FMN Spiral 3.0 Digital Certificate Service Profile

Title: FMN Spiral 3.0 Digital Certificate Service Profile

Description: The Digital Certificate Profile provides standards and guidance in support of a Public Key Infrastructure (PKI) on federated mission networks.

Reference document

Org: FMN

Pubnum

Date: 2018-10-26

Version: 3

Title: FMN Spiral 3 Standards Profile

Taxonomy

Digital Certificate Services

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (X.509:2016)

Obligation: OPTIONAL, Lifecycle: CURRENT

The Online Certificate Status Protocol (OCSP) capability is optional for PKI Service providers and consumers.

X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP (RFC 6960:2013)

Obligation: MANDATORY, Lifecycle: CURRENT

CRLs may be provided at multiple endpoints. The addresses of these endpoints shall be provided in digital certificates through X.509 certificate extensions such as Authority Information Access (AIA) and CRL distribution point (CDP). Each CA shall provide CRLs using at least one of the endpoint types (HTTP or LDAP). Clients must support both types.

Guidance

The version of the encoded public key certificate shall be version 3. The version of the encoded certificate revocation list (CRL) shall be version 2.

Additional Implementation Guidance

AC/322-D(2004)0024-REV2-ADD2 - NATO Public Key Infrastructure (NPKI) Certificate Policy
AC/322-D(2010)0036 - NATO Cryptographic Interoperability Strategy

Status

URI

History

Flag	Date	RFC	Version
added	2018-11-01	11-57	12

UUID: bdb98c91-690a-439a-b3dc-007c2ca7866c

Utilization

This profile is used by the following profiles:

FMN Spiral 3 Networking Profile - (profile)