X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities

Transcription

1 X.509 Certificate Policy for the Australian Department of Defence Root Certificate Authority and Subordinate Certificate Authorities Version 5.1 May 2014

2 Notice to all parties seeking to rely Reliance on a Certificate issued under this Certificate Policy, identified by subarcs of the object identifier for DRCA CP and for any Sub CA that is signed by the DRCA, is only permitted as set forth in this document. Use of this document constitutes acceptance of the terms and conditions set out in this document. The acceptance of a Certificate by a Relying Party for a prohibited purpose is at the Relying Party s risk. Engaging in a prohibited Certificate use is a breach of this Certificate Policy and Defence disclaims any and all liability in such circumstances. The conditions applicable to each type of Defence Certificate will vary. Document Management This document is controlled by: Changes are authorised by: The Defence Public Key Infrastructure Policy Board Defence Public Key Infrastructure Policy Board; and Gatekeeper Competent Authority Change History Signatures Version Issue Date Description/ Amendment Changed by May 2007 Initial Release GJF 3.0 Nov 2011 Released (Minor amendments, hard tokens, PIV and CCEB compliance) Dec 2011 Updated for OCSP Verizon Business 3.2 May 2012 Updated for TSS, ACP185, OCSP 3.3 June 2012 AGIMO & AGS review. Minor amendments 4.0 July 2012 Released SJP 5.0 May 2014 Review and update for release 5.1 May 2014 Added SHA2 references CG Appointment Organisation Signature DPKIPB Chair Dept. of Defence SJP AKK AKK CDMC Ops Man Gatekeeper Competent Authority Dept. of Finance DRCA & Sub CA CP, Version 5.1 ii

3 Contents 1. INTRODUCTION Overview Document name and identification PKI participants Certification authorities Registration authorities Subscribers Relying Parties Other participants Certificate usage Appropriate certificate uses Prohibited certificate uses Policy administration Organisation administering the document Contact person Authority determining CPS suitability for the policy CPS approval procedures Definitions, acronyms and interpretation PUBLICATION AND REPOSITORY RESPONSIBILITIES Repositories Publication of certification information Time or frequency of publication Access controls on repositories IDENTIFICATION AND AUTHENTICATION Naming Types of names Need for names to be meaningful Anonymity or pseudonymity of Subscribers Rules for interpreting various name forms Uniqueness of names Recognition, authentication, and role of trademarks Initial identity validation Method to prove possession of private key Authentication of Organization Identity Authentication of individual identity Non verified Subscriber information Validation of authority Criteria for interoperation Identification and authentication for re key requests Identification and authentication for routine re key Identification and authentication for re key after revocation Identification and authentication for revocation request CERTIFICATE LIFE CYCLE OPERATIONAL REQUIREMENTS Certificate application Who can submit a certificate application Enrolment process and responsibilities Certificate application processing Performing identification and authentication functions Approval or rejection of certificate applications DRCA & Sub CA CP, Version 5.1 iii

4 DRCA & Sub CA CP, Version Time to process certificate applications Certificate issuance CA actions during certificate issuance Notification to Subscriber by the CA of issuance of certificate Certificate acceptance Conduct constituting certificate acceptance Publication of the certificate by the CA Notification of certificate issuance by the CA to other entities Key pair and certificate usage Subscriber private key and certificate usage Relying Party public key and certificate usage Certificate renewal Circumstance for certificate renewal Who may request renewal Processing certificate renewal requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of a renewal certificate Publication of the renewal certificate by the CA Notification of certificate issuance by the CA to other entities Certificate re key Circumstance for certificate re key Who may request certification of a new public key Processing certificate re keying requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of a re keyed certificate Publication of the re keyed certificate by the CA Notification of certificate issuance by the CA to other entities Certificate modification Circumstance for certificate modification Who may request certificate modification Processing certificate modification requests Notification of new certificate issuance to Subscriber Conduct constituting acceptance of modified certificate Publication of the modified certificate by the CA Notification of certificate issuance by the CA to other entities Certificate revocation and suspension Circumstances for revocation Who can request revocation Procedure for revocation request Revocation request grace period Time within which CA must process the revocation request Revocation checking requirement for Relying Parties CRL issuance frequency (if applicable) Maximum latency for CRLs (if applicable) On line revocation/status checking availability On line revocation checking requirements Other forms of revocation advertisements available Special requirements re key compromise Circumstances for suspension Who can request suspension Procedure for suspension request Limits on suspension period Certificate status services End of subscription...20 iv

5 4.12 Key escrow and recovery Key escrow and recovery policy and practices Session key encapsulation and recovery policy and practices FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS Physical controls Procedural controls Personnel controls Audit logging procedures Records archival Key changeover Compromise and disaster recovery CA or RA termination TECHNICAL SECURITY CONTROLS Key pair generation and installation Key pair generation Private Key delivery to Subscriber Public key delivery to certificate issuer CA public key delivery to Relying Parties Key sizes Public key parameters generation and quality checking Key usage purposes (as per X.509 v3 key usage field) Private key protection and cryptographic module engineering controls Cryptographic module standards and controls Private Key (n out of m) multi person control Private Key escrow Private Key backup Private Key archival Private Key transfer into or from a cryptographic module Private Key storage on cryptographic module Method of activating private key Method of deactivating private key Method of destroying private key Cryptographic Module Rating Other aspects of key pair management Public key archival Certificate operational periods and key pair usage periods Activation data Activation data generation and installation Activation data protection Other aspects of activation data Computer security controls Life cycle technical controls Network security controls Time stamping CERTIFICATE, CRL AND OCSP PROFILES Certificate profile Version Numbers Certificate Extensions Algorithm Object Identifiers Name Forms Name Constraints Certificate Policy Object Identifier Usage of Policy Constraints Extension DRCA & Sub CA CP, Version 5.1 v

6 DRCA & Sub CA CP, Version Policy Qualifiers Syntax and Semantics Processing Semantics for the Critical Certificate Policies Extension CRL profile Version Numbers CRL and CRL Entry Extensions OCSP profile Version Numbers OCSP Extensions COMPLIANCE AUDIT AND OTHER ASSESSMENTS Frequency or circumstances of assessment Identity/qualifications of assessor Assessor s relationship to assessed entity Topics covered by assessment Actions taken as a result of deficiency Communication of results OTHER BUSINESS AND LEGAL MATTERS Fees Certificate issuance or renewal fees Certificate access fees Revocation or status information access fees Fees for other services Refund policy Financial responsibility Insurance coverage Other assets Insurance or warranty coverage for end entities Confidentiality of business information Privacy of personal information Privacy plan Information treated as private Information not deemed private Responsibility to protect private information Notice and consent to use private information Disclosure pursuant to judicial or administrative process Other information disclosure circumstances Intellectual property rights Representations and warranties Disclaimers of warranties Limitations of liability Indemnities Term and termination Term Termination Effect of termination and survival Individual notices and communications with participants Amendments Dispute resolution provisions Governing law Compliance with applicable law Miscellaneous provisions Other provisions...29 APPENDIX A. REFERENCES APPENDIX B. CERTIFICATE AND CRL PROFILES AND FORMATS vi

7 B.1 DRCA Signature/Authentication Certificate...31 B.2 DRCA CRL...33 B.3 SUB CA SIGNATURE/AUTHENTICATION CERTIFICATE...34 B.4 SUB CA CRL...36 Table of Tables Table 1 Signature OIDs Table 2 Algorithm OIDs Table 3 Level of Assurance OIDs Table 4 References Table 5 Defence Root Certification Authority Signature/Authentication Certificate Profile Table 6 Defence Root CA CRL Profile Table 7 Sub CA Signature/Authentication Certificate Profile Table 8 Sub CA CRL Profile DRCA & Sub CA CP, Version 5.1 vii

8 1. INTRODUCTION Certificate policies are, in the X.509 version 3 digital certificate standard, the named set of rules regarding the applicability of a certificate to a particular community and/or class of applications with common security requirements. A CP may be used by a Relying Party to help in deciding whether a certificate, and the binding therein, are sufficiently trustworthy and otherwise appropriate for a particular application. This Certificate Policy (CP) identifies the rules to manage the Australian Government Department of Defence (Defence) Root Certificate Authority (CA) certificates, Subordinate Certificate Authority (Sub CA) certificates and associated core component certificates. It includes the obligations of the Public Key Infrastructure (PKI) entities, and how the parties, indicated below, use them. It does not describe how to implement these rules as that information is in the Defence PKI Certification Practice Statement (CPS), or documents referenced by the CPS. In general, the rules identify the minimum standards in terms of performance, security and/or quality. The headings in this CP follow the framework set out in the Internet Engineering Task Force Request for Comment (RFC) 3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. A document hierarchy applies: the provisions of any applicable contract such as a Subscriber Agreement, Deed of Agreement or other relevant contract override the provisions of this CP. The provisions of this CP prevail over the provisions of CPS to the extent of any direct inconsistency. The provisions of CPS govern any matter on which this CP is silent. (Note: where sub titled sections of the framework provide no additional information to detail provided in the CPS they have not been further extrapolated in this document.) This section identifies and introduces the set of provisions, and indicates the types of entities and applications applicable for this Defence Root Certification Authority (DRCA) and Sub CA Certificate Policy (CP). 1.1 Overview The DRCA is used to self sign the Root CA certificate, digitally sign Sub CA certificates to validate their properties and sign and issue the certificates used by operational servers and operation personnel. The DRCA is the highest point of trust within the Defence PKI hierarchy and all other CA and RA entities in the hierarchy rely on this trust anchor. A Sub CA certificate is signed by the DRCA and signs the certificates used by operational servers and operation personnel as well as signing the certificates issued to end entities. This CP only allows the DRCA and any Sub CA private keys to reside on a hardware security module (HSM). Any operations certificates required for PKI core components are required to be stored in accordance with the PKI Key Management Plan (KMP). Except for Resource Custodians (RC) this CP allows Operators keys and certificates to only reside on a hardware based token with an embedded cryptographic engine. Before issuing Operators keys and certificates, the applicant is required to perform a face to face identity verification that complies with the Gatekeeper Evidence of Identity (EOI) policy for a High Assurance certificate and be cleared to the required level in accordance with the PKI System Security Plan (SSP). DRCA & Sub CA CP, Version of 36

9 1.2 Document name and identification The title for this CP is the X.509 Certificate Policy for the Department of Defence Root Certificate Authority and Subordinate Certificate Authorities. The Object Identifier (OID) for the DRCA CP is: {iso (1) iso member (2) australia (36) government (1) department of defence (334) pki (1) certificate policy (1) certificate authority (1) root (1)} In addition, this CP is issued for any Sub CA that is signed by the DRCA. In these circumstances, the OID is: {iso (1) iso member (2) australia (36) government (1) department of defence (334) pki (1) certificate policy (1) certificate authority (1) subordinate (2) } 1.3 PKI participants Certification authorities The Certification Authority (CA), or CAs, that issue certificates under this CP are Defence CAs. This CP relates to: i. the self signed DRCA authentication certificates that the DRCA issues to itself; ii. the authentication and confidentiality certificates signed by the DRCA and issued to SubCAs; iii. the authentication and confidentiality certificates issued by the SubCAs for the core operational infrastructure, e.g. the Registration Authority (RA) server; the Key Archive Server (KAS); and iv. all operator certificates used for the purpose of maintenance and issuance responsibilities, such as CA operators (CAO), RA Auditors (RAA), Registration Officers (ROs) and Resource Custodians (RCs) Registration authorities The Registration Authority (RA), or RAs, that perform the registration functions under this CP are authorised by the Defence PKI Policy Board (DPKIPB). For those certificates issued in accordance with the Gatekeeper accreditation, a Gatekeeper accredited RA must be used. An RA is formally bound to perform the registration functions in accordance with this CP and other relevant Approved Documents Subscribers No end entity Subscribers are issued certificates under this CP. Certificates issued by the DRCA or Sub CA to the operators of core components will not be used as a validation mechanism for that individual. All such certificates will only be valid for use within the PKI core components 1. An entity issued a certificate under this CP must have access, authority or privilege to Defence assets or systems. Defence assets and systems may act as a Relying Party, with respect to chain of trust aspects, having granted access, authority or privilege to an individual. 1 The exception to this rule is ROs using the Card Management System (CMS), who use their Individual - High Assurance certificate to log in to the CMS in conjunction with Issuer rights in the system. DRCA & Sub CA CP, Version of 36

10 1.3.4 Relying Parties Other than the chain of trust aspects there are no Relying Parties for the certificates issued under this CP. This chain of trust is created by the DRCA signing the Sub CA certificate that signs the certificate issued to the end entity and the issuance of Certificate Revocation Lists (CRLs). Relying Parties are bound by the relevant CP that an end entity certificate is issued under Other participants Other participants include: i. the DPKIPB refer to the Certification Practice Statement (CPS) for their responsibilities which specifically include: a) review and approval of this CP; b) presiding over the PKI audit process; c) approving mechanisms and controls for the management of the accredited infrastructure (CA/RA); d) approval of operational standards and guidelines to followed. ii. Accreditation agencies to provide independent assurance that the facilities, practices and procedures used to issue certificates comply with this CP, the CPS and other relevant documentation (policy and legal). iii. Directory Service providers to provide a repository for certificates and certificate status information issued under this CP. 1.4 Certificate usage Appropriate certificate uses Certificates issued under this CP, in conjunction with their associated private keys, allow the DRCA to: i. self sign the DRCA certificate; ii. digitally sign a Sub CA certificate; iii. sign the operational certificates required by the PKI, including OCSP responder; and iv. sign its own internal log files. Certificates issued under this CP, in conjunction with their associated private keys, allow a Sub CA to: i. digitally sign end entity certificates; ii. digitally sign a certificate for any CA subservient to the Sub CA; iii. sign the operational certificates required by the PKI; and iv. sign its own internal log files. All other core component certificates will only be valid for use within the PKI and used for the authentication and confidentiality (as appropriate) of core component activities Prohibited certificate uses The prohibited uses for certificates issued under this CP are: i. for the DRCA, to sign certificates issued to end entity Subscribers; ii. to sign the certificate of a non DPKIPB approved CA; iii. iv. to validate the identity of a PKI operator (CMS ROs excepted); and to establish a Sub CA to conduct any transaction, or communication, which is any or all of the following: 2 NB. ROs operating the CMS use their Individual High Assurance certificate to log in to the system. DRCA & Sub CA CP, Version of 36

11 a) Unrelated to Defence business; b) Illegal; c) Unauthorised; d) Unethical, or e) Contrary to Defence policy. Engaging in a prohibited certificate use is a breach of the responsibilities and obligations agreed to by the PKI operators and Defence disclaims any and all liability in such circumstances. 1.5 Policy administration Organisation administering the document Contact person Authority determining CPS suitability for the policy CPS approval procedures 1.6 Definitions, acronyms and interpretation Acronyms and terms used in this CP are defined in the CPS. Note that defined terms in this CP appear in italics the first time they are used and otherwise are not identified in this manner when appearing later throughout the CP. Defined terms may be upper or lower case. The interpretation clause in part 3 of Appendix B of the CPS also applies to this CP. 2. PUBLICATION AND REPOSITORY RESPONSIBILITIES 2.1 Repositories 2.2 Publication of certification information Defence publishes the issuing CA certificate, and the issuing CA s latest CRL in its repository. This information is available to Relying Parties both internal and external of Defence. Defence provides for Subscribers and Relying Parties the URL of a website which Defence uses to publish: i. this CP; ii. the CP for any end entity certificates; and iii. the CPS. DRCA & Sub CA CP, Version of 36

12 2.3 Time or frequency of publication Published documentation is updated on approved changes. Defence CAs publish new certificates and CRLs as operationally required (see and relevant CP). 2.4 Access controls on repositories 3. IDENTIFICATION AND AUTHENTICATION 3.1 Naming Types of names Every certificate issued under this CP: i. must have a clear distinguishable and unique Distinguished Name (DN) in the certificate subjectname field; ii. the common name components of the name are unique to the PKI name space; iii. the DN will be approved by the DPKIPB; iv. the DRCA DN must be composed of ADOCA <Serial>; and v. the SubCAs DN must be composed of ADOCA <Serial>. The DN is in the form of a X.501 printable string and is not blank Need for names to be meaningful Names used to identify the PKI core components are based on their PKI role and serial number. Additionally, names are used to identify individual operators to allow for system auditing Anonymity or pseudonymity of Subscribers Not applicable Rules for interpreting various name forms No stipulation as there is only one form Uniqueness of names Names are unique within the Defence PKI name space Recognition, authentication, and role of trademarks 3.2 Initial identity validation Method to prove possession of private key Private Key generation of critical PKI core components is performed using Evaluation Assurance Level (EAL) 4 accredited Hardware Security Modules (HSMs). These private keys are generated internally which ensures that the private key is never exposed or accidentally released. To initiate the key DRCA & Sub CA CP, Version of 36

13 generation process the CA operator must use the HSM in the presence of the required staff as dictated by the Key Management Plan (KMP). All PKI Operators (DRCAOs, CAOs, RAAs, ROs etc) except RCs use hard token technology to generate and securely store private keys, with passphrase access controls. The key generation process requires the operator to enter their token s passphrase thereby proving the operator has possession of the token with the generated private key. Where soft tokens are used by RCs, certificate requests are submitted to the CA via PKCS#10 requests where proof of possession of the private key is ensured as the Key Pair is generated at the time the certificate request is created Authentication of Organization Identity To establish the DRCA or a Gatekeeper compliant Sub CA, the DPKIPB and the Gatekeeper Competent Authority must grant approval prior to the key generation ceremony. The establishment of other Defence Sub CAs requires DPKIPB approval prior to key generation. Generation of PKI core components must comply with the processes dictated in the KMP, which indicates that the key issuing process includes: i. identification of the infrastructure element and applicable Key Custodian; ii. witnessed generation of public and private keys; iii. generation of certificates; iv. verification by the Key Custodian that the key generation process was successful; and v. entry into the PKI Trusted Element Register of the applicable information concerning the newly generated key. Before issuing certificates to PKI Operators, the operator is required to perform a face to face identity verification that complies with the Gatekeeper Evidence of Identity (EOI) policy for a High Assurance certificate and be cleared to a minimum level of SECRET. In addition, the operator will need to be validated as being affiliated with Defence by confirmation of their existence in the Defence Directory Authentication of individual identity Not applicable Non verified Subscriber information Not applicable Validation of authority The PKI Operations Manager is responsible for ensuring that all PKI core components are validated in accordance with the PKI KMP Criteria for interoperation 3.3 Identification and authentication for re key requests Identification and authentication for routine re key The minimum identification and authentication requirements for routine re key are as per (Authentication of Organization Identity). Verification of the Operator s identity can occur as follows: i. as per initial registration; or DRCA & Sub CA CP, Version of 36

14 ii. use of a DPKIPB approved biometric. (Only if biometric was recorded during previous registration); or iii. proof of possession, and ability to exercise a current private key in which the DN matches a Federal or State Government issued photographic ID document. This method can only be used provided no more than 4 years has passed since the Operator has been identified using the Gatekeeper EOI policy for a High Assurance certificates, or uses an approved biometric. The DPKIPB may approve alternative methods to verify an operator s identity for special circumstances. These circumstances include: i. essential re key in locations where sufficient EOI is unavailable (e.g. Theatre of Operation); or ii. if such individuals do not have sufficient EOI documentation due to loss, theft or destruction of EOI documentation. Certificates issued under special circumstances will require authorisation by the DPKIPB based on the risks associated with the circumstances. This authorisation will impose a limit on the reuse of the method by the operator before reverting to standard method of verification (listed above). In addition, such certificates will have a defined validity period that is less than the normal certificate life of two years Identification and authentication for re key after revocation Re key is not allowed after revocation for CAs. For operators, Re Key after revocation shall occur in the same manner as for initial identity validation. 3.4 Identification and authentication for revocation request Revocation of certificates is in accordance with this section and 4.9 of this CP and the CPS. The PKI Operations Manager, or in their absence their nominated agent, must authenticate all requests for revocation of PKI core components and the reason for revocation. Prior to revocation, the operator verifies the authority of the requestor. The DPKIPB must approve all requests for revocation of the Defence CAs. Revocation of other PKI core components, including operator certificates, can be approved by the PKI Operations Manager or the Security Officer (SO). The revocation process provides an auditable record of this process, which includes at a minimum: i. the identity of the requestor; ii. the reason for requesting revocation; iii. the identity of the operator performing the revocation; and iv. the issuing CA name and serial numbers of the certificates authorised for revocation, or the reason for rejecting the revocation request. 4. CERTIFICATE LIFE CYCLE OPERATIONAL REQUIREMENTS 4.1 Certificate application Who can submit a certificate application People affiliated with Defence can submit a certificate application. Creation of CAs must be authorised by the DPKIPB. There is no subsequent submission of applications for the creation of PKI core components related to that CA. DRCA & Sub CA CP, Version of 36

15 4.1.2 Enrolment process and responsibilities The enrolment process and responsibilities are outlined in the PKI Operations Manual and KMP. 4.2 Certificate application processing Performing identification and authentication functions The PKI Operations Manager must ensure that each CA creation application is in accordance with the PKI KMP and undergoes: i. confirmation of approval for DRCA or Sub CA creation; and ii. validation of all information to be included in the certificate. As a minimum, two delegates nominated by the DPKIPB are required to witness the generation of CA keys. The PKI Operations Manager is not required to investigate or ascertain the authenticity of any document received by them as evidence of any matter required as part of the CA creation process unless they are aware, or should reasonably be aware, that the document is not authentic or they are otherwise required to do so by law Approval or rejection of certificate applications The DPKIPB approves or rejects CA certificate applications Time to process certificate applications No stipulation. 4.3 Certificate issuance CA actions during certificate issuance Notification to Subscriber by the CA of issuance of certificate Operators shall be notified when a certificate has been issued and of any requirements necessary to update the operator s token. 4.4 Certificate acceptance Conduct constituting certificate acceptance The PKI core components are deemed to have accepted a certificate when they exercise the private key Publication of the certificate by the CA The only certificates published will be the CA certificates. These will be published to the Defence repository and external repositories as per the CPS Notification of certificate issuance by the CA to other entities No stipulation. DRCA & Sub CA CP, Version of 36

16 4.5 Key pair and certificate usage Subscriber private key and certificate usage There are no end entity Subscribers to this CP. Certificate usage is defined above in 1.4 (Certificate Usage) and as such core components, other than CAs, may only be used within the PKI. Custodians shall protect private keys from access by other parties in accordance with the KMP. If the extended key usage extension is present and implies any limitation on the use of the certificate and/or private key, the CA will operate within those limitations Relying Party public key and certificate usage 1.4 (Certificate Usage) and (Relying Parties) detail the Relying Party public key and certificate usage and responsibilities. The interpretation and compliance with extended key usage attributes, and any associated limitations on the use of the certificate and/or private key, is in accordance with RFC Certificate renewal The DRCA and Sub CA certificates cannot be renewed; however, associated core components can be renewed Circumstance for certificate renewal The CPS defines the criteria for certificate renewals. Certificate renewal shall not permit an operator to avoid re key or the associated identification and authentication process. Renewal of revoked certificates is not permitted after revocation regardless of the reason for revocation Who may request renewal Same as per applications see (Who can submit a certificate application) Processing certificate renewal requests The process for certificate renewal is consistent with the enrolment process defined in 4.1 (Certificate Application), however identification and authentication complies with 3.3 (Identification and Authentication for Re Key Requests) Notification of new certificate issuance to Subscriber Operators shall be notified when a renewal certificate has been issued, and of any requirements necessary to update the operator s token Conduct constituting acceptance of a renewal certificate See (Conduct constituting certificate acceptance) Publication of the renewal certificate by the CA PKI core component renewed certificates will not be published. DRCA & Sub CA CP, Version of 36

17 4.6.7 Notification of certificate issuance by the CA to other entities Not applicable. 4.7 Certificate re key Circumstance for certificate re key See CPS for relevant circumstances. Loss or compromise of a current private key requires revocation Who may request certification of a new public key Certificate re key requests are made by an operator or the DPKIPB Processing certificate re keying requests The process for certificate re keying is consistent with the enrolment process defined in 4.1 (Certificate Application), however identification and authentication complies with 3.3 (Identification and Authentication for Re Key Requests) Notification of new certificate issuance to Subscriber The operator receives notification when a re keyed certificate is issued, or if a certificate request for re key is rejected. The DPKIPB receives notification of progress, issues and completion of DPKIPB initiated certificate rekeys Conduct constituting acceptance of a re keyed certificate See (Conduct constituting certificate acceptance) Publication of the re keyed certificate by the CA PKI core component re keyed certificates will not be published Notification of certificate issuance by the CA to other entities Not applicable. 4.8 Certificate modification Circumstance for certificate modification The circumstances permitted for certificate modification include: i. Details in the certificate relevant to the Operator have changed or been found to be incorrect; and ii. Interoperation with approved Third Party PKI, or Defence assets and systems, require certificate attributes or contents inserted, modified or deleted. The DPKIPB will determine other circumstances as appropriate Who may request certificate modification Certificate modification may be requested by: i. the DPKIPB, or ii. Operator DRCA & Sub CA CP, Version of 36

18 4.8.3 Processing certificate modification requests The process for certificate modification must comply with enrolment process defined in 4.1 (Certificate Application). The identification and authentication procedures must comply with 3.3 (Identification and Authentication for Re Key Requests) Notification of new certificate issuance to Subscriber The operator or key custodian receives notification when issued a modified certificate, or if rejection of a modification request occurs. The DPKIPB receives notification of progress, issues and completion of DPKIPB initiated certificate modifications Conduct constituting acceptance of modified certificate See (Conduct constituting certificate acceptance) Publication of the modified certificate by the CA See (Publication of the certificate by the CA) Notification of certificate issuance by the CA to other entities No stipulation. 4.9 Certificate revocation and suspension Circumstances for revocation Who can request revocation Procedure for revocation request Revocation requests for PKI core components are performed by an authorised Certificate Authority Operator (CAO) but must be validated by the PKI Operations Manager prior to initiation. The Disaster Recovery and Business Continuity Plan (DRBCP) details the revocation process for the DRCA and Sub CA in the event of an emergency. After verification, the CAO processes the revocation request using the PKI software, which captures an auditable record of the process. After a certificate is revoked, the CA includes the applicable certificate (certificate serial number) in the CRL that is signed by the CA and published in the repositories Revocation request grace period A grace period of one Operational Day is permitted. The DPKIPB, or an approved delegate, in exceptional circumstances (such as a security or law enforcement investigation), may approve a delay in the submission of a revocation request. An audit record of this approval is required, and must be submitted with the revocation request upon expiry of the approved delay. DRCA & Sub CA CP, Version of 36

19 4.9.5 Time within which CA must process the revocation request A CA shall process revocation requests for certificates issued under this CP promptly after receipt Revocation checking requirement for Relying Parties Before using a certificate, the Relying Party must validate it against the CRL. It is the Relying Party s responsibility to determine their requirement for revocation checking CRL issuance frequency (if applicable) CRLs for the DRCA are published when a Sub CA is revoked or monthly. CRLs for Sub CAs under this CP are published on each certificate revocation or at intervals no longer than 24 hours if there are no updates Maximum latency for CRLs (if applicable) The maximum latency between the generation and publication of CRLs is 3 days On line revocation/status checking availability Online Certificate Status Protocol service (OCSP) is available at: Refer to the relevant Certificate Profile in Appendix B if the certificate is issued with an OCSP access location reference (Authority Information Access extension), OCSP is available to the Relying Party as a certificate status checking method. The latest CRL is available from the published repositories; refer to 2.1 (Repositories) and the certificates CRL Distribution Point for further information On line revocation checking requirements No stipulation Other forms of revocation advertisements available Special requirements re key compromise No stipulation Circumstances for suspension This CP does not support certificate suspension Who can request suspension This CP does not support certificate suspension Procedure for suspension request This CP does not support certificate suspension Limits on suspension period This CP does not support certificate suspension. DRCA & Sub CA CP, Version of 36

20 4.10 Certificate status services 4.11 End of subscription 4.12 Key escrow and recovery Key escrow and recovery policy and practices Escrow, backup and archiving of private keys issued under this CP is permitted to enable the retrieval of keys in a disaster recovery situation. However, operator hard tokens shall not be backed up or cloned. Escrow, backup and archiving is to be undertaken in accordance with the PKI KMP. Retrieval will be undertaken in accordance with the PKI DRBCP recovery policy and practices Session key encapsulation and recovery policy and practices Symmetric keys are not required to be escrowed. 5. FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS 5.1 Physical controls 5.2 Procedural controls 5.3 Personnel controls 5.4 Audit logging procedures 5.5 Records archival 5.6 Key changeover DRCA & Sub CA CP, Version of 36

21 5.7 Compromise and disaster recovery 5.8 CA or RA termination 6. TECHNICAL SECURITY CONTROLS 6.1 Key pair generation and installation Key pair generation Key pair generation is via a combination of product and processes approved by the National Cryptographic Authority (NCA). Key pair generation is in accordance with the PKI KMP and as such: i. critical core components (e.g. CA, RA and KAS) generate keys within a HSM; ii. operators generate keys within a hard token or using EAL4 accredited software; and iii. non critical core components (e.g. Certificate Status Server, Registration Exchange) generate keys using EAL4 accredited software (and protect them within Personal Security Environment (PSE) files) Private Key delivery to Subscriber Private key delivery is in accordance with the PKI KMP. Private keys generated within hardware elements (tokens, HSMs) are not delivered. Soft tokens for core components are delivered direct to the PKI core component protected by a PSE file. RC keys are delivered on a PKCS#12 file, passphrase protected by the RC at the time of key generation Public key delivery to certificate issuer DRCA public keys are self generated and do not require delivery. SubCA public key delivery to the DRCA is a witnessed event, with the key being delivered via airgap in a PKCS#10 file, signed with the corresponding private key. Other PKI core components public keys are either delivered protected within the PKI software, or delivered to the issuer in a PKCS#10 file, signed with the corresponding private key CA public key delivery to Relying Parties Key sizes Keys used for this CP are in accordance with the PKI KMP and support either SHA1 or SHA2 for signing and RSA public key algorithm. The key sizes for: i. DRCA is a minimum of 2048 bits; ii. Sub CAs and components, other than operators, are a minimum 2048 bits; and iii. Operators are a minimum 1024 bits Public key parameters generation and quality checking DRCA & Sub CA CP, Version of 36

22 6.1.7 Key usage purposes (as per X.509 v3 key usage field) In addition to the key usage defined in 1.4, certificates include key usage extension fields to specify the purposes for which the Certificate may be used and also to technically limit the functionality of the certificate when used with the PKI software. Note that the CAs have key usages Digital Signature and Non Repudiation for the purpose of signing their own log entries. Key usages are specified in the Certificate Profile set forth in Appendix B. 6.2 Private key protection and cryptographic module engineering controls Cryptographic module standards and controls All cryptographic modules used with PKI core components have been evaluated under Common Criteria EAL4 and approved for the uses intended in this CP by the NCA and are listed on the Evaluated Products List Private Key (n out of m) multi person control Private Key escrow Escrow of private keys is permitted and occurs in accordance with the PKI KMP and the PKI DRBCP. Refer to CPS for escrow controls Private Key backup Private Key archival Private Key archival occurs in accordance with the PKI KMP and the PKI DRBCP Private Key transfer into or from a cryptographic module Private Key storage on cryptographic module Method of activating private key Activating private keys occurs by the CAO or RAO authenticating to the cryptographic module. For HSMs it is activated with the applicable physical key in the PIN Entry Device (PED). The session stays live until deactivated (see Method of deactivating private key) Method of deactivating private key Deactivation can be achieved via: i. shut down or restart of the system; ii. removal of the token; or iii. shut down of the service that operates the token. DRCA & Sub CA CP, Version of 36

23 Method of destroying private key Cryptographic Module Rating See (Cryptographic standards and controls). 6.3 Other aspects of key pair management Public key archival Certificate operational periods and key pair usage periods The DRCA certificate validity has a maximum period of 20 years to limit the key lifetime. A Sub CA certificate may have a validity period of up to ten years. Certificate lives and key pair usage for all other core components, other than Operators, complements the relevant CA they are associated with. Operator certificates have a maximum validity period of two years. 6.4 Activation data Activation data generation and installation To protect private keys, a passphrase is entered by the key custodian at the time of key generation. This passphrase is used to activate the key pair for usage. Other passphrases and PINs used within the PKI system are created by operators at the time of installation. All passwords must comply with Defence Password Policy. Lifecycle management of passphrases, passwords and PINs used in the system is in accordance with the PKI KMP and Defence Policy Activation data protection All passphrases used to activate core components are kept in accordance with Defence policy and PKI KMP Other aspects of activation data No stipulation. 6.5 Computer security controls 6.6 Life cycle technical controls 6.7 Network security controls DRCA & Sub CA CP, Version of 36

24 6.8 Time stamping 7. CERTIFICATE, CRL AND OCSP PROFILES Appendix B contains the formats for the certificates, and CRL profiles and formats relative to this CP. The certificates issued under this CP are: i. the Defence Root Certificate Authority; ii. sub CA certificates signed by the Defence Root Certificate Authority; iii. certificates issued to the PKI core components supporting a CA, such as the Registration Authority; and iv. certificates issued to the operators of the above components to ensure their abilities to undertake administration activities. 7.1 Certificate profile Version Numbers All certificates are X.509 Version 3 certificates Certificate Extensions See Appendix B Algorithm Object Identifiers Certificates under this CP will use one of the following OIDs for signatures. sha 1WithRSAEncryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 5} sha256withrsaencryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 11} Table 1 Signature OIDs Certificates under this CP will use one of the following OIDs for identifying the algorithm for which the subject key was generated. rsaencryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 1} Id ecpublickey {iso(1) member body(2) us(840) ansi x9 62(10045) public key type (2) 1} rsaencryption {iso(1) member body(2) us(840) rsadsi(113549) pkcs(1) pkcs 1(1) 1} Dhpublicnumber {iso(1) member body(2) us(840) ansi x942(10046) number type(2) 1} IdkeyExchangeAlgorithm {joint iso ccitt(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) algorithms(1) 22} Table 2 Algorithm OIDs CAs shall certify only public keys associated with the crypto algorithms identified above, and shall only use the signature crypto algorithms described above to sign certificates, CRLs and any other PKI product, including other forms of revocation such as OCSP responses Name Forms The Common Name (CN) component is based on the name assigned by the DPKIPB to the CA being created presented as a printable string. DRCA & Sub CA CP, Version of 36

25 All other DN components are fixed and defined in Appendix B Name Constraints Name constraints are not present Certificate Policy Object Identifier CA Certificates issued under this policy shall assert the OID { } for DRCA certificates or { } for Sub CA certificates. The DRCA and SubCA certificates shall also assert the anypolicy OID of { }. The SubCA certificate shall also assert the following OIDs representing Levels of Assurance of certificates issued: Individual: Low Medium High Very High Resources: Low Medium High Table 3 Level of Assurance OIDs Usage of Policy Constraints Extension Policy constraints are not present Policy Qualifiers Syntax and Semantics The only policy qualifiers that are permitted are the CPS Pointer qualifier and the User notice qualifier. The CPS Pointer, if used, shall contain a HTTP URI link to the Certification Practice Statement (CPS) published by the CA, or to a webpage from which the CPS can then be downloaded. The User notice, if used, shall only contain the explicittext field Processing Semantics for the Critical Certificate Policies Extension This policy does not require the certificate policies extension to be critical. Relying Parties whose client software does not process this extension do so at their own risk. 7.2 CRL profile Version Numbers CRLs issued under this CP shall assert a version number as described in the X.509 standard [ISO9594 8]. CRLs shall assert Version CRL and CRL Entry Extensions Detailed CRL profiles covering the use of each extension are available in Appendix B. DRCA & Sub CA CP, Version of 36

26 7.3 OCSP profile Version Numbers OSCP is implemented using version 1 as specified under RFC OCSP Extensions Refer to CPS and Validation Authority (VA) CP for full OCSP profile. 8. COMPLIANCE AUDIT AND OTHER ASSESSMENTS 8.1 Frequency or circumstances of assessment 8.2 Identity/qualifications of assessor 8.3 Assessor s relationship to assessed entity 8.4 Topics covered by assessment 8.5 Actions taken as a result of deficiency 8.6 Communication of results 9. OTHER BUSINESS AND LEGAL MATTERS 9.1 Fees Certificate issuance or renewal fees No stipulation Certificate access fees There is no fee for accessing Certificates from approved repositories Revocation or status information access fees There is no fee for accessing a CRL from approved repositories. DRCA & Sub CA CP, Version of 36