WiMAX FORUM PROPRIETARY
WiMAX Forum® Network Architecture DRAFT-T32-006-R010v01-H
AeroMACS PKI Certificate Policy
Copyright Notice, Use Restrictions, Disclaimer, and Limitation of Liability
Copyright 2015WiMAX Forum. All rights reserved.
The WiMAX Forum® owns the copyright in this document and reserves all rights herein. This document is available for download from the WiMAX Forum and may be duplicated for internal useby the WiMAX Forum Members, provided that all copies contain all proprietary notices and disclaimers included herein. Except for the foregoing, this document may not be duplicated, in whole or in part, or distributed without the express written authorization of the WiMAX Forum.
Use of this document is subject to the disclaimers and limitations described below. Use of this document constitutes acceptance of the following terms and conditions:
THIS DOCUMENT IS PROVIDED “AS IS” AND WITHOUT WARRANTY OF ANY KIND. TO THE GREATEST EXTENT PERMITTED BY LAW, THE WiMAX Forum DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF TITLE, NONINFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE WiMAX ForumDOES NOT WARRANT THAT THIS DOCUMENT IS COMPLETE OR WITHOUT ERROR AND DISCLAIMS ANY WARRANTIES TO THE CONTRARY.
Any products or services provided using technology described in or implemented in connection with this document may be subject to various regulatory controls under the laws and regulations of various governments worldwide. The user is solely responsible for the compliance of its products and/or services with any such laws and regulations and for obtaining any and all required authorizations, permits, or licenses for its products and/or services as a result of such regulations within the applicable jurisdiction.
NOTHING IN THIS DOCUMENT CREATES ANY WARRANTIES WHATSOEVER REGARDING THE APPLICABILITY OR NON-APPLICABILITY OF ANY SUCH LAWS OR REGULATIONS OR THE SUITABILITY OR NON-SUITABILITY OF ANY SUCH PRODUCT OR SERVICE FOR USE IN ANY JURISDICTION.
NOTHING IN THIS DOCUMENT CREATES ANY WARRANTIES WHATSOEVER REGARDING THE SUITABILITY OR NON-SUITABILITY OF A PRODUCT OR A SERVICE FOR CERTIFICATION UNDER ANY CERTIFICATION PROGRAM OF THE WiMAX Forum OR ANY THIRD PARTY.
The WiMAX Forum has not investigated or made an independent determination regarding title or noninfringement of any technologies that may be incorporated, described or referenced in this document. Use of this document or implementation of any technologies described or referenced herein may therefore infringe undisclosed third-party patent rights or other intellectual property rights. The user is solely responsible for making all assessments relating to title and noninfringement of any technology, standard, or specification referenced in this document and for obtaining appropriate authorization to use such technologies, technologies, standards, and specifications, including through the payment of any required license fees.
NOTHING IN THIS DOCUMENT CREATES ANY WARRANTIES OF TITLE OR NONINFRINGEMENT WITH RESPECT TO ANY TECHNOLOGIES, STANDARDS OR SPECIFICATIONS REFERENCED OR INCORPORATED INTO THIS DOCUMENT.
IN NO EVENT SHALL THE WiMAX Forum OR ANY MEMBER BE LIABLE TO THE USER OR TO A THIRD PARTY FOR ANY CLAIM ARISING FROM OR RELATING TO THE USE OF THIS DOCUMENT, INCLUDING, WITHOUT LIMITATION, A CLAIM THAT SUCH USE INFRINGES A THIRD PARTY’S INTELLECTUAL PROPERTY RIGHTS OR THAT IT FAILS TO COMPLY WITH APPLICABLE LAWS OR REGULATIONS. BY USE OF THIS DOCUMENT, THE USER WAIVES ANY SUCH CLAIM AGAINST THE WiMAX Forum AND ITS MEMBERS RELATING TO THE USE OF THIS DOCUMENT.
The WiMAX Forum reserves the right to modify or amend this document without notice and in its sole discretion. The user is solely responsible for determining whether this document has been superseded by a later version or a different document.
“WiMAX,” “Mobile WiMAX,” “Fixed WiMAX,” “WiMAX Forum,” “WiMAX Certified,” “WiMAX Forum Certified,” “WiGRID,” the WiMAX Forum logo and the WiMAX Forum Certified logo are trademarks or registered trademarks of the WiMAX Forum. All other trademarks are the property of their respective owners.
Page - 1
WiMAX FORUM PROPRIETARY
WiMAX Forum® Network Architecture DRAFT-T32-006-R010v01-H
AeroMACS PKI Certificate Policy
Document Status
WiMAX Forum Document ID: / T32-006-R010-v01Document Title: / AeroMACS PKI Certificate Policy
Status: / Work in Progress / Draft / Issued / Closed
Distribution Restrictions: / Author Only / AeroMACS/ Member / AeroMACS/ Member/
Vendor / Public
Revision History
Revision / Date / RemarksA / 2015-10-13 / Initial Draft to propose structure and outline certificate profiles in section 7
B / 2015-10-14 / Outline of all future sections added for context
C / 2015-11-10 / Section 6 added and Section 7 updated
D / 2015-11-24 / Section 5 and 8 added
E / 2016-01-04 / Section 4 added
F / 2016-02-15 / Section 1-3 added and updated contents
G / 2016-02-17 / Changes Discussed in the PKI Task Group teleconference. Updated reference to server certificates separate from device certificates and added Chp 9.
H / 2016-02-19 / Revisions in chapter 9 to proposed standard language. Clarification throughout related to APPA
Key to Document Status Codes:
Work in Progress / An incomplete document, designed to guide discussion and generate feedback that may include several alternative requirements for consideration.Draft / A document in specification format considered largely complete, but lacking review by Members. Drafts are susceptible to substantial change during the review process.
Issued / A stable document, which has undergone rigorous review and is suitable for publication.
Closed / A static document, reviewed, tested, validated, and closed to further documentation change requests.
TABLE OF CONTENTS
WiMAX Forum® Network Architecture
1.Introduction
1.1Overview
1.2Identification
1.2.1Certificate Policy Name
1.2.2OID
1.3PKI Participants
1.3.1AeroMACS PKI Policy Authority
1.3.2Certification Authorities (CA)
1.3.3Certificate Status Authority (CSA)
1.3.4Registration Authorities (RA)
1.3.5Device Sponsors
1.3.6Relying Parties
1.3.7Other Participants
1.4Certificate Usage
1.4.1Appropriate Certificate Uses
1.4.2Prohibited Certificate Uses
1.5Policy Administration
1.5.1Organization Administering the Document
1.5.2Contact Person
1.5.3Person Determining CPS Suitability for the Policy
1.5.4CPS Approval Procedures
2.Publication and Repository Responsibilities
2.1Repositories
2.2Publication of Certification Information
2.2.1Publication of CA Information
2.2.2Availability of Information
2.3Time or Frequency of Publication
2.4Access Controls on Repositories
2.4.1Certificate Policy
2.4.2Certificates and CRLs
3.Identification and Authentication
3.1Naming
3.1.1Types of Names
3.1.2Need for Names to be Meaningful
3.1.3Anonymity or Pseudonymity of Devices
3.1.4Rules for Interpreting Various Name Forms
3.1.5Uniqueness of Names
3.1.6Recognition, Authentication, and Role of Trademarks
3.2Initial Identity Validation
3.2.1Method to Prove Possession of Private Key
3.2.2Authentication of Individual Identity
3.2.3Non-verified Device Information
3.2.4Validation of Authority
3.2.5Criteria for Interoperation
3.3Re-key Requests
3.3.1Identification and Authentication for Routine Re-key
3.3.2Identification and Authentication for Re-key after Revocation
3.4Identification and Authentication for Revocation Request
4.Certificate Life-cycle Operational Requirements
4.1Certificate Application
4.1.1Who Can Submit a Certificate Application
4.1.2Enrollment Process and Responsibilities
4.2Certificate Application Processing
4.2.1Performing Identification and Authentication Functions
4.2.2Approval or Rejection of Certificate Applications
4.2.3Time to Process Certificate Applications
4.3Certificate Issuance
4.3.1CA Actions During Certificate Issuance
4.3.2Notification to Device Sponsor by the CA of Issuance of Certificate
4.4Certificate Acceptance
4.4.1Conduct Constituting Certificate Acceptance
4.4.2Publication of the Certificate by the CA
4.4.3Notification of Certificate Issuance by the CA to Other Entities
4.5Key Pair and Certificate Usage
4.5.1Device Private Key and Certificate Usage
4.5.2Relying Party Public Key and Certificate Usage
4.6Certificate Renewal
4.6.1Circumstance for Certificate Renewal
4.6.2Who May Request Renewal
4.6.3Processing Certificate Renewal Requests
4.6.4Notification of new Certificate Issuance to Device
4.6.5Conduct Constituting Acceptance of a Renewal Certificate
4.6.6Publication of the Renewal Certificate by the CA
4.6.7Notification of Certificate Issuance by the CA to Other Entities
4.7Certificate Re-key
4.7.1Circumstance for Certificate Re-key
4.7.2Who May Request Certification of a New Public Key
4.7.3Processing Certificate Re-keying Requests
4.7.4Notification of New Certificate Issuance to Device Sponsors
4.7.5Conduct Constituting Acceptance of a Re-keyed Certificate
4.7.6Publication of the Re-keyed Certificate by the CA
4.7.7Notification of Certificate Issuance by the CA to Other Entities
4.8Certificate Modification
4.8.1Circumstance for Certificate Modification
4.8.2Who May Request Certificate Modification
4.8.3Processing Certificate Modification Requests
4.8.4Notification of New Certificate Issuance to Device
4.8.5Conduct Constituting Acceptance of Modified Certificate
4.8.6Publication of the Modified Certificate by the CA
4.8.7Notification of Certificate Issuance by the CA to Other Entities
4.9Certificate Revocation and Suspension
4.9.1Circumstances for Revocation
4.9.2Who can Request Revocation
4.9.3Procedure for Revocation Request
4.9.4Revocation Request Grace Period
4.9.5Time within which CA Must Process the Revocation Request
4.9.6Revocation Checking Requirement for Relying Parties
4.9.7CRL Issuance Frequency
4.9.8Maximum Latency for CRLs
4.9.9On-line Revocation/Status Checking Availability
4.9.10On-line Revocation Checking Requirements
4.9.11Other Forms of Revocation Advertisements Available
4.9.12Special Requirements Regarding Key Compromise
4.9.13Circumstances for Suspension
4.9.14Who can Request Suspension
4.9.15Procedure for Suspension Request
4.9.16Limits on Suspension Period
4.10Certificate Status Services
4.10.1Operational Characteristics
4.10.2Service Availability
4.10.3Optional Features
4.11End of Subscription
4.12Key Escrow and Recovery
4.12.1Key Escrow and Recovery Policy and Practices
4.12.2Session Key Encapsulation and Recovery Policy and Practices
5.Facility, Management, and Operational Controls
5.1Physical Controls
5.1.1Site Location and Construction
5.1.2Physical Access
5.1.3Power and Air Conditioning
5.1.4Water Exposures
5.1.5Fire Prevention and Protection
5.1.6Media Storage
5.1.7Waste Disposal
5.1.8Off-Site Backup
5.2Procedural Controls
5.2.1Corporate Controls
5.2.2Trusted Roles
5.2.3Number of Persons Required per Task
5.2.4Identification and Authentication for Each Role
5.2.5Roles Requiring Separation of Duties
5.3Personnel Controls
5.3.1Qualifications, Experience, and Clearance Requirements
5.3.2Background Check Procedures
5.3.3Training Requirements
5.3.4Retraining Frequency and Requirements
5.3.5Job Rotation Frequency and Sequence
5.3.6Sanctions for Unauthorized Actions
5.3.7Independent Contractor Requirements
5.3.8Documentation Supplied to Personnel
5.4Audit Logging Procedures
5.4.1Types of Events Recorded
5.4.2Frequency of Processing Log
5.4.3Retention Period for Audit Log
5.4.4Protection of Audit Logs
5.4.5Audit Log Backup Procedures
5.4.6Audit Collection System (Internal vs. External)
5.4.7Notification to Event-Causing Subject
5.4.8Vulnerability Assessments
5.5Records Archival
5.5.1Types of Events Archived
5.5.2Retention Period for Archive
5.5.3Protection of Archive
5.5.4Archive Backup Procedures
5.5.5Requirements for Time-Stamping of Records
5.5.6Procedures to Obtain and Verify Archive Information
5.6Key Changeover
5.7Compromise and disaster recovery
5.7.1Incident and Compromise Handling Procedures
5.7.2Computing Resources, Software, and/or Data Are Corrupted
5.7.3Private Key Compromise Procedures
5.7.4Business Continuity Capabilities after a Disaster
5.8CA, CSA, or RA Termination
6.TECHNICAL SECURITY CONTROLS
6.1Key Pair Generation and Installation
6.1.1Key Pair Generation
6.1.2Private Key Delivery to Devices
6.1.3Public Key Delivery to Certificate Issuer
6.1.4CA Public Key Delivery to Relying Parties
6.1.5Key Sizes
6.1.6Public Key Parameters Generation and Quality Checking
6.1.7Key Usage Purposes (as per X.509 v3 Key Usage Field)
6.2Private Key Protection and Cryptographic Module Engineering Controls
6.2.1Cryptographic Module Standards and Controls
6.2.2Private Key (n out of m) Multi-Person Control
6.2.3Private Key Escrow
6.2.4Private Key Backup
6.2.5Private Key Archival
6.2.6Private Key Transfer into or from a Cryptographic Module
6.2.7Private Key Storage on Cryptographic Module
6.2.8Method of Activating Private Key
6.2.9Method of Deactivating Private Key
6.2.10Method of Destroying Private Key
6.2.11Cryptographic Module Rating
6.3Other Aspects of Key Pair Management
6.3.1Public Key Archival
6.3.2Certificate Operational Periods and Key Pair Usage Periods
6.4Activation data
6.4.1Activation Data Generation and Installation
6.4.2Activation Data Protection
6.4.3Other Aspects of Activation Data
6.5Computer security controls
6.5.1Specific Computer Security Technical Requirements
6.5.2Computer Security Rating
6.6Life Cycle Technical Controls
6.6.1System Development Controls
6.6.2Security Management Controls
6.6.3Life Cycle Security Controls
6.7Network Security Controls
6.8Time-Stamping
7.CERTIFICATE, CRL, AND OCSP PROFILES
7.1Certificate Profile
7.1.1Version Number(s)
7.1.2Certificate Extensions
7.1.3Algorithm Object Identifiers (OIDs)
7.1.4Name Forms
7.1.5Name Constraints
7.1.6Certificate Policy Object Identifier
7.1.7Usage of Policy Constraints Extension
7.1.8Policy Qualifiers Syntax and Semantics
7.1.9Processing Semantics for the Critical Certificate Policies Extension
7.2CRL Profile
7.2.1Version Number(s)
7.2.2CRL and CRL entry extensions
7.3OCSP Profile
7.3.1Version Number(s)
7.3.2OCSP Extensions
8.Compliance Audit and Other Assessments
8.1Frequency or Circumstances of Assessment
8.2Identity and Qualifications of Assessor
8.3Assessor's Relationship to Assessed Entity
8.4Topics Covered by Assessment
8.5Actions Taken as a Result of Deficiency
8.6Communication of Results
9.Other Business and Legal Matters
9.1Fees
9.1.1Certificate Issuance or Renewal Fees
9.1.2Certificate Access Fees
9.1.3Revocation or Statue Information Access Fees
9.1.4Fees for other Services
9.1.5Refund Policy
9.2Financial Responsibility
9.2.1Insurance Coverage
9.2.2Other Assets
9.2.3Insurance or Warranty Coverage for End-Entities
9.3Confidentiality of Business Information
9.3.1Scope of Confidential Information
9.3.2Information not within the Scope of Confidential Information
9.3.3Responsibility to Protect Confidential Information
9.4Privacy of Personal Information
9.4.1Privacy Plan
9.4.2Information Treated as Private
9.4.3Information not Deemed Private
9.4.4Responsibility to Protect Private Information
9.4.5Notice and Consent to Use Private Information
9.4.6Disclosure Pursuant to Judicial or Administrative Process
9.4.7Other Information Disclosure Circumstances
9.5Intellectual Property Rights
9.6Representations and Warranties
9.6.1CA Representations and Warranties
9.6.2RA Representations and Warranties
9.6.3Device Representations and Warranties
9.6.4Relying Parties Representations and Warranties
9.6.5Representations and Warranties of Other Participants
9.7Disclaimers of Warranties
9.8Limitations of Liability
9.9Indemnities
9.10Term and Termination
9.10.1Term
9.10.2Termination
9.10.3Effect of Termination and Survival
9.11Individual Notices and Communications with Participants
9.12Amendments
9.12.1Procedure for Amendment
9.12.2Notification and Mechanism and Period
9.12.3Circumstances under which OID must be Changed
9.13Dispute Resolution Provisions
9.14Governing Law
9.15Compliance with Applicable Law
9.16Miscellaneous Provisions
9.16.1Entire Agreement
9.16.2Assignment
9.16.3Severability
9.16.4Enforcement (Attorneys’ Fees and Waiver of Rights)
9.16.5Force Majeure
9.17Other Provisions
10.References
11.Glossary
12.Abbreviations and Acronyms
TABLE OF TABLES
Table 1: Algorithm Type and Key Size
Table 2: keyUsage Extension for all CA certificates
Table 3: keyUsage Extension for all Device Certificates
Table 4: Certificate Profile Basic Fields
Table 5: Root CA Certificate Standard Extensions
Table 6: CA Certificate Standard Extensions
Table 7: Device Certificate Standard Extensions
Table 8: OCSP Certificate Standard Extensions
Table 9: subjectKeyIdentifier Extension for AeroMACS CA Certificates
Table 10: basicConstraints Extension for AeroMACS Root CA Certificates
Table 11: basicConstraints Extension for AeroMACS CA Certificates
Table 12: extKeyUsageExtension for AeroMACS Server Certificates
Table 13: Signature OIDS for Certificates
Table 14: subjectPublicKeyInfo for Certificates
Table 15: Root CA Certificate Issuer and Subject Fields
Table 16: CA Certificate Subject Fields
Table 17: Device Certificate Subject Fields
Table 18: certificatePolicies Extension for AeroMACS Certificates
Table 19: CRL Profile Basic Fields
Page - 1
WiMAX FORUM PROPRIETARY
WiMAX Forum® Network Architecture DRAFT-T32-006-R010v01-H
AeroMACS PKI Certificate Policy
1.Introduction
1.1Overview
AeroMACS (Aeronautical Mobile Airport Communications System) is the broadband wireless technology based on WiMAX intended to support the transmission of safety and traffic control data for both fixed and mobile applications on the airport surface. To support secure communication between end-points, AeroMACS requires digital certificate based strong authentication across the AeroMACS system.
This Certificate Policy (CP) defines the procedural and operational requirements that AeroMACS requires entities to adhere to when issuing and managing digital certificates within the AeroMACSPublic Key Infrastructure (PKI). AeroMACS’ certificates are control by the AeroMACSPKI Policy Authority (APPA) that determines how this CP applies to Certificate Authorities (CAs), Registration Authorities (RAs), Certificate Status Authority (CSAs), Device Sponsors, Relying Parties and other PKI entities that interoperate with or within the AeroMACS PKI.
A Certificate issued in accordance with this CP conveys within theAerospace Community a level of digital identity assurance associated with the Subject of theCertificate. Certificates created within this PKI will be medium-assurance certificates for devices with hardware cryptographic modules. In this document, the term “device” means a non-person entity, i.e., a hardware device or software application.
A PKI that uses this CP will provide the following security management services:
- Key generation and storage
- Certificate generation, modification, re-key, and distribution
- Certificate Revocation List (CRL) generation and distribution
- Directory management of certificate related items
- Certificate token initialization, programming, and management
- System management functions to include security audit, configuration management, and archive
This policy establishes requirements for the secure distribution of self-signed root certificates for use as trust anchors. These constraints apply only to CAs that chose to distribute self-signed certificates, such as a hierarchical PKI’s root CA.
This CP is only one of several documents that govern the AeroMACS PKI. Other important documents include the Certification Practice Statements (CPS), registration authority agreements, Subscriber Agreements, privacy policies, and memoranda of agreement.
It is consistent with the Internet Engineering Task Force (IETF) PublicKey Infrastructure X.509 (IETF PKIX) RFC 3647, Internet X.509 Public Key InfrastructureCertificate Policy and Certification Practice Statement Framework as well as theAviation Industry Standards for Digital Information Security (ATA Spec 42).
1.2Identification
1.2.1Certificate Policy Name
This document shall be named the AeroMACS PKI Certificate Policy (CP). It shall furthermore have an assurance-level designation, according to the OID from Section 1.2.2under which this document is referenced. For example, this document may be referenced as the AeroMACSMedium-Assurance Certificate Policy.
1.2.2OID
Certificates issued in accordance with this Certificate Policy shall be known by the following OIDs, depending on the level of assurance to be conveyed:
- Medium-Assurance (Software):
- {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1)AeroMACS (?????[SJ1]) Medium(3) Software(1)}
1.3PKI Participants
1.3.1AeroMACSPKI Policy Authority
ICAO is the AeroMACS PKI Policy Authority (APPA). The APPA is responsible for:
- Approving and Maintaining this CP,
- Approving the CPS for each CA that issues certificates under this policy,
- Approving the compliance audit report for each CA issuing certificates under this policy, and
- Ensuring continued conformance of each CA that issues certificates under this policy with applicable requirements as a condition for allowing continued participation.
1.3.2Certification Authorities (CA)
Any Entity providing services, or wishing to provide services, to the global Air Transport orAerospace Communities may, with the authorization of the APPA, operate a CA and issue certificates in accordance with this CP,provided all provisions of this CP are followed.
The CA is the collection of hardware, software and operating personnel that create, sign, and issue public key certificates to devices. The CA is responsible for issuing and managing certificates including:
- The certificate manufacturing process
- Publication of certificates
- Revocation of certificates
- Generation and destruction of CA signing keys
- Ensuring that all aspects of the CA services, operations, and infrastructure related to certificates issued under this CP are performed in accordance with the requirements, representations, and warranties of this CP.
1.3.3Certificate Status Authority (CSA)
PKIs may optionally include an authority that provides status information about certificates on behalf of a CA through on-line transactions. In particular, PKIs may include Online Certificate Status Protocol (OCSP) responders to provide on-line status information. Such an authority is termed a certificate status authority (CSA). Where the CSA is identified in certificates as an authoritative source for revocation information, the operations of that authority are considered within the scope of this CP. A Certificate Status Authority shall assert all the policy OIDs for which it is authoritative. Examples include OCSP servers that are identified in the authority information access (AIA) extension. OCSP servers that are locally trusted, as described in RFC 2560, are not covered by this policy.
1.3.4Registration Authorities (RA)
The registration authorities (RAs) collect and verify each device’s identity and information that is to be entered into the device’s public key certificate. The RA performs its function in accordance with a CPS approved by the APPA. The RA is responsible for:
- Control over the registration process
- The identification and authentication process
1.3.5Device Sponsors
A device sponsor is a person who requests a certificate on behalf of a device within the AeroMACS ecosystem. The device sponsor asserts that the device will use the key and certificate in accordance with the certificate policy asserted in the certificate.
1.3.6Relying Parties
A Relying Party is an entity that relies on the validity of the binding of the device's name to a Public Key. The Relying Party is responsible for deciding whether or how to check the validity of the Certificate by checking the appropriate certificate status information. The Relying Party can use the Certificate to verify the integrity of a digitally signed message, to identify the creator of a message, or to negotiate session keys for the establishment of confidential communications with the holder of the Certificate. A Relying Party may use information in the Certificate (such as Certificate Policy identifiers) to determine the suitability of the Certificate for a particular use.