ITU-T X 843-2000 Information Technology - Security Techniques - Specification of TTP Services to Support the Application of Digital Signatures Series X Data Networks and Open Syste.pdf

1、INTERNATIONAL TELECOMMUNICATION UNION ITU=T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU X.843 (1 0/2000) SERIES X: DATA NETVVORKS AND OPEN SYSTEM COM M U N CATIONS Security Information technology - Security techniques - Specification of TTP services to support the application of digital signatur

2、es ITU-T Recommendation X.843 (Formerly CCIT Recommendation) IT-T X-SERIES RECOMMENDATIONS DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS PUBLIC DATA NETWORKS Services and facilities Interfaces Transmission, signalling and switching Network aspects Maintenance Administrative arrangements Model and not

3、ation Service definitions Connection-mode protocol specifications Connectionless-mode protocol specifications PICS proformas Protocol Identification Security Protocols Layer Managed Objects Conformance testing General Satellite data transmission systems IP-based networks MESSAGE HANDLING SYSTEMS DIR

4、ECTORY OS1 NETWORKING AND SYSTEM ASPECTS Networking Efficiency Quality of service Naming, Addressing and Registration Abstract Syntax Notation One (ASN.1) Systems Management hework and architecture Management Communication Service and Protocol Structure of Management Idormation Management functions

5、and ODMA functions OPEN SYSTEMS INTERCONNECTION INTERWORKING BETWEEN NETWORKS OS1 MANAGEMENT I - SE a OS1 APPLICATIONS Commitment, Concurrency and Recovery Transaction processing Remote operations OPEN DISTRIBUTED PROCESSING X.1-X.19 X.20-X.49 X.50-X.89 X.90-X. 149 X.150-X.179 x. 180-x. 199 X.200-X.

6、209 X.210-X.219 X.220-X.229 X.230-X.239 X.240-X.259 X.260-X.269 X.270-X.279 X.280-X.289 X.290-X.299 X.300-X.349 X.350-X.369 x.370-x.399 X.400-X.499 X.500-X.599 X.600-X.629 X.630-X.639 x.640-x.649 X.650-X.679 X.680-X.699 X.700-X.709 X.710-X.719 X.720-X.729 x.730-x.799 a X.800-X849 X.850-X.859 X.860-X

7、.879 X.880-X.899 X.900-X.999 Forhrther details, please refer to the list of ITU-T Recommendations. INTERNATIONAL STANDARD ISO/IEC 15945 ITU-T RECOMMENDATION X.843 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SPECIFICATION OF TTP SERVICES TO SUPPORT THE APPLICATION OF DIGITAL SIGNATURES Summary Thi

8、s Recommendation I International Standard defines the services required to support the application of digital signatures for non-repudiation of creation of a document. Since this implies integrity of the document and authenticity of the creator, the services described can also be combined to impleme

9、nt integrity and authenticity services. Source IT-T Recommendation X.843 was prepared by ITU-T Study Group 7 (1997-2000) and approved by the World Telecommunication Standardization Assembly (Montreal, 27 September - 6 October 2000). An identical text is also published as ISO/IEC 15945. ITU-T X.843 (

10、10/2000 E) i FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The Telecommunication Standardization Sector (-T) is a permanent organ of . ITU-T is responsible for studying technical, operating and tariff questions a

11、nd issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standarhtion Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these

12、 topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with IS0 and EC. NOTE In this Recommendation, the express

13、ion “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. INTELLECTUAL PROPERTY RIGHTS draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual

14、 Property Right. takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by IT members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, had not received notice of int

15、ellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. o 2001 All rights reserved. No part of this pu

16、blication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from ITU. u ITU-T X.843 (10/2000 E) CONTENTS Scope Normative references 2.1 Identical Recommendations I International Standards . 2.2 Add

17、itional references . Definitions Abbreviations Descriptive classification of services 5.1 Certificate management services . 5.2 Key management services . 5.3 Other services Minimal certificate and CRL profile . 6.1 Minimal certificate profile . 6.2 Minimal CRL profile . Certificate management messag

18、es 7.1 Overview of certificate management services and messages 7.2 Assumptions and restrictions for some of the services Data structures for certificate management messages 8.1 Overall message 8.2 Common Data Structures 8.3 8.4 8.5 Transport protocols 8.6 Complete ASN . 1 Module Online Certificate

19、Status Protocol 9.1 Protocol Overview . 9.2 Functional Requirements . 9.3 Detailed Protocol . 9.4 ASN.1 Module for OCSP Data structures specific for Certificate Request Messages of type CerReq Data structures specific for other messages . Annex A . Interworking Annex B . Algorithms . B.l Hash Algori

20、thms B.2 Digital Signature Algorithms . Annex C - Bibliography ITU-T X.843 (10/2000 E) Page 1 1 2 2 3 4 5 5 8 9 10 10 11 11 12 15 19 19 22 24 29 32 32 40 40 42 43 41 50 51 51 51 52 . u1 Introduction Today the development of information technology, as well as that of the worldwide communication infia

21、structure, opens the possibility to implement electronic commerce in economically relevant dimensions. Digital signatures are an important technique to add security to these commercial applications and to other application fields with a need for legally effective electronic transactions. Digital sig

22、natures are suitable to assure the integrity of data and the authentication of participants in transactions. They can supply an analogue of the handwritten signature for digital orders, offers and contracts. The most important property of digital signatures in this context is that a person who signe

23、d a document cannot successfully deny this fact. This property is called “non-repudiation of creation“ of a document. In several countries and in international contexts, legislation concerning digital signatures is being pushed forward with the aim to support the development of electronic commerce a

24、nd other application fields with a need for legally effective electronic transactions. A number of standards exist that speciQ digital signatures, as well as their use for different purposes, like non-repudiation or authentication. A number of commercial applications, as well as TTPs offering servic

25、es in connection with digital signatures, are implemented or planned. Interoperability of these TTPs, among each other and with the commercial applications, is needed for an economically and legally effective worldwide use of digital signatures. The goal of this Recommendation 1 International Standa

26、rd is to define the services required to support the application of digital signatures for non-rqudiation of creation. Since the use of digital signature mechanisms for non-repudiation of creation of a document implies integrity of the document and authenticity of the creator, the services described

27、 in this Recommendation I International Standard can also be combined to implement integrity and authenticity services. This is done in a way to promote interoperability among TTPs as well as between TTPs and commercial applications. NOTE - There is no inherent reason why evq TP planning to support

28、the application of digitai signatures should be required to offer ail of these services. It is possible that a number of TPs offering different services cooperate in supporting the use of digital signatures. But, fiom the view of the potential commercial applications, the whole range of the services

29、 may be required and interoperability becomes even more important in this scenario. This is an additional justification to collect ail these services together in one document. iv ITU-T X.843 (10/2000 E) ISO/IEC 159452001 (E) INTERNATIONAL STANDARD ITU-T RECOMMENDATION INFORMATION TECHNOLOGY - SECURI

30、TY TECHNIQUES - SPECIFICATION OF TTP SERVICES TO SUPPORT THE APPLICATION OF DIGITAL SIGNATURES 1 Scope This Recommendation I International Standard will define those TTP services needed to support the application of digital signatures for the purpose of non-repudiation of creation of documents. This

31、 Recommendation I International Standard will also define interfaces and protocols to enable interoperability between entities associated with these TTP services. Definitions of technical services and protocols are required to allow for the implementation of TTP services and related commercial appli

32、cations. This Recommendation I Intemational Standard focuses on: - implementation and interoperability; - service specifications; and - technical requirements. This Recommendation I International Standard does not describe the management of TTPs or other organizational, operational or personal issue

33、s. Those topics are mainly covered in ITU-T Rec. X.842 I ISO/IEC TR 14516, Information technology - Security techniques - Guidelines on the use and management of Trusted ird Party services. NOTE 1 - Because interoperability is the main issue of this Recommendation I International Standard, the follo

34、wing restrictions hold Only those services which may be offered by a TTP, either to end entities or to another “, are covered in this Recommendation I International Standard. Only those services which may be requested andor delivered by means of standardizable digital messages are covered. Only thos

35、e services for which widely acceptable standardized messages can be agreed upon at the time this Recommendation I International Standard is published are specified in detaii. Further services will be specified in separate documents when widely acceptable standardized messages are available for thm I

36、n particular, time stamping services will be dened in a separate document. NOTE 2 - The daa structures and messages in this Recommendation I International Standard wiU be specified in accordance to RFC documents, RFC 2510 and RFC 2511 (for certificate management services) and to RFC 2560 (for OCSP s

37、ervices). The certificate request format also ailows interoperability with PKCS#lO. See Annex C for references to the documents mentioned in this Note. NOTE 3 - Other standardization efforts for TF services in specific environments and applications, like SET or EDIFACT, exist. These are outside of t

38、he scope of this Recommendation I International Standard. NOTE 4 - This Recommendation I International Standard defines technical specifications for services. These specifications are independent of policies, specific legal regulations, and organizational models (which, for example, might define how

39、 duties and responsibilities are shared between Certification Authorities and Registration Authorities). Of course, the policy of TTPs offering the services described in this Recommendation I International Standard will need to specis. how legal regulations and the other aspects mentioned before wil

40、l be fulfilled by the TTP. In particular, the policy has to spec* how the validity of digital signatures and certificates is determined. i) ii) iii) 2 Normative references The foilowing normative documents contain provisions which, through reference in this text, constitute provisions of this Recomm

41、endation I International Standard. For dated references, subsequent amendments to, or revisions of, any of these publications do not apply. However, parties to agreements based on this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent e

42、ditions of the normative documents indicated below. For undated references, the latest edition of the normative document referred to applies. Members of IS0 and IEC maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of ITU maintains a list of

43、currently valid ITU-T Recommendations. ITU-T X.843 (10/2000 E) 1 ISO/iEC 15945:2001 (E) 2.1 Identical Recommendations I International Standards ITU-T Recommendation X.501 (1997) I ISO/IEC 9594-2:1998, Information technology - Open Systems Interconnection - The Directory: Models. ITU-T Recommendation

44、 X.509 (2000) I ISO/IEC 9594-8:2001, Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certijcateJ;ameworks. ITU-T Recommendation X.520 (1997) I ISO/IEC 9594-6:1998, Information technology - Open Systems Interconnection - The Directory: Selected attribut

45、e types. ITU-T Recommendation X.680 (1 997) I ISO/IEC 8824-1 :1998, Information technology - Abstract Syntax Notation One (ASN): Specijcation of basic notation. ITU-T Recommendation X.681 (1997) I ISO/IEC 8824-2:1998, Information technology -Abstract Syntax Notation One (ASN. 1): Information object

46、specification. ITU-T Recommendation X.682 (1997) I ISO/IEC 8824-3:1998, Information technology -Abstract Sptax Notation One (ASN.1): Constraint speciJcation. ITU-T Recommendation X.683 (1997) I ISO/IEC 8824-4:1998, Information technology -Abstract Syntax Notation One (ASN. 1): Parameterization of AS

47、N. 1 specifications. ITU-T Recommendation X.690 (1997) 1 ISO/IEC 8825-1:1998, Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). ITU-T Recommendation X.810 (1995) I ISO/IEC 10181-1:1996, I

48、nformation technology - Open Systems Interconnection - Security frameworks for open systems: Overview. ITU-T Recommendation X.813 (1996) I ISO/IEC 1018141997, Information technology - Open Systems Interconnection - Security frameworks for open systems: Non-repudiation framework. 2.2 Adtional referen

49、ces ISO/IEC 9796-2: 1997, Information technology - Security techniques - Digital signature schemes giving message recovery -Part 2: Mechanisms using a hash-function. ISO/IEC 9796-3:2000, Information technology - Security techniques - Digital signature schemes giving message recovery -Part 3: Discrete logarithm based mechanisms. ISO/IEC 10118-1:1994, Information technology - Security techniques - Hash-functions - Part 1: General. ISO/IEC 10118-2:1994, Information technology - Security techniques - Hash-functions - Part 2: Hash-functions using an n-bit