Internet Engineering Task Force (IETF)                        J. Solinas
Request for Comments: 5759                                    L. Zieglar
Category: Informational                                              NSA
ISSN: 2070-1721                                             January 2010
        
Internet Engineering Task Force (IETF)                        J. Solinas
Request for Comments: 5759                                    L. Zieglar
Category: Informational                                              NSA
ISSN: 2070-1721                                             January 2010
        

Suite B Certificate and Certificate Revocation List (CRL) Profile

套件B证书和证书吊销列表(CRL)配置文件

Abstract

摘要

This document specifies a base profile for X.509 v3 Certificates and X.509 v2 Certificate Revocation Lists (CRLs) for use with the United States National Security Agency's Suite B Cryptography. The reader is assumed to have familiarity with RFC 5280, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".

本文档指定了X.509 v3证书和X.509 v2证书吊销列表(CRL)的基本配置文件,用于美国国家安全局的套件B加密。假定读者熟悉RFC 5280,“Internet X.509公钥基础设施证书和证书吊销列表(CRL)配置文件”。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5759.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5759.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................3
   3. Requirements and Assumptions ....................................3
      3.1. Implementing Suite B .......................................3
      3.2. Suite B Object Identifiers .................................4
   4. Suite B Certificate and Certificate Extensions Profile ..........4
      4.1. signatureAlgorithm .........................................4
      4.2. signatureValue .............................................5
      4.3. Version ....................................................6
      4.4. SubjectPublicKeyInfo .......................................6
      4.5. Certificate Extensions for Particular Types of
           Certificates ...............................................7
           4.5.1. Suite B Self-Signed CA Certificates .................7
           4.5.2. Suite B Non-Self-Signed CA Certificates .............8
           4.5.3. Suite B End Entity Signature and Key
                  Establishment Certificates ..........................8
   5. Suite B CRL and CRL Extensions Profile ..........................9
   6. Security Considerations .........................................9
   7. IANA Considerations .............................................9
   8. References .....................................................10
      8.1. Normative References ......................................10
      8.2. Informative References ....................................10
        
   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................3
   3. Requirements and Assumptions ....................................3
      3.1. Implementing Suite B .......................................3
      3.2. Suite B Object Identifiers .................................4
   4. Suite B Certificate and Certificate Extensions Profile ..........4
      4.1. signatureAlgorithm .........................................4
      4.2. signatureValue .............................................5
      4.3. Version ....................................................6
      4.4. SubjectPublicKeyInfo .......................................6
      4.5. Certificate Extensions for Particular Types of
           Certificates ...............................................7
           4.5.1. Suite B Self-Signed CA Certificates .................7
           4.5.2. Suite B Non-Self-Signed CA Certificates .............8
           4.5.3. Suite B End Entity Signature and Key
                  Establishment Certificates ..........................8
   5. Suite B CRL and CRL Extensions Profile ..........................9
   6. Security Considerations .........................................9
   7. IANA Considerations .............................................9
   8. References .....................................................10
      8.1. Normative References ......................................10
      8.2. Informative References ....................................10
        
1. Introduction
1. 介绍

This document specifies a base profile for X.509 v3 Certificates and X.509 v2 Certificate Revocation Lists (CRLs) for use by applications that support the United States National Security Agency's Suite B Cryptography.

本文档指定了X.509 v3证书和X.509 v2证书吊销列表(CRL)的基本配置文件,供支持美国国家安全局套件B加密的应用程序使用。

The reader is assumed to have familiarity with [RFC5280]. This Suite B Certificate and CRL Profile is a profile of RFC 5280. All MUST-level requirements of RFC 5280 apply throughout this profile and are generally not repeated here. In cases where a MUST-level requirement is repeated for emphasis, the text notes the requirement is "in adherence with [RFC5280]". This profile contains changes that elevate some MAY-level options in RFC 5280 to SHOULD-level and MUST-level in this profile; this profile also contains changes that elevate some SHOULD-level options in RFC 5280 to MUST-level for this profile. All options from RFC 5280 that are not listed in this profile remain at the requirement level of RFC 5280.

假定读者熟悉[RFC5280]。此套件B证书和CRL配置文件是RFC 5280的配置文件。RFC 5280的所有必须达到的水平要求适用于本概要文件,此处通常不再重复。如果为了强调而重复了一个必须级别的要求,文本说明该要求“符合[RFC5280]”。此配置文件包含将RFC 5280中的某些可能级别选项提升到此配置文件中的应级别和必须级别的更改;此配置文件还包含将RFC 5280中的某些“应该级别”选项提升到此配置文件的“必须级别”的更改。本概要文件中未列出的RFC 5280的所有选项仍保持RFC 5280的要求级别。

The reader is also assumed to have familiarity with [RFC5480], which specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography and [RFC5758], which specifies algorithm identifiers for Elliptic Curve Digital Signature Algorithm (ECDSA).

读者还应熟悉[RFC5480],其中规定了支持椭圆曲线加密的证书中的主题公钥信息字段的语法和语义;以及[RFC5758],其中规定了椭圆曲线数字签名算法(ECDSA)的算法标识符。

2. Conventions Used in This Document
2. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

3. Requirements and Assumptions
3. 要求和假设

The goal of this document is to define a base set of certificate and CRL formats to support interoperability among Suite B solutions. Specific communities, such as the US National Security Systems, may define community profiles that further restrict certificate and CRL formats by mandating the presence of extensions that are optional in this base profile, defining new optional or critical extension types, or restricting the values and/or presence of fields within existing extensions. However, communications between distinct communities MUST use the formats specified in this document when interoperability is desired. (Applications may add additional non-critical extensions to these formats but they MUST NOT assume that a remote peer will be able to process them.)

本文档的目标是定义一组基本的证书和CRL格式,以支持套件B解决方案之间的互操作性。特定社区(如美国国家安全系统)可通过强制在此基本配置文件中存在可选扩展、定义新的可选或关键扩展类型来定义进一步限制证书和CRL格式的社区配置文件,或者限制现有扩展中的值和/或字段的存在。但是,当需要互操作性时,不同社区之间的通信必须使用本文档中指定的格式。(应用程序可能会向这些格式添加额外的非关键扩展,但它们不能假设远程对等方能够处理这些扩展。)

3.1. Implementing Suite B
3.1. 实现套件B

Every Suite B certificate MUST use the X.509 v3 format, and contain either:

每个套件B证书必须使用X.509 v3格式,并包含以下内容之一:

* An ECDSA-capable signing key, using curve P-256 or P-384; or

* 具有ECDSA功能的签名密钥,使用曲线P-256或P-384;或

* An ECDH-capable (Elliptic Curve Diffie-Hellman) key establishment key, using curve P-256 or P-384.

* 一种支持ECDH的(椭圆曲线Diffie-Hellman)密钥建立密钥,使用曲线P-256或P-384。

Every Suite B certificate and CRL MUST be signed using ECDSA. The signing Certification Authority's (CA's) key MUST be on the curve P-256 or P-384 if the certificate contains a key on the curve P-256. If the certificate contains a key on the curve P-384, the signing CA's key MUST be on the curve P-384. Any certificate and CRL MUST be hashed using SHA-256 or SHA-384, matched to the size of the signing CA's key.

每个套件B证书和CRL都必须使用ECDSA签名。如果证书包含曲线P-256上的密钥,则签名证书颁发机构(CA)的密钥必须位于曲线P-256或P-384上。如果证书包含曲线P-384上的密钥,则签名CA的密钥必须位于曲线P-384上。任何证书和CRL都必须使用SHA-256或SHA-384进行散列,并与签名CA密钥的大小相匹配。

3.2. Suite B Object Identifiers
3.2. 套件B对象标识符

The primary OID structure for Suite B is as follows per [X9.62], [SEC2], [RFC5480], and [RFC5758].

根据[X9.62]、[SEC2]、[RFC5480]和[RFC5758],套件B的主要OID结构如下所示。

      ansi-X9-62 OBJECT IDENTIFIER ::= {
         iso(1) member-body(2) us(840) 10045 }
        
      ansi-X9-62 OBJECT IDENTIFIER ::= {
         iso(1) member-body(2) us(840) 10045 }
        
      certicom-arc OBJECT IDENTIFIER ::= {
         iso(1) identified-organization(3) certicom(132) }
        
      certicom-arc OBJECT IDENTIFIER ::= {
         iso(1) identified-organization(3) certicom(132) }
        
      id-ecPublicKey OBJECT IDENTIFIER ::= {
         ansi-X9-62 keyType(2) 1 }
        
      id-ecPublicKey OBJECT IDENTIFIER ::= {
         ansi-X9-62 keyType(2) 1 }
        
      secp256r1 OBJECT IDENTIFIER ::= {
         ansi-X9-62 curves(3) prime(1) 7 }
        
      secp256r1 OBJECT IDENTIFIER ::= {
         ansi-X9-62 curves(3) prime(1) 7 }
        
      secp384r1 OBJECT IDENTIFIER ::= {
         certicom-arc curve(0) 34 }
        
      secp384r1 OBJECT IDENTIFIER ::= {
         certicom-arc curve(0) 34 }
        
      id-ecSigType OBJECT IDENTIFIER ::= {
         ansi-X9-62 signatures(4) }
        
      id-ecSigType OBJECT IDENTIFIER ::= {
         ansi-X9-62 signatures(4) }
        
      ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
         id-ecSigType ecdsa-with-SHA2(3) 2 }
        
      ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
         id-ecSigType ecdsa-with-SHA2(3) 2 }
        
      ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
         id-ecSigType ecdsa-with-SHA2(3) 3 }
        
      ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
         id-ecSigType ecdsa-with-SHA2(3) 3 }
        
4. Suite B Certificate and Certificate Extensions Profile
4. 套件B证书和证书扩展配置文件

This Suite B certificate profile is a profile of [RFC5280]. The changes in the requirements from RFC 5280 are listed here. Note that RFC 5280 has varying mandates for marking extensions as critical or non-critical. This profile changes some of those mandates for extensions that are included in Suite B certificates.

此套件B证书配置文件是[RFC5280]的配置文件。此处列出了RFC 5280要求中的变更。请注意,RFC 5280对将扩展标记为关键或非关键有不同的要求。此概要文件更改了套件B证书中包含的扩展的一些授权。

4.1. signatureAlgorithm
4.1. 签名算法

The two algorithm identifiers used by Suite B are: 1.2.840.10045.4.3.2 for ecdsa-with-SHA256 and 1.2.840.10045.4.3.3 for ecdsa-with-SHA384, as described in [RFC5758] AND [X9.62].

套件B使用的两个算法标识符是:1.2.840.10045.4.3.2(适用于ecdsa-with-SHA256)和1.2.840.10045.4.3.3(适用于ecdsa-with-SHA384),如[RFC5758]和[X9.62]所述。

The parameters MUST be absent as per [RFC5758].

根据[RFC5758],参数必须不存在。

4.2. signatureValue
4.2. 签名价值

ECDSA digital signature generation is described in [FIPS186-3]. An ECDSA signature value is comprised of two unsigned integers, denoted as r and s. r and s MUST be represented as ASN.1 INTEGERs. If the high order bit of the unsigned integer is a 1, an octet with the value 0x00 MUST be prepended to the binary representation before encoding it as an ASN.1 INTEGER. Unsigned integers for the P-256 and P-384 curves can be a maximum of 32 and 48 bytes, respectively. Therefore, converting each r and s to an ASN.1 INTEGER will result in a maximum of 33 bytes for the P-256 curve and 49 bytes for the P-384 curve.

[FIPS186-3]中描述了ECDSA数字签名的生成。ECDSA签名值由两个无符号整数组成,表示为r和s。r和s必须表示为ASN.1整数。如果无符号整数的高位为1,则在将其编码为ASN.1整数之前,必须将值为0x00的八位字节前置到二进制表示形式。P-256和P-384曲线的无符号整数的最大值分别为32和48字节。因此,将每个r和s转换为ASN.1整数将导致P-256曲线最多33字节,P-384曲线最多49字节。

The ECDSA signatureValue in an X.509 certificate is encoded as a BIT STRING value of a DER-encoded SEQUENCE of the two INTEGERS. As per [RFC5480], the structure, included for convenience, is as follows:

X.509证书中的ECDSA signatureValue编码为两个整数的DER编码序列的位字符串值。根据[RFC5480],为方便起见包括的结构如下:

      ECDSA-Sig-Value ::= SEQUENCE {
          r  INTEGER,
          s  INTEGER
        }
        
      ECDSA-Sig-Value ::= SEQUENCE {
          r  INTEGER,
          s  INTEGER
        }
        

For example, in a signature using P-256 and hex notation:

例如,在使用P-256和十六进制表示法的签名中:

r= 52e3f7b7 27fba9e8 eddb1d08 3b75c188 2517e6dc 63ded9c0 524f8f9a 45dc8661

r=52E3F7B7B7E8 eddb1d08 3b75c188 2517e6dc 63ded9c0 524f8f9a 45dc8661

s= b8930438 de8d33bd ab12c3a2 bdad9795 92a1fd65 76d1734c 3eb0af34 0456aef4

s=b8930438 de8d33bd ab12c3a2 bdad9795 92a1fd65 76d1734c 3eb0af34 0456aef4

r represented as a DER-encoded INTEGER: 022052e3 f7b727fb a9e8eddb 1d083b75 c1882517 e6dc63de d9c0524f 8f9a45dc 8661

r表示为DER编码整数:022052e3 f7b727fb a9e8eddb 1d083b75 c1882517 e6dc63de d9c0524f 8f9a45dc 8661

s represented as a DER-encoded INTEGER: 022100b8 930438de 8d33bdab 12c3a2bd ad979592 a1fd6576 d1734c3e b0af3404 56aef4

s表示为DER编码整数:022100b8 930438de 8d33bdab 12c3a2bd ad979592 a1fd6576 d1734c3e b0af3404 56aef4

Representation of SEQUENCE of r and s: 30450220 52e3f7b7 27fba9e8 eddb1d08 3b75c188 2517e6dc 63ded9c0 524f8f9a 45dc8661 022100b8 930438de 8d33bdab 12c3a2bd ad979592 a1fd6576 d1734c3e b0af3404 56aef4

r和s序列的表示:30450220 52e3f7b7 27fba9e8 eddb1d08 3b75c188 2517e6dc 63ded9c0 524f8f9a 45dc8661 022100b8 930438de 8d33bdab 12c3a2bd ad979592 a1fd6576 d1734c3e b0af3404 56aef4

Representation of resulting signatureValue: 03480030 45022052 e3f7b727 fba9e8ed db1d083b 75c18825 17e6dc63 ded9c052 4f8f9a45 dc866102 2100b893 0438de8d 33bdab12 c3a2bdad 979592a1 fd6576d1 734c3eb0 af340456 aef4

结果签名的表示值:034800345022052 e3f7b727 fba9e8ed db1d083b 75c18825 17e6dc63 ded9c052 4f8f9a45 dc866102 2100b893 0438de8d 33bdab12 c3a2bdad 979592a1 fd6576d1 734c3eb0 af340456 aef4

4.3. Version
4.3. 版本

For this profile, Version MUST be 3, which means the value MUST be set to 2.

对于此配置文件,版本必须为3,这意味着该值必须设置为2。

4.4. SubjectPublicKeyInfo
4.4. SubjectPublicKeyInfo

For ECDSA signing keys and ECDH key agreement keys, the algorithm ID, id-ecPublicKey, MUST be used.

对于ECDSA签名密钥和ECDH密钥协议密钥,必须使用算法ID,ID ecPublicKey。

The parameters of the AlgorithmIdentifier in this field MUST use the namedCurve option. The specifiedCurve and implicitCurve options described in [RFC5480] MUST NOT be used. The namedCurve MUST be either the OID for secp256r1 (curve P-256) or secp384r1 (curve P-384) [RFC5480].

此字段中算法标识符的参数必须使用namedCurve选项。不得使用[RFC5480]中描述的指定曲线和隐式曲线选项。命名曲线必须是secp256r1(曲线P-256)或secp384r1(曲线P-384)[RFC5480]的OID。

The elliptic curve public key, ECPoint, SHALL be the OCTET STRING representation of an elliptic curve point following the conversion routine in section 2.2 of [RFC5480] and sections 2.3.1 and 2.3.2 of [SEC1].

椭圆曲线公钥ECPoint应为[RFC5480]第2.2节和[SEC1]第2.3.1节和第2.3.2节中转换例程后椭圆曲线点的八位字符串表示。

Suite B implementations MAY use either the uncompressed form or the compressed form of the elliptic curve point [RFC5480]. For interoperability purposes, all relying parties MUST be prepared to process the uncompressed form.

套件B实现可以使用椭圆曲线点[RFC5480]的未压缩形式或压缩形式。出于互操作性目的,所有依赖方必须准备好处理未压缩表单。

The elliptic curve public key (an ECPoint that is an OCTET STRING) is mapped to a subjectPublicKey (a BIT STRING) as follows: the most significant bit of the OCTET STRING becomes the most significant bit of the BIT STRING and the least significant bit of the OCTET STRING becomes the least significant bit of the BIT STRING [RFC5480].

椭圆曲线公钥(八位字符串的ECPoint)映射到subjectPublicKey(位字符串),如下所示:八位字符串的最高有效位成为位字符串的最高有效位,八位字符串的最低有效位成为位字符串的最低有效位[RFC5480]。

An octet string representation of a P-256 uncompressed elliptic curve point:

P-256未压缩椭圆曲线点的八进制字符串表示:

046cc93a 2cdb0308 47fa0734 2bc8e130 4c77f04f 63557372 43f3a5d7 f51baa82 23d21ebf b87d9944 f7ec170d 64f9924e 9ce20e4d 361c2db5 f1d52257 4259edad 5e

046cc93a 2cdb0308 47fa0734 2bc8e130 4c77f04f 63557372 43f3a5d7 f51baa82 23d21ebf b87d9944 f7ec170d 64f9924e 9ce20e4d 361c2db5 f1d52257 4259edad 5e

A DER-encoded bit string representation of the subject public key:

主题公钥的DER编码位字符串表示:

03420004 6cc93a2c db030847 fa07342b c8e1304c 77f04f63 55737243 f3a5d7f5 1baa8223 d21ebfb8 7d9944f7 ec170d64 f9924e9c e20e4d36 1c2db5f1 d5225742 59edad5e

03420004 6cc93a2c db030847 fa07342b c8e1304c 77f04f63 55737243 f3a5d7f5 1baa8223 d21ebfb8 7d9944f7 ec170d64 f9924e9c e20e4d36 1c2db5f1 d5225742 59ED5E

A DER-encoded representation of the AlgorithmIdentifier:

算法标识符的DER编码表示:

30130607 2a8648ce 3d020106 082a8648 ce3d0301 07

30130607 2a8648ce 3d020106 082a8648 ce3d0301 07

A DER-encoded representation of the subjectPublicKeyInfo using the P-256 curve:

使用P-256曲线对subjectPublicKeyInfo进行DER编码表示:

30593013 06072a86 48ce3d02 0106082a 8648ce3d 03010703 4200046c c93a2cdb 030847fa 07342bc8 e1304c77 f04f6355 737243f3 a5d7f51b aa8223d2 1ebfb87d 9944f7ec 170d64f9 924e9ce2 0e4d361c 2db5f1d5 22574259 edad5e

30593301306072A86 48ce3d02 0106082a 8648ce3d 03010703 4200046c c93a2cdb 030847fa 07342bc8 e1304c77 f04f6355 737243f3 a5d7f51b aa8223d2 1ebfb87d 9944f7ec 170d64f9 924e9ce2 0e4d361c 2DB5D5 22574259 EDD5E

4.5. Certificate Extensions for Particular Types of Certificates
4.5. 特定类型证书的证书扩展

Different types of certificates in this profile have different required and recommended extensions. Those are listed in this section. Those extensions from RFC 5280 not explicitly listed in this profile remain at the requirement levels of RFC 5280.

此配置文件中不同类型的证书具有不同的必需扩展名和建议扩展名。这些都列在本节中。本概要文件中未明确列出的来自RFC 5280的扩展仍保持RFC 5280的需求水平。

4.5.1. Suite B Self-Signed CA Certificates
4.5.1. 套件B自签名CA证书

In adherence with [RFC5280], self-signed CA certificates in this profile MUST contain the subjectKeyIdentifier, keyUsage, and basicConstraints extensions.

根据[RFC5280],此配置文件中的自签名CA证书必须包含subjectKeyIdentifier、keyUsage和basicConstraints扩展。

The keyUsage extension MUST be marked as critical. The keyCertSign and cRLSign bits MUST be set. The digitalSignature and nonRepudiation bits MAY be set. All other bits MUST NOT be set.

密钥使用扩展必须标记为关键。必须设置keyCertSign和cRLSign位。可以设置数字签名和非否认位。不得设置所有其他位。

In adherence with [RFC5280], the basicConstraints extension MUST be marked as critical. The cA boolean MUST be set to indicate that the subject is a CA and the pathLenConstraint MUST NOT be present.

根据[RFC5280],基本约束扩展必须标记为关键。必须设置cA布尔值以指示主题是cA,并且pathLenConstraint不能存在。

4.5.2. Suite B Non-Self-Signed CA Certificates
4.5.2. 套件B非自签名CA证书

Non-self-signed CA Certificates in this profile MUST contain the authorityKeyIdentifier, keyUsage, and basicConstraints extensions. If there is a policy to be asserted, then the certificatePolicies extension MUST be included.

此配置文件中的非自签名CA证书必须包含authorityKeyIdentifier、keyUsage和basicConstraints扩展。如果要声明策略,则必须包括CertificatePolicys扩展。

The keyUsage extension MUST be marked as critical. The keyCertSign and CRLSign bits MUST be set. The digitalSignature and nonRepudiation bits MAY be set. All other bits MUST NOT be set.

密钥使用扩展必须标记为关键。必须设置keyCertSign和CRLSign位。可以设置数字签名和非否认位。不得设置所有其他位。

In adherence with [RFC5280], the basicConstraints extension MUST be marked as critical. The cA boolean MUST be set to indicate that the subject is a CA and the pathLenConstraint subfield is OPTIONAL.

根据[RFC5280],基本约束扩展必须标记为关键。必须设置cA布尔值以指示主题是cA,并且pathLenConstraint子字段是可选的。

If a policy is asserted, the certificatePolicies extension MUST be marked as non-critical, MUST contain the OIDs for the applicable certificate policies and SHOULD NOT use the policyQualifiers option. If a policy is not asserted, the certificatePolicies extension MUST be omitted.

如果断言策略,则CertificatePolicys扩展必须标记为非关键,必须包含适用证书策略的OID,并且不应使用policyQualifiers选项。如果未声明策略,则必须省略CertificatePolicys扩展。

Relying party applications conforming to this profile MUST be prepared to process the policyMappings, policyConstraints, and inhibitAnyPolicy extensions, regardless of criticality, following the guidance in [RFC5280] when they appear in non-self-signed CA certificates.

符合此配置文件的依赖方应用程序必须准备好处理policyMappings、policyConstraints和InhibitranyPolicy extensions,无论其重要性如何,当它们出现在非自签名CA证书中时,必须遵循[RFC5280]中的指导。

4.5.3. Suite B End Entity Signature and Key Establishment Certificates
4.5.3. 套件B终端实体签名和密钥建立证书

In adherence with [RFC5280], end entity certificates in this profile MUST contain the authorityKeyIdentifier and keyUsage extensions. If there is a policy to be asserted, then the certificatePolicies extension MUST be included. End entity certificates SHOULD contain the subjectKeyIdentifier extension.

根据[RFC5280],此配置文件中的最终实体证书必须包含authorityKeyIdentifier和keyUsage扩展。如果要声明策略,则必须包括CertificatePolicys扩展。终端实体证书应包含subjectKeyIdentifier扩展。

The keyUsage extension MUST be marked as critical.

密钥使用扩展必须标记为关键。

For end entity digital signature certificates, the keyUsage extension MUST be set for digitalSignature. The nonRepudiation bit MAY be set. All other bits in the keyUsage extension MUST NOT be set.

对于最终实体数字签名证书,必须为digitalSignature设置keyUsage扩展。可以设置不可否认位。不得设置keyUsage扩展中的所有其他位。

For end entity key establishment certificates, the keyUsage extension MUST BE set for keyAgreement. The encipherOnly or decipherOnly bit MAY be set. All other bits in the keyUsage extension MUST NOT be set.

对于终端实体密钥建立证书,必须为keyAgreement设置keyUsage扩展。可以设置仅加密或仅解密位。不得设置keyUsage扩展中的所有其他位。

If a policy is asserted, the certificatePolicies extension MUST be marked as non-critical, MUST contain the OIDs for the applicable certificate policies and SHOULD NOT use the policyQualifiers option. If a policy is not asserted, the certificatePolicies extension MUST be omitted.

如果断言策略,则CertificatePolicys扩展必须标记为非关键,必须包含适用证书策略的OID,并且不应使用policyQualifiers选项。如果未声明策略,则必须省略CertificatePolicys扩展。

5. Suite B CRL and CRL Extensions Profile
5. 套件B CRL和CRL扩展配置文件

This Suite B CRL profile is a profile of [RFC5280]. There are changes in the requirements from [RFC5280] for the signatures on CRLs of this profile.

此套件B CRL配置文件是[RFC5280]的配置文件。[RFC5280]对该配置文件CRL上签名的要求有所变化。

The signatures on CRLs in this profile MUST follow the same rules from this profile that apply to signatures in the certificates, see section 4.

此配置文件中CRL上的签名必须遵循此配置文件中适用于证书中签名的相同规则,请参见第4节。

6. Security Considerations
6. 安全考虑

The security considerations in [RFC5280], [RFC5480], and [RFC5758] apply.

[RFC5280]、[RFC5480]和[RFC5758]中的安全注意事项适用。

A single key pair SHOULD NOT be used for both signature and key establishment per [SP-800-57].

根据[SP-800-57],单个密钥对不应同时用于签名和密钥建立。

The Suite B algorithms provide significantly improved performance when compared to equivalent-strength cryptography that does not employ elliptic curve cryptography. Where performance has previously been an impediment, use of Suite B may permit employment of PKI-based cryptographic security mechanisms.

与不采用椭圆曲线加密的等效强度加密相比,套件B算法提供了显著改进的性能。在性能以前一直是一个障碍的情况下,使用套件B可能会允许使用基于PKI的加密安全机制。

7. IANA Considerations
7. IANA考虑

This document makes extensive use of object identifiers to register public key types, elliptic curves, and algorithms. Most of them are registered in the ANSI X9.62 arc with the exception of some of the curves, which are in the Certicom, Inc. arc (these curves have been adopted by ANSI and NIST). Extensions in certificates and CRLs are identified using the object identifiers defined in an arc delegated by IANA to the PKIX working group. No further action by IANA is necessary for this document or any anticipated updates.

本文档广泛使用对象标识符来注册公钥类型、椭圆曲线和算法。大多数曲线在ANSI X9.62 arc中注册,但某些曲线除外,这些曲线在Certicom,Inc.arc中注册(这些曲线已被ANSI和NIST采用)。证书和CRL中的扩展使用IANA委托给PKIX工作组的arc中定义的对象标识符进行标识。IANA无需对本文件或任何预期更新采取进一步行动。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.

[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。

[RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, "Elliptic Curve Cryptography Subject Public Key Information", RFC 5480, March 2009.

[RFC5480]Turner,S.,Brown,D.,Yiu,K.,Housley,R.,和T.Polk,“椭圆曲线加密主题公钥信息”,RFC 54802009年3月。

[RFC5758] Dang, Q., Santesson, S., Moriarty, K., Brown, D., and T. Polk, "Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA", RFC 5758, January 2010.

[RFC5758]Dang,Q.,Santesson,S.,Moriarty,K.,Brown,D.,和T.Polk,“互联网X.509公钥基础设施:DSA和ECDSA的附加算法和标识符”,RFC 5758,2010年1月。

8.2. Informative References
8.2. 资料性引用

[FIPS186-3] "Digital Signature Standard (DSS)", June 2009.

[FIPS186-3]“数字签名标准(DSS)”,2009年6月。

[SEC1] Standards for Efficient Cryptography, "SEC1: Elliptic Curve Cryptography", September 2000.

[SEC1]高效密码标准,“SEC1:椭圆曲线密码术”,2000年9月。

[SEC2] Standards for Efficient Cryptography, "SEC 2: Recommended Elliptic Curve Domain Parameters", September 2000.

[SEC2]高效密码标准,“第2节:建议的椭圆曲线域参数”,2000年9月。

[SP-800-57] Barker, E., Barker, W., Burr, W., Polk, W. Smid, M., "NIST SP-800-57:Recommendation for Key Management-Part 1: General", March 2007.

[SP-800-57]Barker,E.,Barker,W.,Burr,W.,Polk,W.Smid,M.,“NIST SP-800-57:关键管理建议第1部分:概述”,2007年3月。

[X9.62] ANS X9.62, "Public Key Cryptography for the Financial Services Industry; The Elliptic Curve Digital Signature Algorithm (ECDSA)", December 2005.

[X9.62]ANS X9.62,“金融服务业的公钥加密;椭圆曲线数字签名算法(ECDSA)”,2005年12月。

[X9.63] ANS X9.63, "Public Key Cryptography for the Financial Services Industry; Key Agreement and Key Transport Using Elliptic Curve Cryptography", December 2001.

[X9.63]ANS X9.63,“金融服务业的公钥密码术;使用椭圆曲线密码术的密钥协议和密钥传输”,2001年12月。

Authors' Addresses

作者地址

Jerome Solinas National Information Assurance Research Laboratory National Security Agency

Jerome Solinas国家信息保障研究实验室国家安全局

   EMail: jasolin@orion.ncsc.mil
        
   EMail: jasolin@orion.ncsc.mil
        

Lydia Zieglar National Information Assurance Research Laboratory National Security Agency

莉迪亚·齐格勒国家信息保障研究实验室国家安全局

   EMail: llziegl@tycho.ncsc.mil
        
   EMail: llziegl@tycho.ncsc.mil