1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
|
Network Working Group S. Tuecke
Request for Comments: 3820 ANL
Category: Standards Track V. Welch
NCSA
D. Engert
ANL
L. Pearlman
USC/ISI
M. Thompson
LBNL
June 2004
Internet X.509 Public Key Infrastructure (PKI)
Proxy Certificate Profile
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document forms a certificate profile for Proxy Certificates,
based on X.509 Public Key Infrastructure (PKI) certificates as
defined in RFC 3280, for use in the Internet. The term Proxy
Certificate is used to describe a certificate that is derived from,
and signed by, a normal X.509 Public Key End Entity Certificate or by
another Proxy Certificate for the purpose of providing restricted
proxying and delegation within a PKI based authentication system.
Tuecke, et al. Standards Track [Page 1]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview of Approach . . . . . . . . . . . . . . . . . . . . . 4
2.1. Terminology. . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Background . . . . . . . . . . . . . . . . . . . . . . . 5
2.3. Motivation for Proxying. . . . . . . . . . . . . . . . . 5
2.4. Motivation for Restricted Proxies. . . . . . . . . . . . 7
2.5. Motivation for Unique Proxy Name . . . . . . . . . . . . 8
2.6. Description Of Approach. . . . . . . . . . . . . . . . . 9
2.7. Features Of This Approach. . . . . . . . . . . . . . . . 10
3. Certificate and Certificate Extensions Profile . . . . . . . . 12
3.1. Issuer . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2. Issuer Alternative Name. . . . . . . . . . . . . . . . . 12
3.3. Serial Number. . . . . . . . . . . . . . . . . . . . . . 12
3.4. Subject. . . . . . . . . . . . . . . . . . . . . . . . . 13
3.5. Subject Alternative Name . . . . . . . . . . . . . . . . 13
3.6. Key Usage and Extended Key Usage . . . . . . . . . . . . 13
3.7. Basic Constraints. . . . . . . . . . . . . . . . . . . . 14
3.8. The ProxyCertInfo Extension. . . . . . . . . . . . . . . 14
4. Proxy Certificate Path Validation. . . . . . . . . . . . . . . 17
4.1. Basic Proxy Certificate Path Validation. . . . . . . . . 19
4.2. Using the Path Validation Algorithm. . . . . . . . . . . 23
5. Commentary . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.1. Relationship to Attribute Certificates . . . . . . . . . 24
5.2. Kerberos 5 Tickets . . . . . . . . . . . . . . . . . . . 28
5.3. Examples of usage of Proxy Restrictions. . . . . . . . . 28
5.4. Delegation Tracing . . . . . . . . . . . . . . . . . . . 29
6. Security Considerations. . . . . . . . . . . . . . . . . . . . 30
6.1. Compromise of a Proxy Certificate. . . . . . . . . . . . 30
6.2. Restricting Proxy Certificates . . . . . . . . . . . . . 31
6.3. Relying Party Trust of Proxy Certificates. . . . . . . . 31
6.4. Protecting Against Denial of Service with Key Generation 32
6.5. Use of Proxy Certificates in a Central Repository. . . . 32
7. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 33
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33
8.1. Normative References . . . . . . . . . . . . . . . . . . 33
8.2. Informative References . . . . . . . . . . . . . . . . . 33
9. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 34
Appendix A. 1988 ASN.1 Module. . . . . . . . . . . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36
Full Copyright Notice. . . . . . . . . . . . . . . . . . . . . . . 37
Tuecke, et al. Standards Track [Page 2]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
1. Introduction
Use of a proxy credential [i7] is a common technique used in security
systems to allow entity A to grant to another entity B the right for
B to be authorized with others as if it were A. In other words,
entity B is acting as a proxy on behalf of entity A. This document
forms a certificate profile for Proxy Certificates, based on the RFC
3280, "Internet X.509 Public Key Infrastructure Certificate and CRL
Profile" [n2].
In addition to simple, unrestricted proxying, this profile defines:
* A framework for carrying policies in Proxy Certificates that
allows proxying to be limited (perhaps completely disallowed)
through either restrictions or enumeration of rights.
* Proxy Certificates with unique names, derived from the name of the
end entity certificate name. This allows the Proxy Certificates
to be used in conjunction with attribute assertion approaches such
as Attribute Certificates [i3] and have their own rights
independent of their issuer.
Section 2 provides a non-normative overview of the approach. It
begins by defining terminology, motivating Proxy Certificates, and
giving a brief overview of the approach. It then introduces the
notion of a Proxy Issuer, as distinct from a Certificate Authority,
to describe how end entity signing of a Proxy Certificate is
different from end entity signing of another end entity certificate,
and therefore why this approach does not violate the end entity
signing restrictions contained in the X.509 keyCertSign field of the
keyUsage extension. It then continues with discussions of how
subject names are used by this proxying approach, and features of
this approach.
Section 3 defines requirements on information content in Proxy
Certificates. This profile addresses two fields in the basic
certificate as well as five certificate extensions. The certificate
fields are the subject and issuer fields. The certificate extensions
are subject alternative name, issuer alternative name, key usage,
basic constraints, and extended key usage. A new certificate
extension, Proxy Certificate Information, is introduced.
Section 4 defines path validation rules for Proxy Certificates.
Section 5 provides non-normative commentary on Proxy Certificates.
Section 6 discusses security considerations relating to Proxy
Certificates.
Tuecke, et al. Standards Track [Page 3]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
References, listed in Section 8, are sorted into normative and
information references. Normative references, listed in Section 8.1,
are in the form [nXX]. Informative references, listed in Section
8.2, are in the form [iXX].
Section 9 contains acknowledgements.
Following Section 9, contains the Appendix, the contact information
for the authors, the intellectual property information, and the
copyright information for this document.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119 [n1].
2. Overview of Approach
This section provides non-normative commentary on Proxy Certificates.
The goal of this specification is to develop a X.509 Proxy
Certificate profile and to facilitate their use within Internet
applications for those communities wishing to make use of restricted
proxying and delegation within an X.509 Public Key Infrastructure
(PKI) authentication based system.
This section provides relevant background, motivation, an overview of
the approach, and related work.
2.1. Terminology
This document uses the following terms:
* CA: A "Certification Authority", as defined by X.509 [n2]
* EEC: An "End Entity Certificate", as defined by X.509. That is,
it is an X.509 Public Key Certificate issued to an end entity,
such as a user or a service, by a CA.
* PKC: An end entity "Public Key Certificate". This is synonymous
with an EEC.
* PC: A "Proxy Certificate", the profile of which is defined by this
document.
Tuecke, et al. Standards Track [Page 4]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
* PI: A "Proxy Issuer" is an entity with an End Entity Certificate
or Proxy Certificate that issues a Proxy Certificate. The Proxy
Certificate is signed using the private key associated with the
public key in the Proxy Issuer's certificate.
* AC: An "Attribute Certificate", as defined by "An Internet
Attribute Certificate Profile for Authorization" [i3].
* AA: An "Attribute Authority", as defined in [i3].
2.2. Background
Computational and Data "Grids" have emerged as a common approach to
constructing dynamic, inter-domain, distributed computing
environments. As explained in [i5], large research and development
efforts starting around 1995 have focused on the question of what
protocols, services, and APIs are required for effective, coordinated
use of resources in these Grid environments.
In 1997, the Globus Project (www.globus.org) introduced the Grid
Security Infrastructure (GSI) [i4]. This library provides for public
key based authentication and message protection, based on standard
X.509 certificates and public key infrastructure, the SSL/TLS
protocol [i2], and delegation using proxy certificates similar to
those profiled in this document. GSI has been used, in turn, to
build numerous middleware libraries and applications, which have been
deployed in large-scale production and experimental Grids [i1]. GSI
has emerged as the dominant security solution used by Grid efforts
worldwide.
This experience with GSI has proven the viability of restricted
proxying as a basis for authorization within Grids, and has further
proven the viability of using X.509 Proxy Certificates, as defined in
this document, as the basis for that proxying. This document is one
part of an effort to migrate this experience with GSI into standards,
and in the process clean up the approach and better reconcile it with
existing and recent standards.
2.3. Motivation for Proxying
A motivating example will assist in understanding the role proxying
can play in building Internet based applications.
Steve is an engineer who wants to use a reliable file transfer
service to manage the movement of a number of large files around
between various hosts on his company's Intranet-based Grid. From his
laptop he wants to submit a number of transfer requests to the
service and have the files transferred while he is doing other
Tuecke, et al. Standards Track [Page 5]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
things, including being offline. The transfer service may queue the
requests for some time (e.g., until after hours or a period of low
resource usage) before initiating the transfers. The transfer
service will then, for each file, connect to each of the source and
destination hosts, and instruct them to initiate a data connection
directly from the source to the destination in order to transfer the
file. Steve will leave an agent running on his laptop that will
periodically check on progress of the transfer by contacting the
transfer service. Of course, he wants all of this to happen securely
on his company's resources, which requires that he initiate all of
this using his PKI smartcard.
This scenario requires authentication and delegation in a variety of
places:
* Steve needs to be able to mutually authenticate with the reliable
file transfer service to submit the transfer request.
* Since the storage hosts know nothing about the file transfer
service, the file transfer service needs to be delegated the
rights to mutually authenticate with the various storage hosts
involved directly in the file transfer, in order to initiate the
file transfer.
* The source and destination hosts of a particular transfer must be
able to mutual authenticate with each other, to ensure the file is
being transferred to and from the proper parties.
* The agent running on Steve's laptop must mutually authenticate
with the file transfer service in order to check the result of the
transfers.
Proxying is a viable approach to solving two (related) problems in
this scenario:
* Single sign-on: Steve wants to enter his smartcard password (or
pin) once, and then run a program that will submit all the file
transfer requests to the transfer service, and then periodically
check on the status of the transfer. This program needs to be
given the rights to be able to perform all of these operations
securely, without requiring repeated access to the smartcard or
Steve's password.
* Delegation: Various remote processes in this scenario need to
perform secure operations on Steve's behalf, and therefore must be
delegated the necessary rights. For example, the file transfer
Tuecke, et al. Standards Track [Page 6]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
service needs to be able to authenticate on Steve's behalf with
the source and destination hosts, and must in turn delegate rights
to those hosts so that they can authenticate with each other.
Proxying can be used to secure all of these interactions:
* Proxying allows for the private key stored on the smartcard to be
accessed just once, in order to create the necessary proxy
credential, which allows the client/agent program to be authorized
as Steve when submitting the requests to the transfer service.
Access to the smartcard and Steve's password is not required after
the initial creation of the proxy credential.
* The client program on the laptop can delegate to the file transfer
service the right to act on Steve's behalf. This, in turn, allows
the service to authenticate to the storage hosts and inherit
Steve's privileges in order to start the file transfers.
* When the transfer service authenticates to hosts to start the file
transfer, the service can delegate to the hosts the right to act
on Steve's behalf so that each pair of hosts involved in a file
transfer can mutually authenticate to ensure the file is securely
transferred.
* When the agent on the laptop reconnects to the file transfer
service to check on the status of the transfer, it can perform
mutual authentication. The laptop may use a newly generated proxy
credential, which is just created anew using the smartcard.
This scenario, and others similar to it, is being built today within
the Grid community. The Grid Security Infrastructure's single sign-
on and delegation capabilities, built on X.509 Proxy Certificates,
are being employed to provide authentication services to these
applications.
2.4. Motivation for Restricted Proxies
One concern that arises is what happens if a machine that has been
delegated the right to inherit Steve's privileges has been
compromised? For example, in the above scenario, what if the machine
running the file transfer service is compromised, such that the
attacker can gain access to the credential that Steve delegated to
that service? Can the attacker now do everything that Steve is
allowed to do?
A solution to this problem is to allow for restrictions to be placed
on the proxy by means of policies on the proxy certificates. For
example, the machine running the reliable file transfer service in
Tuecke, et al. Standards Track [Page 7]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
the above example might only be given Steve's right for the purpose
of reading the source files and writing the destination files.
Therefore, if that file transfer service is compromised, the attacker
cannot modify source files, cannot create or modify other files to
which Steve has access, cannot start jobs on behalf of Steve, etc.
All that an attacker would be able to do is read the specific files
to which the file transfer service has been delegated read access,
and write bogus files in place of those that the file transfer
service has been delegated write access. Further, by limiting the
lifetime of the credential that is delegated to the file transfer
service, the effects of a compromise can be further mitigated.
Other potential uses for restricted proxy credentials are discussed
in [i7].
2.5. Motivation for Unique Proxy Name
The dynamic creation of entities (e.g., processes and services) is an
essential part of Grid computing. These entities will require rights
in order to securely perform their function. While it is possible to
obtain rights solely through proxying as described in previous
sections, this has limitations. For example what if an entity should
have rights that are granted not just from the proxy issuer but from
a third party as well? While it is possible in this case for the
entity to obtain and hold two proxy certifications, in practice it is
simpler for subsequent credentials to take the form of attribute
certificates.
It is also desirable for these entities to have a unique identity so
that they can be explicitly discussed in policy statements. For
example, a user initiating a third-party FTP transfer could grant
each FTP server a PC with a unique identity and inform each server of
the identity of the other, then when the two servers connected they
could authenticate themselves and know they are connected to the
proper party.
In order for a party to have rights of it's own it requires a unique
identity. Possible options for obtaining an unique identity are:
1) Obtain an identity from a traditional Certification Authority
(CA).
2) Obtain a new identity independently - for example by using the
generated public key and a self-signed certificate.
3) Derive the new identity from an existing identity.
Tuecke, et al. Standards Track [Page 8]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
In this document we describe an approach to option #3, because:
* It is reasonably light-weight, as it can be done without
interacting with a third party. This is important when
creating identities dynamically.
* As described in the previous section, a common use for PCs is
for restricted proxying, so deriving their identity from the
identity of the EEC makes this straightforward. Nonetheless
there are circumstances where the creator does not wish to
delegate all or any of its rights to a new entity. Since the
name is unique, this is easily accomplished by #3 as well, by
allowing the application of a policy to limit proxying.
2.6. Description Of Approach
This document defines an X.509 "Proxy Certificate" or "PC" as a means
of providing for restricted proxying within an (extended) X.509 PKI
based authentication system.
A Proxy Certificate is an X.509 public key certificate with the
following properties:
1) It is signed by either an X.509 End Entity Certificate (EEC), or
by another PC. This EEC or PC is referred to as the Proxy Issuer
(PI).
2) It can sign only another PC. It cannot sign an EEC.
3) It has its own public and private key pair, distinct from any
other EEC or PC.
4) It has an identity derived from the identity of the EEC that
signed the PC. When a PC is used for authentication, in may
inherit rights of the EEC that signed the PC, subject to the
restrictions that are placed on that PC by the EEC.
5) Although its identity is derived from the EEC's identity, it is
also unique. This allows this identity to be used for
authorization as an independent identity from the identity of the
issuing EEC, for example in conjunction with attribute assertions
as defined in [i3].
6) It contains a new X.509 extension to identify it as a PC and to
place policies on the use of the PC. This new extension, along
with other X.509 fields and extensions, are used to enable proper
path validation and use of the PC.
Tuecke, et al. Standards Track [Page 9]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
The process of creating a PC is as follows:
1) A new public and private key pair is generated.
2) That key pair is used to create a request for a Proxy Certificate
that conforms to the profile described in this document.
3) A Proxy Certificate, signed by the private key of the EEC or by
another PC, is created in response to the request. During this
process, the PC request is verified to ensure that the requested
PC is valid (e.g., it is not an EEC, the PC fields are
appropriately set, etc).
When a PC is created as part of a delegation from entity A to entity
B, this process is modified by performing steps #1 and #2 within
entity B, then passing the PC request from entity B to entity A over
an authenticated, integrity checked channel, then entity A performs
step #3 and passes the PC back to entity B.
Path validation of a PC is very similar to normal path validation,
with a few additional checks to ensure, for example, proper PC
signing constraints.
2.7. Features Of This Approach
Using Proxy Certificates to perform delegation has several features
that make it attractive:
* Ease of integration
o Because a PC requires only a minimal change to path validation,
it is very easy to incorporate support for Proxy Certificates
into existing X.509 based software. For example, SSL/TLS
requires no protocol changes to support authentication using a
PC. Further, an SSL/TLS implementation requires only minor
changes to support PC path validation, and to retrieve the
authenticated subject of the signing EEC instead of the subject
of the PC for authorization purposes.
o Many existing authorization systems use the X.509 subject name
as the basis for access control. Proxy Certificates can be
used with such authorization systems without modification,
since such a PC inherits its name and rights from the EEC that
signed it and the EEC name can be used in place of the PC name
for authorization decisions.
Tuecke, et al. Standards Track [Page 10]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
* Ease of use
o Using PC for single sign-on helps make X.509 PKI authentication
easier to use, by allowing users to "login" once and then
perform various operations securely.
o For many users, properly managing their own EEC private key is
a nuisance at best, and a security risk at worst. One option
easily enabled with a PC is to manage the EEC private keys and
certificates in a centrally managed repository. When a user
needs a PKI credential, the user can login to the repository
using name/password, one time password, etc. Then the
repository can delegate a PC to the user with proxy rights, but
continue to protect the EEC private key in the repository.
* Protection of private keys
o By using the remote delegation approach outlined above, entity
A can delegate a PC to entity B, without entity B ever seeing
the private key of entity A, and without entity A ever seeing
the private key of the newly delegated PC held by entity B. In
other words, private keys never need to be shared or
communicated by the entities participating in a delegation of a
PC.
o When implementing single sign-on, using a PC helps protect the
private key of the EEC, because it minimizes the exposure and
use of that private key. For example, when an EEC private key
is password protected on disk, the password and unencrypted
private key need only be available during the creation of the
PC. That PC can then be used for the remainder of its valid
lifetime, without requiring access to the EEC password or
private key. Similarly, when the EEC private key lives on a
smartcard, the smartcard need only be present in the machine
during the creation of the PC.
* Limiting consequences of a compromised key
o When creating a PC, the PI can limit the validity period of the
PC, the depth of the PC path that can be created by that PC,
and key usage of the PC and its descendents. Further, fine-
grained policies can be carried by a PC to even further
restrict the operations that can be performed using the PC.
These restrictions permit the PI to limit damage that could be
done by the bearer of the PC, either accidentally or
maliciously.
Tuecke, et al. Standards Track [Page 11]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
o A compromised PC private key does NOT compromise the EEC
private key. This makes a short term, or an otherwise
restricted PC attractive for day-to-day use, since a
compromised PC does not require the user to go through the
usually cumbersome and time consuming process of having the EEC
with a new private key reissued by the CA.
See Section 5 below for more discussion on how Proxy Certificates
relate to Attribute Certificates.
3. Certificate and Certificate Extensions Profile
This section defines the usage of X.509 certificate fields and
extensions in Proxy Certificates, and defines one new extension for
Proxy Certificate Information.
All Proxy Certificates MUST include the Proxy Certificate Information
(ProxyCertInfo) extension defined in this section and the extension
MUST be critical.
3.1. Issuer
The Proxy Issuer of a Proxy Certificate MUST be either an End Entity
Certificate, or another Proxy Certificate.
The Proxy Issuer MUST NOT have an empty subject field.
The issuer field of a Proxy Certificate MUST contain the subject
field of its Proxy Issuer.
If the Proxy Issuer certificate has the KeyUsage extension, the
Digital Signature bit MUST be asserted.
3.2. Issuer Alternative Name
The issuerAltName extension MUST NOT be present in a Proxy
Certificate.
3.3. Serial Number
The serial number of a Proxy Certificate (PC) SHOULD be unique
amongst all Proxy Certificates issued by a particular Proxy Issuer.
However, a Proxy Issuer MAY use an approach to assigning serial
numbers that merely ensures a high probability of uniqueness.
Tuecke, et al. Standards Track [Page 12]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
For example, a Proxy Issuer MAY use a sequentially assigned integer
or a UUID to assign a unique serial number to a PC it issues. Or a
Proxy Issuer MAY use a SHA-1 hash of the PC public key to assign a
serial number with a high probability of uniqueness.
3.4. Subject
The subject field of a Proxy Certificate MUST be the issuer field
(that is the subject of the Proxy Issuer) appended with a single
Common Name component.
The value of the Common Name SHOULD be unique to each Proxy
Certificate bearer amongst all Proxy Certificates with the same
issuer.
If a Proxy Issuer issues two proxy certificates to the same bearer,
the Proxy Issuer MAY choose to use the same Common Name for both.
Examples of this include Proxy Certificates for different uses (e.g.,
signing vs encryption) or the re-issuance of an expired Proxy
Certificate.
The Proxy Issuer MAY use an approach to assigning Common Name values
that merely ensures a high probability of uniqueness. This value MAY
be the same value used for the serial number.
The result of this approach is that all subject names of Proxy
Certificates are derived from the name of the issuing EEC (it will be
the first part of the subject name appended with one or more CN
components) and are unique to each bearer.
3.5. Subject Alternative Name
The subjectAltName extension MUST NOT be present in a Proxy
Certificate.
3.6. Key Usage and Extended Key Usage
If the Proxy Issuer certificate has a Key Usage extension, the
Digital Signature bit MUST be asserted.
This document places no constraints on the presence or contents of
the key usage and extended key usage extension. However, section 4.2
explains what functions should be allowed a proxy certificate by a
relying party.
Tuecke, et al. Standards Track [Page 13]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
3.7. Basic Constraints
The cA field in the basic constraints extension MUST NOT be TRUE.
3.8. The ProxyCertInfo Extension
A new extension, ProxyCertInfo, is defined in this subsection.
Presence of the ProxyCertInfo extension indicates that a certificate
is a Proxy Certificate and whether or not the issuer of the
certificate has placed any restrictions on its use.
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 }
ProxyCertInfo ::= SEQUENCE {
pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
proxyPolicy ProxyPolicy }
ProxyPolicy ::= SEQUENCE {
policyLanguage OBJECT IDENTIFIER,
policy OCTET STRING OPTIONAL }
If a certificate is a Proxy Certificate, then the proxyCertInfo
extension MUST be present, and this extension MUST be marked as
critical.
If a certificate is not a Proxy Certificate, then the proxyCertInfo
extension MUST be absent.
The ProxyCertInfo extension consists of one required and two optional
fields, which are described in detail in the following subsections.
3.8.1. pCPathLenConstraint
The pCPathLenConstraint field, if present, specifies the maximum
depth of the path of Proxy Certificates that can be signed by this
Proxy Certificate. A pCPathLenConstraint of 0 means that this
certificate MUST NOT be used to sign a Proxy Certificate. If the
pCPathLenConstraint field is not present then the maximum proxy path
length is unlimited. End entity certificates have unlimited maximum
proxy path lengths.
Tuecke, et al. Standards Track [Page 14]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
3.8.2. proxyPolicy
The proxyPolicy field specifies a policy on the use of this
certificate for the purposes of authorization. Within the
proxyPolicy, the policy field is an expression of policy, and the
policyLanguage field indicates the language in which the policy is
expressed.
The proxyPolicy field in the proxyCertInfo extension does not define
a policy language to be used for proxy restrictions; rather, it
places the burden on those parties using that extension to define an
appropriate language, and to acquire an OID for that language (or to
select an appropriate previously-defined language/OID). Because it
is essential for the PI that issues a certificate with a proxyPolicy
field and the relying party that interprets that field to agree on
its meaning, the policy language OID must correspond to a policy
language (including semantics), not just a policy grammar.
The policyLanguage field has two values of special importance,
defined in Appendix A, that MUST be understood by all parties
accepting Proxy Certificates:
* id-ppl-inheritAll indicates that this is an unrestricted proxy
that inherits all rights from the issuing PI. An unrestricted
proxy is a statement that the Proxy Issuer wishes to delegate all
of its authority to the bearer (i.e., to anyone who has that proxy
certificate and can prove possession of the associated private
key). For purposes of authorization, this an unrestricted proxy
effectively impersonates the issuing PI.
* id-ppl-independent indicates that this is an independent proxy
that inherits no rights from the issuing PI. This PC MUST be
treated as an independent identity by relying parties. The only
rights this PC has are those granted explicitly to it.
For either of the policyLanguage values listed above, the policy
field MUST NOT be present.
Other values for the policyLanguage field indicates that this is a
restricted proxy certification and have some other policy limiting
its ability to do proxying. In this case the policy field MAY be
present and it MUST contain information expressing the policy. If
the policy field is not present the policy MUST be implicit in the
value of the policyLanguage field itself. Authors of additional
policy languages are encouraged to publicly document their policy
language and list it in the IANA registry (see Section 7).
Tuecke, et al. Standards Track [Page 15]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Proxy policies are used to limit the amount of authority delegated,
for example to assert that the proxy certificate may be used only to
make requests to a specific server, or only to authorize specific
operations on specific resources. This document is agnostic to the
policies that can be placed in the policy field.
Proxy policies impose additional requirements on the relying party,
because only the relying party is in a position to ensure that those
policies are enforced. When making an authorization decision based
on a proxy certificate based on rights that proxy certificate
inherited from its issuer, it is the relying party's responsibility
to verify that the requested authority is compatible with all
policies in the PC's certificate path. In other words, the relying
party MUST verify that the following three conditions are all met:
1) The relying party MUST know how to interpret the proxy policy and
the request is allowed under that policy.
2) If the Proxy Issuer is an EEC then the relying party's local
policies MUST authorize the request for the entity named in the
EEC.
3) If the Proxy Issuer is another PC, then one of the following MUST
be true:
a. The relying party's local policies authorize the Proxy Issuer
to perform the request.
b. The Proxy Issuer inherits the right to perform the request from
its issuer by means of its proxy policy. This must be verified
by verifying these three conditions on the Proxy Issuer in a
recursive manner.
If these conditions are not met, the relying party MUST either deny
authorization, or ignore the PC and the whole certificate chain
including the EEC entirely when making its authorization decision
(i.e., make the same decision that it would have made had the PC and
it's certificate chain never been presented).
The relying party MAY impose additional restrictions as to which
proxy certificates it accepts. For example, a relying party MAY
choose to reject all proxy certificates, or MAY choose to accept
proxy certificates only for certain operations, etc.
Note that since a proxy certificate has a unique identity it MAY also
have rights granted to it by means other than inheritance from it's
issuer via its proxy policy. The rights granted to the bearer of a
PC are the union of the rights granted to the PC identity and the
Tuecke, et al. Standards Track [Page 16]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
inherited rights. The inherited rights consist of the intersection
of the rights granted to the PI identity intersected with the proxy
policy in the PC.
For example, imagine that Steve is authorized to read and write files
A and B on a file server, and that he uses his EEC to create a PC
that includes the policy that it can be used only to read or write
files A and C. Then a trusted attribute authority grants an
Attribute Certificate granting the PC the right to read file D. This
would make the rights of the PC equal to the union of the rights
granted to the PC identity (right to read file D) with the
intersection of the rights granted to Steve, the PI, (right to read
files A and B) with the policy in the PC (can only read files A and
C). This would mean the PC would have the following rights:
* Right to read file A: Steve has this right and he issued the PC
and his policy grants this right to the PC.
* Right to read file D: This right is granted explicitly to the PC
by a trusted authority.
The PC would NOT have the following rights:
* Right to read file B: Although Steve has this right, it is
excluded by his policy on the PC.
* Right to read file C: Although Steve's policy grants this right,
he does not have this right himself.
In many cases, the relying party will not have enough information to
evaluate the above criteria at the time that the certificate path is
validated. For example, if a certificate is used to authenticate a
connection to some server, that certificate is typically validated
during that authentication step, before any requests have been made
of the server. In that case, the relying party MUST either have some
authorization mechanism in place that will check the proxy policies,
or reject any certificate that contains proxy policies (or that has a
parent certificate that contains proxy policies).
4. Proxy Certificate Path Validation
Proxy Certification path processing verifies the binding between the
proxy certificate distinguished name and proxy certificate public
key. The binding is limited by constraints which are specified in
the certificates which comprise the path and inputs which are
specified by the relying party.
Tuecke, et al. Standards Track [Page 17]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
This section describes an algorithm for validating proxy
certification paths. Conforming implementations of this
specification are not required to implement this algorithm, but MUST
provide functionality equivalent to the external behavior resulting
from this procedure. Any algorithm may be used by a particular
implementation so long as it derives the correct result.
The algorithm presented in this section validates the proxy
certificate with respect to the current date and time. A conformant
implementation MAY also support validation with respect to some point
in the past. Note that mechanisms are not available for validating a
proxy certificate with respect to a time outside the certificate
validity period.
Valid paths begin with the end entity certificate (EEC) that has
already been validated by public key certificate validation
procedures in RFC 3280 [n2]. The algorithm requires the public key
of the EEC and the EEC's subject distinguished name.
To meet the goal of verifying the proxy certificate, the proxy
certificate path validation process verifies, among other things,
that a prospective certification path (a sequence of n certificates)
satisfies the following conditions:
(a) for all x in {1, ..., n-1}, the subject of certificate x is the
issuer of proxy certificate x+1 and the subject distinguished
name of certificate x+1 is a legal subject distinguished name to
have been issued by certificate x;
(b) certificate 1 is valid proxy certificate issued by the end entity
certificate whose information is given as input to the proxy
certificate path validation process;
(c) certificate n is the proxy certificate to be validated;
(d) for all x in {1, ..., n}, the certificate was valid at the time
in question; and
(e) for all certificates in the path with a pCPathLenConstraint
field, the number of certificates in the path following that
certificate does not exceed the length specified in that field.
At this point there is no mechanism defined for revoking proxy
certificates.
Tuecke, et al. Standards Track [Page 18]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
4.1. Basic Proxy Certificate Path Validation
This section presents the algorithm in four basic steps to mirror the
description of public key certificate path validation in RFC 3280:
(1) initialization, (2) basic proxy certificate processing, (3)
preparation for the next proxy certificate, and (4) wrap-up. Steps
(1) and (4) are performed exactly once. Step (2) is performed for
all proxy certificates in the path. Step (3) is performed for all
proxy certificates in the path except the final proxy certificate.
Certificate path validation as described in RFC 3280 MUST have been
done prior to using this algorithm to validate the end entity
certificate. This algorithm then processes the proxy certificate
chain using the end entity certificate information produced by RFC
3280 path validation.
4.1.1. Inputs
This algorithm assumes the following inputs are provided to the path
processing logic:
(a) information about the entity certificate already verified using
RFC 3280 path validation. This information includes:
(1) the end entity name,
(2) the working_public_key output from RFC 3280 path validation,
(3) the working_public_key_algorithm output from RFC 3280,
(4) and the working_public_key_parameters output from RFC 3280
path validation.
(b) prospective proxy certificate path of length n.
(c) acceptable-pc-policy-language-set: A set of proxy certificate
policy languages understood by the policy evaluation code. The
acceptable-pc-policy-language-set MAY contain the special value
id-ppl-anyLanguage (as defined in Appendix A) if the path
validation code should not check the proxy certificate policy
languages (typically because the set of known policy languages is
not known yet and will be checked later in the authorization
process).
(d) the current date and time.
Tuecke, et al. Standards Track [Page 19]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
4.1.2. Initialization
This initialization phase establishes the following state variables
based upon the inputs:
(a) working_public_key_algorithm: the digital signature algorithm
used to verify the signature of a proxy certificate. The
working_public_key_algorithm is initialized from the input
information provided from RFC 3280 path validation.
(b) working_public_key: the public key used to verify the signature
of a proxy certificate. The working_public_key is initialized
from the input information provided from RFC 3280 path
validation.
(c) working_public_key_parameters: parameters associated with the
current public key, that may be required to verify a signature
(depending upon the algorithm). The
proxy_issuer_public_key_parameters variable is initialized from
the input information provided from RFC 3280 path validation.
(d) working_issuer_name: the issuer distinguished name expected in
the next proxy certificate in the chain. The working_issuer_name
is initialized to the distinguished name in the end entity
certificate validated by RFC 3280 path validation.
(e) max_path_length: this integer is initialized to n, is decremented
for each proxy certificate in the path. This value may also be
reduced by the pcPathLenConstraint value of any proxy certificate
in the chain.
(f) proxy_policy_list: this list is empty to start and will be filled
in with the key usage extensions, extended key usage extensions
and proxy policies in the chain.
Upon completion of the initialization steps, perform the basic
certificate processing steps specified in 4.1.3.
4.1.3. Basic Proxy Certificate Processing
The basic path processing actions to be performed for proxy
certificate i (for all i in [1..n]) are listed below.
(a) Verify the basic certificate information. The certificate MUST
satisfy each of the following:
Tuecke, et al. Standards Track [Page 20]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
(1) The certificate was signed with the
working_public_key_algorithm using the working_public_key and
the working_public_key_parameters.
(2) The certificate validity period includes the current time.
(3) The certificate issuer name is the working_issuer_name.
(4) The certificate subject name is the working_issuer_name with a
CN component appended.
(b) The proxy certificate MUST have a ProxyCertInfo extension.
Process the extension as follows:
(1) If the pCPathLenConstraint field is present in the
ProxyCertInfo field and the value it contains is less than
max_path_length, set max_path_length to its value.
(2) If acceptable-pc-policy-language-set is not id-ppl-
anyLanguage, the OID in the policyLanguage field MUST be
present in acceptable-pc-policy-language-set.
(c) The tuple containing the certificate subject name, policyPolicy,
key usage extension (if present) and extended key usage extension
(if present) must be appended to proxy_policy_list.
(d) Process other certificate extensions, as described in [n2]:
(1) Recognize and process any other critical extensions present in
the proxy certificate.
(2) Process any recognized non-critical extension present in the
proxy certificate.
If either step (a), (b) or (d) fails, the procedure terminates,
returning a failure indication and an appropriate reason.
If i is not equal to n, continue by performing the preparatory steps
listed in 4.1.4. If i is equal to n, perform the wrap-up steps
listed in 4.1.5.
4.1.4. Preparation for next Proxy Certificate
(a) Verify max_path_length is greater than zero and decrement
max_path_length.
(b) Assign the certificate subject name to working_issuer_name.
Tuecke, et al. Standards Track [Page 21]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
(c) Assign the certificate subjectPublicKey to working_public_key.
(d) If the subjectPublicKeyInfo field of the certificate contains an
algorithm field with non-null parameters, assign the parameters
to the working_public_key_parameters variable.
If the subjectPublicKeyInfo field of the certificate contains an
algorithm field with null parameters or parameters are omitted,
compare the certificate subjectPublicKey algorithm to the
working_public_key_algorithm. If the certificate
subjectPublicKey algorithm and the working_public_key_algorithm
are different, set the working_public_key_parameters to null.
(e) Assign the certificate subjectPublicKey algorithm to the
working_public_key_algorithm variable.
(f) If a key usage extension is present, verify that the
digitalSignature bit is set.
If either check (a) or (f) fails, the procedure terminates, returning
a failure indication and an appropriate reason.
If (a) and (f) complete successfully, increment i and perform the
basic certificate processing specified in 4.1.3.
4.1.5. Wrap-up Procedures
(a) Assign the certificate subject name to working_issuer_name.
(b) Assign the certificate subjectPublicKey to working_public_key.
(c) If the subjectPublicKeyInfo field of the certificate contains an
algorithm field with non-null parameters, assign the parameters
to the proxy_issuer_public_key_parameters variable.
If the subjectPublicKeyInfo field of the certificate contains an
algorithm field with null parameters or parameters are omitted,
compare the certificate subjectPublicKey algorithm to the
proxy_issuer_public_key_algorithm. If the certificate
subjectPublicKey algorithm and the
proxy_issuer_public_key_algorithm are different, set the
proxy_issuer_public_key_parameters to null.
(d) Assign the certificate subjectPublicKey algorithm to the
proxy_issuer_public_key_algorithm variable.
Tuecke, et al. Standards Track [Page 22]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
4.1.6. Outputs
If path processing succeeds, the procedure terminates, returning a
success indication together with final value of the
working_public_key, the working_public_key_algorithm, the
working_public_key_parameters, and the proxy_policy_list.
4.2. Using the Path Validation Algorithm
Each Proxy Certificate contains a ProxyCertInfo extension, which
always contains a policy language OID, and may also contain a policy
OCTET STRING. These policies serve to indicate the desire of each
issuer in the proxy certificate chain, starting with the EEC, to
delegate some subset of their rights to the issued proxy certificate.
This chain of policies is returned by the algorithm to the
application.
The application MAY make authorization decisions based on the subject
distinguished name of the proxy certificate or on one of the proxy
certificates in it's issuing chain or on the EEC that serves as the
root of the chain. If an application chooses to use the subject
distinguished name of a proxy certificate in the issuing chain or the
EEC it MUST use the returned policies to restrict the rights it
grants to the proxy certificate. If the application does not know
how to parse any policy in the policy chain it MUST not use, for the
purposes of making authorization decisions, the subject distinguished
name of any certificate in the chain prior to the certificate in
which the unrecognized policy appears.
Application making authorization decisions based on the contents of
the proxy certificate key usage or extended key usage extensions MUST
examine the list of key usage, extended key usage and proxy policies
resulting from proxy certificate path validation and determine the
effective key usage functions of the proxy certificate as follows:
* If a certificate is a proxy certificate with a proxy policy of
id-ppl-independent or an end entity certificate, the effective key
usage functions of that certificate is as defined by the key usage
and extended key usage extensions in that certificate. The key
usage functionality of the issuer has no bearing on the effective
key usage functionality.
* If a certificate is a proxy certificate with a policy other than
id-ppl-independent, the effective key usage and extended key usage
functionality of the proxy certificate is the intersection of the
functionality of those extensions in the proxy certificate and the
effective key usage functionality of the proxy issuer.
Tuecke, et al. Standards Track [Page 23]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
5. Commentary
This section provides non-normative commentary on Proxy Certificates.
5.1. Relationship to Attribute Certificates
An Attribute Certificate [i3] can be used to grant to one identity,
the holder, some attribute such as a role, clearance level, or
alternative identity such as "charging identity" or "audit identity".
This is accomplished by way of a trusted Attribute Authority (AA),
which issues signed Attribute Certificates (AC), each of which binds
an identity to a particular set of attributes. Authorization
decisions can then be made by combining information from the
authenticated End Entity Certificate providing the identity, with the
signed Attribute Certificates providing binding of that identity to
attributes.
There is clearly some overlap between the capabilities provided by
Proxy Certificates and Attribute Certificates. However, the
combination of the two approaches together provides a broader
spectrum of solutions to authorization in X.509 based systems, than
either solution alone. This section seeks to clarify some of the
overlaps, differences, and synergies between Proxy Certificate and
Attribute Certificates.
5.1.1. Types of Attribute Authorities
For the purposes of this discussion, Attribute Authorities, and the
uses of the Attribute Certificates that they produce, can be broken
down into two broad classes:
1) End entity AA: An End Entity Certificate may be used to sign an
AC. This can be used, for example, to allow an end entity to
delegate some of its privileges to another entity.
2) Third party AA: A separate entity, aside from the end entity
involved in an authenticated interaction, may sign ACs in order to
bind the authenticated identity with additional attributes, such
as role, group, etc. For example, when a client authenticates
with a server, the third party AA may provide an AC that binds the
client identity to a particular group, which the server then uses
for authorization purposes.
This second type of Attribute Authority, the third party AA, works
equally well with an EEC or a PC. For example, unrestricted Proxy
Certificates can be used to delegate the EEC's identity to various
other parties. Then when one of those other parties uses the PC to
authenticate with a service, that service will receive the EEC's
Tuecke, et al. Standards Track [Page 24]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
identity via the PC, and can apply any ACs that bind that identity to
attributes in order to determine authorization rights. Additionally
PC with policies could be used to selectively deny the binding of ACs
to a particular proxy. An AC could also be bound to a particular PC
using the subject or issuer and serial number of the proxy
certificate. There would appear to be great synergies between the
use of Proxy Certificates and Attribute Certificates produced by
third party Attribute Authorities.
However, the uses of Attribute Certificates that are granted by the
first type of Attribute Authority, the end entity AA, overlap
considerably with the uses of Proxy Certificates as described in the
previous sections. Such Attribute Certificates are generally used
for delegation of rights from one end entity to others, which clearly
overlaps with the stated purpose of Proxy Certificates, namely single
sign-on and delegation.
5.1.2. Delegation Using Attribute Certificates
In the motivating example in Section 2, PCs are used to delegate
Steve's identity to the various other jobs and entities that need to
act on Steve's behalf. This allows those other entities to
authenticate as if they were Steve, for example to the mass storage
system.
A solution to this example could also be cast using Attribute
Certificates that are signed by Steve's EEC, which grant to the other
entities in this example the right to perform various operations on
Steve's behalf. In this example, the reliable file transfer service
and all the hosts involved in file transfers, the starter program,
the agent, the simulation jobs, and the post-processing job would
each have their own EECs. Steve's EEC would therefore issue ACs to
bind each of those other EEC identities to attributes that grant the
necessary privileges allow them to, for example, access the mass
storage system.
However, this AC based solution to delegation has some disadvantages
as compared to the PC based solution:
* All protocols, authentication code, and identity based
authorization services must be modified to understand ACs. With
the PC solution, protocols (e.g., TLS) likely need no
modification, authentication code needs minimal modification
(e.g., to perform PC aware path validation), and identity based
authorization services need minimal modification (e.g., possibly
to find the EEC name and to check for any proxy policies).
Tuecke, et al. Standards Track [Page 25]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
* ACs need to be created by Steve's EEC, which bind attributes to
each of the other identities involved in the distributed
application (i.e., the agent, simulation jobs, and post-processing
job the file transfer service, the hosts transferring files).
This implies that Steve must know in advance which other
identities may be involved in this distributed application, in
order to generate the appropriate ACs which are signed by Steve's
ECC. On the other hand, the PC solution allows for much more
flexibility, since parties can further delegate a PC without a
priori knowledge by the originating EEC.
There are many unexplored tradeoffs and implications in this
discussion of delegation. However, reasonable arguments can be made
in favor of either an AC based solution to delegation or a PC based
solution to delegation. The choice of which approach should be taken
in a given instance may depend on factors such as the software that
it needs to be integrated into, the type of delegation required, and
other factors.
5.1.3. Propagation of Authorization Information
One possible use of Proxy Certificates is to carry authorization
information associated with a particular identity.
The merits of placing authorization information into End Entity
Certificates (also called a Public Key Certificate or PKC) have been
widely debated. For example, Section 1 of "An Internet Attribute
Certificate Profile for Authorization" [i3] states:
"Authorization information may be placed in a PKC extension or
placed in a separate attribute certificate (AC). The placement of
authorization information in PKCs is usually undesirable for two
reasons. First, authorization information often does not have the
same lifetime as the binding of the identity and the public key.
When authorization information is placed in a PKC extension, the
general result is the shortening of the PKC useful lifetime.
Second, the PKC issuer is not usually authoritative for the
authorization information. This results in additional steps for
the PKC issuer to obtain authorization information from the
authoritative source.
For these reasons, it is often better to separate authorization
information from the PKC. Yet, authorization information also
needs to be bound to an identity. An AC provides this binding; it
is simply a digitally signed (or certified) identity and set of
attributes."
Tuecke, et al. Standards Track [Page 26]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Placing authorization information in a PC mitigates the first
undesirable property cited above. Since a PC has a lifetime that is
mostly independent of (always shorter than) its signing EEC, a PC
becomes a viable approach for carrying authorization information for
the purpose of delegation.
The second undesirable property cited above is true. If a third
party AA is authoritative, then using ACs issued by that third party
AA is a natural approach to disseminating authorization information.
However, this is true whether the identity being bound by these ACs
comes from an EEC (PKC), or from a PC.
There is one case, however, that the above text does not consider.
When performing delegation, it is usually the EEC itself that is
authoritative (not the EEC issuer, or any third party AA). That is,
it is up to the EEC to decide what authorization rights it is willing
to grant to another party. In this situation, including such
authorization information into PCs that are generated by the EEC
seems a reasonable approach to disseminating such information.
5.1.4. Proxy Certificate as Attribute Certificate Holder
In a system that employs both PCs and ACs, one can imagine the
utility of allowing a PC to be the holder of an AC. This would allow
for a particular delegated instance of an identity to be given an
attribute, rather than all delegated instances of that identity being
given the attribute.
However, the issue of how to specify a PC as the holder of an AC
remains open. An AC could be bound to a particular instance of a PC
using the unique subject name of the PC, or it's issuer and serial
number combination.
Unrestricted PCs issued by that PC would then inherit those ACs and
independent PCs would not. PCs issued with a policy would depend on
the policy as to whether or not they inherit the issuing PC's ACs
(and potentially which ACs they inherit).
While an AC can be bound to one PC by the AA, how can the AA restrict
that PC from passing it on to a subsequently delegated PC? One
possible solution would be to define an extension to attribute
certificates that allows the attribute authority to state whether an
issued AC is to apply only to the particular entity to which it is
bound, or if it may apply to PCs issued by that entity.
One issue that an AA in this circumstance would need to be aware of
is that the PI of the PC that the AA bound the AC to, could issue
another PC with the same name as the original PC to a different
Tuecke, et al. Standards Track [Page 27]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
entity, effectively stealing the AC. This implies that an AA issuing
an AC to a PC need to not only trust the entity holding the PC, but
the entity holding the PC's issuer as well.
5.2. Kerberos 5 Tickets
The Kerberos Network Authentication Protocol (RFC 1510 [i6]) is a
widely used authentication system based on conventional (shared
secret key) cryptography. It provides support for single sign-on via
creation of "Ticket Granting Tickets" or "TGT", and support for
delegation of rights via "forwardable tickets".
Kerberos 5 tickets have informed many of the ideas surrounding X.509
Proxy Certificates. For example, the local creation of a short-lived
PC can be used to provide single sign-on in an X.509 PKI based
system, just as creation of short-lived TGT allows for single sign-on
in a Kerberos based system. And just as a TGT can be forwarded
(i.e., delegated) to another entity to allow for proxying in a
Kerberos based system, so can a PC can be delegated to allow for
proxying in an X.509 PKI based system.
A major difference between a Kerberos TGT and an X.509 PC is that
while creation and delegation of a TGT requires the involvement of a
third party (Key Distribution Center), a PC can be unilaterally
created without the active involvement of a third party. That is, a
user can directly create a PC from an EEC for single sign-on
capability, without requiring communication with a third party. And
an entity with a PC can delegate the PC to another entity (i.e., by
creating a new PC, signed by the first) without requiring
communication with a third party.
The method used by Kerberos implementations to protect a TGT can also
be used to protect the private key of a PC. For example, some Unix
implementations of Kerberos use standard Unix file system security to
protect a user's TGT from compromise. Similarly, the Globus
Toolkit's Grid Security Infrastructure implementation of Proxy
Certificates protects a user's PC private key using this same
approach.
5.3. Examples of usage of Proxy Restrictions
This section gives some examples of Proxy Certificate usage and some
examples of how the Proxy policy can be used to restrict Proxy
Certificates.
Tuecke, et al. Standards Track [Page 28]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
5.3.1. Example use of proxies without Restrictions
Steve wishes to perform a third-party FTP transfer between two FTP
servers. Steve would use an existing PC to authenticate to both
servers and delegate a PC to both hosts. He would inform each host
of the unique subject name of the PC given to the other host. When
the servers establish the data channel connection to each other, they
use these delegated credentials to perform authentication and verify
they are talking to the correct entity by checking the result of the
authentication matches the name as provided by Steve.
5.3.2. Example use of proxies with Restrictions
Steve wishes to delegate to a process the right to perform a transfer
of a file from host H1 to host H2 on his behalf. Steve would
delegate a PC to the process and he would use Proxy Policy to
restrict the delegated PC to two rights - the right to read file F1
on host H1 and the right to write file F2 on host H2.
The process then uses this restricted PC to authenticate to servers
H1 and H2. The process would also delegate a PC to both servers.
Note that these delegated PCs would inherit the restrictions of their
parents, though this is not relevant to this example. As in the
example in the previous Section, each host would be provided with the
unique name of the PC given to the other server.
Now when the process issues the command to transfer the file F1 on H1
and to F2 on H2, these two servers perform an authorization check
based on the restrictions in the PC that the process used to
authenticate with them (in addition to any local policy they have).
Namely H1 checks that the PC gives the user the right to read F1 and
H2 checks that the PC gives the user the right to write F2. When
setting up the data channel the servers would again verify the names
resulting from the authentication match the names provided by Steve
as in the example in the previous Section.
The extra security provided by these restrictions is that now if the
PC delegated to the process by Steve is stolen, its use is greatly
limited.
5.4. Delegation Tracing
A relying party accepting a Proxy Certificate may have an interest in
knowing which parties issued earlier Proxy Certificates in the
certificate chain and to whom they delegated them. For example it
may know that a particular service or resource is known to have been
Tuecke, et al. Standards Track [Page 29]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
compromised and if any part of a Proxy Certificate's chain was issued
to the compromised service a relying party may wish to disregard the
chain.
A delegation tracing mechanism was considered by the authors as
additional information to be carried in the ProxyCertInfo extension.
However at this time agreement has not been reached as to what this
information should include so it was left out of this document, and
will instead be considered in future revisions. The debate mainly
centers on whether the tracing information should simply contain the
identity of the issuer and receiver or it should also contain all the
details of the delegated proxy and a signed statement from the
receiver that the proxy was actually acceptable to it.
5.4.1. Site Information in Delegation Tracing
In some cases, it may be desirable to know the hosts involved in a
delegation transaction (for example, a relying party may wish to
reject proxy certificates that were created on a specific host or
domain). An extension could be modified to include the PA's and
Acceptor's IP addresses; however, IP addresses are typically easy to
spoof, and in some cases the two parties to a transaction may not
agree on the IP addresses being used (e.g., if the Acceptor is on a
host that uses NAT, the Acceptor and the PA may disagree about the
Acceptor's IP address).
Another suggestion was, in those cases where domain information is
needed, to require that the subject names of all End Entities
involved (the Acceptor(s) and the End Entity that appears in a PC's
certificate path) include domain information.
6. Security Considerations
In this Section we discuss security considerations related to the use
of Proxy Certificates.
6.1. Compromise of a Proxy Certificate
A Proxy Certificate is generally less secure than the EEC that issued
it. This is due to the fact that the private key of a PC is
generally not protected as rigorously as that of the EEC. For
example, the private key of a PC is often protected using only file
system security, in order to allow that PC to be used for single
sign-on purposes. This makes the PC more susceptible to compromise.
However, the risk of a compromised PC is only the misuse of a single
user's privileges. Due to the PC path validation checks, a PC cannot
be used to sign an EEC or PC for another user.
Tuecke, et al. Standards Track [Page 30]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Further, a compromised PC can only be misused for the lifetime of the
PC, and within the bound of the restriction policy carried by the PC.
Therefore, one common way to limit the misuse of a compromised PC is
to limit its validity period to no longer than is needed, and/or to
include a restriction policy in the PC that limits the use of the
(compromised) PC.
In addition, if a PC is compromised, it does NOT compromise the EEC
that created the PC. This property is of great utility in protecting
the highly valuable, and hard to replace, public key of the EEC. In
other words, the use of Proxy Certificates to provide single sign-on
capabilities in an X.509 PKI environment can actually increase the
security of the end entity certificates, because creation and use of
the PCs for user authentication limits the exposure of the EEC
private key to only the creation of the first level PC.
6.2. Restricting Proxy Certificates
The pCPathLenConstraint field of the proxyCertInfo extension can be
used by an EEC to limit subsequent delegation of the PC. A service
may choose to only authorize a request if a valid PC can be delegated
to it. An example of such as service is a job starter, which may
choose to reject a job start request if a valid PC cannot be
delegated to it. By limiting the pCPathLenConstraint, an EEC can
ensure that a compromised PC of one job cannot be used to start
additional jobs elsewhere.
An EEC or PC can limit what a new PC can be used for by turning off
bits in the Key Usage and Extended Key Usage extensions. Once a key
usage or extended key usage has been removed, the path validation
algorithm ensures that it cannot be added back in a subsequent PC.
In other words, key usage can only be decreased in PC chains.
The EEC could use the CRL Distribution Points extension and/or OCSP
to take on the responsibility of revoking PCs that it had issued, if
it felt that they were being misused.
6.3. Relying Party Trust of Proxy Certificates
The relying party that is going to authorize some actions on the
basis of a PC will be aware that it has been presented with a PC, and
can determine the depth of the delegation and the time that the
delegation took place. It may want to use this information in
addition to the information from the signing EEC. Thus a highly
secure resource might refuse to accept a PC at all, or maybe only a
single level of delegation, etc.
Tuecke, et al. Standards Track [Page 31]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
The relying party should also be aware that since the policy
restricting the rights of a PC is the intersection of the policy of
all the PCs in it's certificate chain, this means any change in the
certificate chain can effect the policy of the PC. Since there is no
mechanism in place to enforce unique subject names of PCs, if an
issuer were to issue two PCs with identical names and keys, but
different rights, this could allow the two PCs to be substituted for
each other in path validation and effect the rights of a PC down the
chain. Ultimately, this means the relying party places trust in the
entities that are acting as Proxy Issuers in the chain to behave
properly.
6.4. Protecting Against Denial of Service with Key Generation
As discussed in Section 2.3, one of the motivations for Proxy
Certificates is to allow for dynamic delegation between parties. This
delegation potentially requires, by the party receiving the
delegation, the generation of a new key pair which is a potentially
computationally expensive operation. Care should be taken by such
parties to prevent another entity from performing a denial of service
attack by causing them to consume large amount of resource doing key
generation.
A general guideline would always to perform authentication of the
delegating party to prevent such attacks from being performed
anonymously. Another guideline would be to maintain some state to
detect and prevent such attacks.
6.5. Use of Proxy Certificates with a Central Repository
As discussed in Section 2.7, one potential use of Proxy Certificates
is to ease certificate management for end users by storing the EEC
private keys and certificates in a centrally managed repository.
When a user needs a PKI credential, the user can login to the
repository using name/password, one time password, etc. and the
repository would then delegate a PC to the user with proxy rights,
but continue to protect the EEC private key in the repository.
Care must be taken with this approach since compromise of the
repository will potentially give the attacker access to the long-term
private keys stored in the repository. It is strongly suggested that
some form of hardware module be used to store the long-term private
keys, which will serve to help prevent their direct threat though it
may still allow a successful attacker to use the keys while the
repository is compromised to sign arbitrary objects (including Proxy
Certificates).
Tuecke, et al. Standards Track [Page 32]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
7. IANA Considerations
IANA has established a registry for policy languages. Registration
under IETF space is by IETF standards action as described in [i8].
Private policy languages should be under organizational OIDs; policy
language authors are encouraged to list such languages in the IANA
registry, along with a pointer to a specification.
OID Description
--- -----------
1.3.6.1.5.5.7.21.1 id-ppl-inheritALL
1.3.6.1.5.5.7.21.2 id-ppl-independent
8. References
8.1. Normative References
[n1] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[n2] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509
Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 3280, April 2002.
8.2. Informative References
[i1] Butler, R., Engert, D., Foster, I., Kesselman, C., and S.
Tuecke, "A National-Scale Authentication Infrastructure",
IEEE Computer, vol. 33, pp. 60-66, 2000.
[i2] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC
2246, January 1999.
[i3] Farrell, S. and R. Housley, "An Internet Attribute
Certificate Profile for Authorization", RFC 3281, April 2002.
[i4] Foster, I., Kesselman, C., Tsudik, G., and S. Tuecke, "A
Security Architecture for Computational Grids", presented at
Proceedings of the 5th ACM Conference on Computer and
Communications Security, 1998.
[i5] Foster, I., Kesselman, C., and S. Tuecke, "The Anatomy of the
Grid: Enabling Scalable Virtual Organizations", International
Journal of Supercomputer Applications, 2001.
[i6] Kohl, J. and C. Neuman, "The Kerberos Network Authentication
Service (V5)", RFC 1510, September 1993.
Tuecke, et al. Standards Track [Page 33]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
[i7] Neuman, B. Clifford, "Proxy-Based Authorization and
Accounting for Distributed Systems", In Proceedings of the
13th International Conference on Distributed Computing
Systems, pages 283-291, May 1993.
[i8] Narten, T. and H. Alvestrand. "Guidelines for Writing an IANA
Considerations Section in RFC", RFC 2434, October 1998.
9. Acknowledgments
We are pleased to acknowledge significant contributions to this
document by David Chadwick, Ian Foster, Jarek Gawor, Carl Kesselman,
Sam Meder, Jim Schaad, and Frank Siebenlist.
We are grateful to numerous colleagues for discussions on the topics
covered in this paper, in particular (in alphabetical order, with
apologies to anybody we've missed): Carlisle Adams, Joe Bester, Randy
Butler, Keith Jackson, Steve Hanna, Russ Housley, Stephen Kent, Bill
Johnston, Marty Humphrey, Sam Lang, Ellen McDermott, Clifford Neuman,
Gene Tsudik.
We are also grateful to members of the Global Grid Forum (GGF) Grid
Security Infrastructure working group (GSI-WG), and the Internet
Engineering Task Force (IETF) Public-Key Infrastructure (X.509)
working group (PKIX) for feedback on this document.
This work was supported in part by the Mathematical, Information, and
Computational Sciences Division subprogram of the Office of Advanced
Scientific Computing Research, U.S. Department of Energy, under
Contract W-31-109-Eng-38 and DE-AC03-76SF0098; by the Defense
Advanced Research Projects Agency under contract N66001-96-C-8523; by
the National Science Foundation; and by the NASA Information Power
Grid project.
Tuecke, et al. Standards Track [Page 34]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Appendix A. 1988 ASN.1 Module
PKIXproxy88 { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
proxy-cert-extns(25) }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
-- EXPORTS ALL --
-- IMPORTS NONE --
-- PKIX specific OIDs
id-pkix OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
-- private certificate extensions
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-- Locally defined OIDs
-- The proxy certificate extension
id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 }
-- Proxy certificate policy languages
id-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
-- Proxy certificate policies languages defined in
id-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-ppl 0 }
id-ppl-inheritAll OBJECT IDENTIFIER ::= { id-ppl 1 }
id-ppl-independent OBJECT IDENTIFIER ::= { id-ppl 2 }
-- The ProxyCertInfo Extension
ProxyCertInfoExtension ::= SEQUENCE {
pCPathLenConstraint ProxyCertPathLengthConstraint
OPTIONAL,
proxyPolicy ProxyPolicy }
ProxyCertPathLengthConstraint ::= INTEGER
ProxyPolicy ::= SEQUENCE {
policyLanguage OBJECT IDENTIFIER,
policy OCTET STRING OPTIONAL }
END
Tuecke, et al. Standards Track [Page 35]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Authors' Addresses
Steven Tuecke
Distributed Systems Laboratory
Mathematics and Computer Science Division
Argonne National Laboratory
Argonne, IL 60439
Phone: 630-252-8711
EMail: tuecke@mcs.anl.gov
Von Welch
National Center for Supercomputing Applications
University of Illinois
EMail: vwelch@ncsa.uiuc.edu
Doug Engert
Argonne National Laboratory
EMail: deengert@anl.gov
Laura Pearlman
University of Southern California, Information Sciences Institute
EMail: laura@isi.edu
Mary Thompson
Lawrence Berkeley National Laboratory
EMail: mrthompson@lbl.gov
Tuecke, et al. Standards Track [Page 36]
^L
RFC 3820 X.509 Proxy Certificate Profile June 2004
Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Tuecke, et al. Standards Track [Page 37]
^L
|