value Entrust Version Info En
Page 101 and 102:
10.12 Medium Assurance Domain Contr
Page 103 and 104:
10.13 Medium Assurance Role Signatu
Page 105 and 106:
10.15 OCSP Responder Certificate Th
Page 107 and 108:
10.17 Medium Assurance CA CRL Forma
Page 109 and 110:
11 PKI REPOSITORY INTEROPERABILITY
Page 111 and 112:
BIBLIOGRAPHY The following document
Page 113 and 114:
HTTP Hypertext Transfer Protocol IA
Page 115 and 116:
13 GLOSSARY Access Ability to make
Page 117 and 118:
Client (application) A system entit
Page 119 and 120:
Non-Repudiation Assurance that the
Page 121 and 122:
other CA. (See superior CA). Subscr
show all

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?