An X.509v3 Based Public-key Infrastructure for the Federal Government


William Burr
Affiliation: National Institute of Standards and Technology
Abstract: It may well be that the Public Key Infrastructure (PKI) that supports commerce in the United States will come into being as a diverse collection of Certificate Authorities (CAs), with little organization beyond ad hoc cross-certification between some CAs. The executive branch of the Federal Government is an organization with many different agencies with very different missions, needs and concerns. Nevertheless, the government attempts to manage itself as a whole in a reasonably organized fashion, and provide some measure of centralized control, and we expect that some level of central control will be demanded of a Federal PKI. A Federal PKI Steering Committee has been organized to coordinate efforts to use public key digital signature technology. It has set up a Technical Working Group (TWG) to consider the technical issues associated with a Federal PKI.

An assumption in this effort has been the use of standard X.509 certificates. The first attempts to design a large PKI that used earlier versions of X.509 certificates (i.e., Privacy Enhanced Mail, a design study done for the Federal Government by, Mitre and the initial version of the NSA Multilevel Information Systems Security Initiative) featured a strongly hierarchical structure, where the hierarchy was to be aligned with security policies as a vehicle for managing trust. This has proved confining and no truly large strictly hierarchical X.509 based PKI has yet been implemented. The new feature of the X.509 v3 certificate is a number of optional extensions, intended to allow explicit management of trust and policies through the extensions contained in certificates.

Does the X.509 v3 certificate give large organizations the tools they need? We will describe an architecture for a Federal PKI that the TWG has proposed, which attempts to use the X.509 extensions to provide an organized scheme for the management of trust in a Federal PKI, yet allows a good deal of autonomy to individual agencies and their CAs. This architecture does preserve some hierarchical elements, but also allows broad cross certification of Federal CAs. The architecture supports clients that base their trust in the public key of a single "root" CA, as well as those that base their trust from the local CA that issues their certificate.

There are a number of assumptions in this effort that may not hold up, which we will consider. We assume that the standard is sufficiently well defined that a market for a number of broadly interoperable commercial products will develop and hope that our efforts can help to make this happen. We expect that the X.509 certificate will be the predominant vehicle for digital signatures in general electronic commerce.

Perhaps more problematic, our approach assumes a pervasive directory service, and general acceptance of X.500 distinguished names. The extensions to X.509 may make it possible to consider more approaches centered on the World Wide Web as the foundation of the PKI. If this becomes the predominant commercial model, can we adjust our architecture?

For more information, see http://csrc.ncsl.nist.gov/pki/"