UNINETT J.Ølnes, O.E.Orøy and J.Skretting Policy Document Norwegian Computing Centre Category: Informational December 98 UNINETT PGP PCA Policy Statements Status of this Memo This memo provides information for the Internet community. Although it is written in the form and style of an RFC, it is not intended for publication as an RFC. Distribution of this memo is unlimited. Table of Contents 1. Introduction.......................................1 2. PGP PCA Identity...................................2 3. UNINETT - a Brief Overview.........................2 4. PGP PCA Scope and Purpose..........................2 5. PGP PCA Security & Privacy.........................3 5.1 Security Requirements Imposed on the PGP PCA.......3 5.2 Security Requirements Imposed on CAs...............4 5.3 Measures Taken to Protect the Privacy of Any Information Collected in the Course of Certifying CAs and (for CAs) Users............................4 6. Certification Policy...............................4 6.1 Policy and Procedures when Certifying CAs..........4 6.2 Policy and Procedures when Certifying Users........5 6.3 Naming Conventions.................................5 7. Certificate Management.............................5 7.1 Key Distribution...................................5 7.2 Key Revocation.....................................6 8. Distribution of Software...........................6 9. Security Considerations............................6 10. References.........................................6 11. Authors' Address...................................7 1. Introduction This document provides information about policy statements submitted by the UNINETT Pretty Good Privacy Policy Certification Authority (UNINETT PGP PCA). Its purpose is to provide information to members of the Internet community who wish to evaluate the trust they can place in a certification path that includes a certificate issued by the UNINETT PGP PCA, or to set up a CA to be certified by the UNINETT PCA. Ølnes, Orøy and Skretting Informational [Page 1] UNINETT UNINETT PGP PCA Policy Statements June 1997 2. PGP PCA Identity The Uninett PGP PCA will be identified by the name: "Uninett PGP Policy Certification Authority " The email address for the PGP PCA will be: pgp-ca@uninett.no The UNINETT PGP PCA will be run by: Norwegian Computing Centre Gaustadallien 23 P.O.Box 114 Blindern, N-0314 Oslo, Norway Contact person: Odd Egil Orøy Email: Odd.Egil.Oroey@nr.no Tel.: (+47) 22 85 25 00 Fax : (+47) 22 69 76 60 Duration: This policy is valid from June 1. 1997 to Jan. 1. 2000 Info about the PGP PCA is available at: http://www.uninett.no/pca/pgp.html 3. UNINETT - a Brief Overview UNINETT is a Limited Company (AS) operating the Norwegian network for academics and research. It is incorporated under Norwegian law, and it's company number is 968100211. More information is available from the UNINETT web server at: http://www.uninett.no/ 4. PGP PCA Scope and Purpose UNINETT already runs a PCA for certification of CAs (Certification Authority) issuing X.509 certificates, this service is named UNISA. The primary aim of the UNISA service is to build an infrastructure for PEM (Privacy Enhanced Mail)[1-4], although the certificates may be used for any purpose, for instance S/MIME. The PCA policy is documented in RFC 1875 [5]. The use of PGP (Pretty Good Privacy) [6] for protected transfer and storage of information has become widespread in the Internet community. The UNINETT PGP PCA shall act as a top level (root) CA within the UNINETT domain, realising a common point of trust for those PGP users within this domain that choose to be certified by CAs certified by the PGP PCA. Additionally the PGP PCA may facilitate establishment of trust paths between a PGP user within the UNINETT constituency and a PGP user outside of this constituency, by certification of the UNINETT PGP PCA against similar services in other constituencies. Where the certification must obey this policy. Ølnes, Orøy and Skretting Informational [Page 2] UNINETT UNINETT PGP PCA Policy Statements June 1997 The UNINETT PGP PCA service is an offer to PGP users within the domain. PGP users must deliberately choose to get certified by CAs certified by the PGP PCA, and no restrictions are implied on the ability of PGP users to sign the certificates of one another. PGP's trust model is the "web of trust". This is designed to work without any infrastructure, by having the users themselves sign certificates for one another. Experience shows that non-hierarchical structures, like a web of trust, have problems related to scaling. For the web of trust, the main problems are the length of chains of trust, and determining the degree of confidence one can have in the users that are involved in this chain. The idea behind the UNINETT PGP PCA is to utilise the infrastructure already established by UNINETT to offer a hierarchical trust model to PGP users. The confidence of PGP certificates issued under this hierarchy is determined by the certification policy defined in this document. The hierarchy consists of only two levels: the PGP PCA and CAs. This limits the length of the trust paths within the hierarchy. PGP users certified by CAs may in turn sign certificates of other PGP users, thus creating further levels, or shortcuts, in the hierarchy. Such certification is not within the scope of this policy or of the UNINETT PGP PCA. The CAs certified by the PGP PCA are certified as persons. It is assumed that a CA will predominantly work within its organisation, and the prime targets of the PGP PCA service are organisations within the UNINETT domain. However there is no restriction on a CA's right to sign certificates for persons outside its organisation, nor is the PGP PCA itself restricted to certify CAs only within the UNINETT domain. The only restriction is that the PGP PCA policy must be obeyed. 5. PGP PCA Security & Privacy 5.1 Security Requirements Imposed on the PGP PCA - The PGP PCA will run on a dedicated workstation with no network connection. The workstation shall be physically secured. - The PGP PCA will use a standard PGP implementation with keys stored on the disk of the workstation and all cryptographic processing in software. Use of a smartcard based implementation is a future option. - Exchanging data between the PGP PCA and the rest of the world will be done by use of tapes or floppy discs. - The public and private asymmetric keys of the PCA will have lengths of 1024 bits. - Backups from the PCA workstation must be stored in at least one off site location. Backups will be physically secured. Ølnes, Orøy and Skretting Informational [Page3] UNINETT UNINETT PGP PCA Policy Statements June 1997 5.2 Security Requirements Imposed on CAs - The person certified as CA may perform his/her CA tasks by use of the same PGP installation that he/she uses for PGP communication. This shall be a standard PGP implementation. - The CA's private key shall be accessible only through a IDEA/DES encrypted file storage, or through use of smartcards authorised by UNINETT PGP PCA. The key storage shall be protected by use of a pass phrase selected according to "best practice". - The PGP installation shall run on a workstation which may be connected to a network. The workstation must, however, be adequatly secured from attacks originating from an open network by applying "common sense" protection mechanisms. - The PGP installation shall be stored on a local disk connected to the workstation. If a smartcard is used, the card reader must be local to the workstation. - Backups must be physically secured. - The public and private asymmetric keys of the CA must have minimum lengths of 1024 bits. 5.3 Measures taken to protect the privacy of any information collected in the course of certifying CAs and (for CAs) users. Neither the PCA nor CAs will collect any security relevant information about users. Users and CAs will always generate their own key pairs. The only information stored are the CA certificates at the PGP PCA, which are considered as non-confidential information. 6. Certification Policy 6.1 Policy and Procedures when Certifying CAs In order to be certified, a CA must sign an agreement with the UNINETT PGP PCA stating the obligation to adhere to the agreed procedures. The person responsible for running the CA will be evaluated by the UNINETT PCA, in order to determine whether he/she exhibits the necessary qualifications and have access to the resources needed in order to run the CA securely. Ølnes, Orøy and Skretting Informational [Page4] UNINETT UNINETT PCA Policy Statements June 1997 The PGP PCA is responsible for sufficient validation of the identity of the person responsible for the CA. The CA must submit a copy of its public key to the UNINETT PGP PCA. The PGP PCA must check the name, email address and fingerprint associated with the key, before signing a PGP certificate for the CA. A UNISA validated PEM message incorporating the public key is sufficient for validation The CA shall subsequently sign the key of the UNINETT PGP PCA after sufficient validation of the correctness of this key. 6.2 Policy and Procedures when Certifying Users A user will generate his/her own key pair. A copy of the public key shall be sent to the CA by email. The user must then visit the CA carrying a proof of his/her identity, or by sending the public key as a UNISA validated PEM message, in that case further identification is unnecessary. A person's identity is verified by: - driver's licence - passport - bank card (Norwegian) The CA validates the user's public key by checking the fingerprint of the key, the user's name and email address. The CA then signs the user's key, and returns the result to the user. The user is then recommended to sign the CA's public key, following normal PGP procedures. 6.3 Naming Conventions Email addresses are used as unique identification of users. Identities are specified in PGP certificates as: Name [, Organisation] The name should be the real name of the user. The Organisation part is optional. The CA must ensure that name and email address are correct and that no naming conflicts will occure. 7. Certificate Management 7.1 Key Distribution UNINETT PGP PCA will maintain a list of names and key fingerprints for all authorised CAs. This will be published through a web page. UNINETT PGP PCA reserves the right to publish names of CAs whose keys have been compromised, or who otherwise do not anymore fulfil the requirements for the CA role. Ølnes, Orøy and Skretting Informational [Page5] UNINETT UNINETT PGP PCA Policy Statements June 1997 UNINETT will maintain a web page and an email enquiry service for information to users. All web pages for the service will be placed under http://www.uninett.no/pca/pgp.html No service for distribution of the users' PGP keys is offered. It is referred to existing key archives on the Internet. 7.2 Key Revocation Certificate Revocation Lists are not used with PGP. If a CA's private key is compromised, the CA must issue a "key compromise certificate". UNINETT PGP PCA will distribute this through its web pages, but the CA shall also ensure distribution of this information. Uninett PGP PCA reserve the right to publish the name of the CAs that are no longer considered trusted, even if a "key compromise certificate" has not been issued. All users certified by this CA should request new certificates. Procedures for revocation of users' keys are not covered by this policy. 8. Distribution of Software UNINETT PGP PCA will not distribute PGP software. It is referred to software archives on the Internet. Note that European PGP users must fetch the software from a non-US source. 9. Security Considerations Security issues are discussed throughout this memo. 10. References [1] Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures", RFC 1421, IAB IRTF PSRG, IETF PEM WG, February 1993. [2] Kent, S., "Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management", RFC 1422, IAB IRTF PSRG, IETF PEM, BBN, February 1993. [3] Balenson, D., "Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers", RFC 1423, IAB IRTF PSRG, IETF PEM WG, TIS, February 1993. [4] Kaliski, B., "Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services", RFC 1424, RSA Laboratories, February 1993. [5] Berge, N., "UNINETT PCA Policy Statements", RFC 1875, December 1995. [6] Zimmermann, P., "PGP Users Guide Volume I", October 1994. [7] Schneier, B., "E-mail security", John Wiley & Sons, Inc, 1995. Ølnes, Orøy and Skretting Informational [Page6] UNINETT UNINETT PGP PCA Policy Statements June 1997 11. Authors' Address Jon Ølnes, Odd Egil Orøy and Jonn Skretting Norwegian Computing Centre Gaustadalleen 23 P.O.Box 114 Blindern, N-0314 Oslo, Norway Phone: (+47) 22 85 25 00 Fax : (+47) 22 69 76 60 EMail: Jon.Olnes@nr.no, Odd.Egil.Oroey@nr.no, Jonn.Skretting@nr.no Ølnes, Orøy and Skretting Informational [Page 7]