Euro-PacketCable Certificate Requirements



Similar documents
How To Issue A Certificate On A Cablelabs Device (Cablelabs) To A Certificate Request Agent (Cra)

Forum of European Supervisory Authorities for Electronic Signatures (FESA) Working Paper on Qualified Certificates for Automatically Signing Systems

How to generate SSL certificates for use with a KVM box & XViewer with XCA v0.9.3

CMS Requirements Euro-PacketCable Qualification

SCS: the new Server Certificate Service offering from SWITCH/TERENA

SSL Peach Pit User Guide. Peach Fuzzer, LLC. Version

Securing Web Access with a Private Certificate Authority

Working with Certificate and Key Files in MatrixSSL

ETSI TS V1.1.1 ( )

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

Creation and Management of Certificates

DOCSIS/EuroDOCSIS 3.0 Cable Modems

Provisioning of VoIP Phones

Using the Motorola SSL Mobile VPN Solution with MSP

IBM WebSphere Application Server

Google Cloud Print. Administrator's Guide

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

Virtual Private Network with OpenVPN


Manage Address Book. Administrator's Guide

TLS and SRTP for Skype Connect. Technical Datasheet

Boundary Encryption.cloud Deployment Process Overview

Activating HTTPS using wildcard certificate in Horizon Application Manager 1.5

SSL Management Reference

Secure Held Print Jobs. Administrator's Guide

Device Certificates on Polycom Phones

CA/Browser Forum. Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.0

X.509 and SSL. A look into the complex world of X.509 and SSL UUASC 07/05/07. Phil Dibowitz

Dell Statistica. Statistica Document Management System (SDMS) Requirements

Do Web Browsers Obey Best Practices When Validating Digital Certificates?

Bugzilla ID: Bugzilla Summary:

Generating and Installing SSL Certificates on the Cisco ISA500

Mise en pratique : installation d'openvpn sur OpenWRT

Using VMware vcenter SSO 5.5 with VMware vcloud Automation Center 6.1

Credit Card Processing Overview

Replacing Default vcenter Server 5.0 and ESXi Certificates

Yealink Technical White Paper. Contents. About VPN Types of VPN Access VPN Technology... 3 Example Use of a VPN Tunnel...

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Quest Privilege Manager Console Installation and Configuration Guide

Device Provisioning in Cable Environments

How To Validate a Digitally Signed PDF document. [7 th September 2006] SECURITY TRUST COMPLIANCE REGIONALITY

VoIP: Architectural Differences of SIP and MGCP/NCS Protocols and What It Means in Real World VoIP Service

CardControl. Credit Card Processing 101. Overview. Contents

Installation and Configuration Guide

VoIP Troubleshooting From the Headend. Ruth Cloonan October 25, 2007

Replacing VirtualCenter Server Certificates VMware Infrastructure 3

Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide

Australian Business Number Digital Signature Certificate (ABN-DSC)

CableLabs DIGITAL CERTIFICATE AUTHORIZATION AGREEMENT For Devices Built in Compliance with the DOCSIS 3.0 and 3.1 Specifications

IPv6 Broadband and Cable NANOG46 John Jason Brzozowski

Encryption. Administrator Guide

Web Security Firewall Setup. Administrator Guide

Using Cisco UC320W with Windows Small Business Server

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

Cisco EXAM Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) Buy Full Product.

Support Advisory: ArubaOS Default Certificate Expiration

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Wireless VPN White Paper. WIALAN Technologies, Inc.

Patch Management Reference

VoIP Intercom with Allworx 6x Server Setup Guide

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

National Certification Authority Framework in Sri Lanka

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Symantec AntiVirus Corporate Edition Patch Update

Network Security Protocols

Secure PostgreSQL Deployments

Symantec Mobile Management 7.2 MR1Quick-start Guide

Security Analytics Engine 1.0. Help Desk User Guide

Cisco Prime Cable Provisioning 5.0

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

IBM Tivoli Network Manager 3.8

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

PROCUREMENT CARD US BANK ACCESS ONLINE SYSTEM USER GUIDE

VMware vcenter Server 5.5 Deploying a Centralized VMware vcenter Single Sign-On Server with a Network Load Balancer

Importing data from Linux LDAP server to HA3969U

Integrating Juniper Netscreen (ScreenOS)

SURFboard SBV4200 VoIP Cable Modem User Guide. Introduction. Before You Begin. Installation and Configuration Overview. Troubleshooting.

Series B Information on the Transposition of Directive 2006/24/EC

ETSI TS V1.1.1 ( )

The Secure Sockets Layer (SSL)

Deploying System Center 2012 R2 Configuration Manager

Print Management. User's Guide

AD RMS Step-by-Step Guide

Syncplicity On-Premise Storage Connector

Tech Note 743 Configuring Reporting Services 2008 Configuration for a New Host Name in Windows 2008 R2

SecureW2 Client for Windows User Guide. Version 3.1

VoIP Ceiling Speaker with Allworx 6x Server Setup Guide

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

InstaFile. Complete Document management System

Patch Management Reference

Introducing STAR-GATE Enhancements for Packet Cable Networks

Version 9. Generating SSL Certificates for Progeny Web

Server based signature service. Overview

Transcription:

= T E S T I N G Euro-PacketCable Certificate Requirements --- Project Reference --- Document Reference : Euro-PacketCable Certificate Requirements v9.0 Revision : 9.0 Author(s) : testing@excentis.com Date : November 15, 2006 Distribution : www.excentis.com

This document was prepared by Excentis. This document is furnished on an AS IS basis and Excentis provides not any representation or warranty, expressed or implied, regarding its accuracy, completeness, or fitness for a particular purpose. Distribution of this document is restricted pursuant to the terms of separate access agreements negotiated with each of the parties to whom this document has been furnished. All rights reserved. 2006 = www.excentis.com page 2/8

1 Introduction While Euro-PacketCable uses the security specifications from PacketCable [PKT-SP-SEC], some changes are needed in relation to the digital certificates that are used in a Euro-PacketCable environment. This document outlines these differences and specifies the structure and required information needed for Euro-PacketCable certificates. To keep Euro-PacketCable and PacketCable as much alike as possible, Euro-PacketCable uses all PacketCable security technology, including new revision of the security specifications [PKT-SP-SEC]. This document describes the elements of the Euro-PacketCable certificates that are different from the PacketCable certificates. For Euro-PacketCable the Euro-PacketCable certificates are the only valid certificates, any requirements that are stated in [PKT-SP-SEC] for PacketCable which refer to PacketCable Certificates are changed to the corresponding requirements for the Euro-PacketCable certificates. Euro-PacketCable compliant embedded MTAs MUST have the Euro-DOCSIS root CVC CA s public key stored in the CM s non-volatile memory instead of the DOCSIS CVC CA s public key. Euro-PacketCable compliant standalone MTAs must have the Euro-PacketCable CVC Root Certificate and the Euro-PacketCable CVC CA certificate stored in non-volatile memory. The CVC of manufacturers are verified by checking the certificate chain. 2 MTA device Certificate Hierarchy 2.1 Introduction The MTA device Certificate Hierarchy is used to authenticate MTA devices to servers. Figure 1 shows the MTA device hierarchy. Euro-PacketCable MTA Root Euro-PacketCable MTA Mfg Euro-PacketCable MTA device Figure 1: MTA device certificate hierarchy The MTA root CA is used to authenticate MTA Mfg (Manufacturing) certificates, the MTA Mfg certificate is used to authenticate the MTA device certificates. The following sections specify the requirements for the different certificates. 2006 = www.excentis.com page 3/8

2.2 Euro-PacketCable Root Device Certificate The Euro-PacketCable Root Device Certificate has the following attributes: countryname=be organizationname=tcomlabs organizationalunitname=euro-packetcable commonname= Euro-PacketCable Root Device Certificate Authority The countryname, organizationname, organizationalunitname and commonname attributes MUST be included and MUST have the values shown. Other attributes are not allowed and MUST NOT be included. 2.3 MTA manufacturer and device certificate Please note that the <Company Name> in the organizationname MAY be different from the<company Name> in the <commonname> for the manufactuer certificates. The MTA manufacturer certificate has the following attributes: countryname = <Country of Manufacturer> organizationname = <Company Name> [stateorprovincename = <state/province>] [localityname = <City>] organizationalunitname = Euro-PacketCable [organizationalunitname = <Manufacturing Location>] commonname = <Company Name> Euro-PacketCable CA The MTA device certificate has the following attributes: countryname = <Country of Manufacturer> organizationname = <Company Name> [stateorprovincename = <state/province>] [localityname = <City>] organizationalunitname = Euro-PacketCable [organizationalunitname= <Product Name>] [organizationalunitname = <Manufacturing Location>] commonname = <MAC Address> 2006 = www.excentis.com page 4/8

3 Service Provider CA certificate hierarchy 3.1 Introduction The Service Provider CA Certificate Hierarchy is used to authenticate servers to MTA devices. Figure 2 shows the Service Provider CA certificate hierarchy. The Service Provider root CA is used to authenticate Telephony Service Provider certificates. The certificates for the KDC and DF can be authenticated directly by the Telephony Service Provider Certificate; alternatively they can be authenticated by a local system operator certificate which is authenticated by the Telephony Service Provider certificate. tcomlabs S.P. Root Service Provider Local Sys Oper KDC Server DF Figure 2: Service Provider Certificate Hierarchy 3.2 Euro-PacketCable Service Provider Root Certificate The Euro-PacketCable Service Provider Root Certificate has the following attributes: countryname=be organizationname=tcomlabs commonname=tcomlabs Service Provider Root CA 3.3 Service Provider CA Certificate The Service Provider CA Certificate has the following attributes: commonname = <Company> tcomlabs Service Provider CA 2006 = www.excentis.com page 5/8

3.4 Local System CA Certificate The Local System CA certificate has the following attributes: organizationalunitname = <Local System Name> commonname = <Company> tcomlabs Local System CA 3.5 Key Distribution Center Certificate The Key Distribution Center Certificate has the following attributes: [organizationalunitname = <Local System Name>] organizationalunitname = tcomlabs Key Distribution Center commonname = <DNS Name> 3.6 Delivery Function Certificate The Delivery Function Certificate has the following attributes: [organizationalunitname = <Local System Name>] organizationalunitname = Euro-PacketCable Electronic Surveillance commonname = <IP address> 3.7 Euro-PacketCable Server Certificate The Euro-PacketCable Server Certificate has the following attributes: organizationalunitname = Euro-PacketCable [organizationalunitname = <Local System Name>] organizationalunitname = <Sub-system Name> commonname = <Server Identifier[:<Element ID>]> Please refer to [PKT-SP-SEC] for additional specifications on the commonname. 2006 = www.excentis.com page 6/8

4 Euro-PacketCable Code Verification Certificate Hierarchy 4.1 Introduction Figure 3 describes the CVC (Code Verification Certificate) hierarchy. tcomlabs CVC Root tcomlabs CVC CA Manufacturer CVC Serv. prov. CVC Figure 3: Code Verification Certificate Hierarchy The Code Verification Certificate Hierarchy is generic in nature and can also be used for other projects. For embedded MTAs the Euro-DOCSIS Code Verification Certicate Hierarchy, specified in [Euro-DOCSIS Baseline Privacy Plus requirements]), is used instead of the Euro-PacketCable CVC Root. 4.2 Euro-PacketCable Code Verification Certificate Root Certificate The Euro-PacketCable Code Verification Root Certificate has the following attributes: countryname = BE organizationname = tcomlabs commonname = tcomlabs CVC Root CA 4.3 Euro-PacketCable Code Verification CA Certificate The Euro-PacketCable Code Verification CA Certificate has the following attributes: countryname = BE organizationname = tcomlabs commonname = tcomlabs CVC CA 4.4 Manufacturer Code Verification Certificate The Manufacturer Code Verification Certificate has the following attributes: organizationname = <Company Name> 2006 = www.excentis.com page 7/8

[stateorprovincename = <state/province>] [localityname = <City>] commonname = <Company Name> Mfg CVC The Manufacturer Code Verification Certificate is signed by the Euro-PacketCable Code Verification CA Certificate. 4.5 Service Provider Code Verification Certificate The Service Provider Code Verification Certificate has the following attributes: organizationname = <Company Name> [stateorprovincename = <state/province>] [localityname = <City>] commonname = <Company Name> Service Provider CVC The Service Provider Code Verification Certificate is signed by the Euro-PacketCable Code Verification CA Certificate. 5 References [PKT-SP-SEC] PacketCable Security Specification, www.packetcable.com [Euro-DOCSIS Baseline Privacy Plus requirements] Euro-DOCSIS Baseline Privacy Plus requirements, www.excentis.com 2006 = www.excentis.com page 8/8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information