Internet Engineering Task Force M. Pritikin, Ed. Internet-Draft A. Nourse Intended status: Informational J. Vilhuber Expires: June 3, 2010 Cisco Systems, Inc November 30, 2009 Cisco Systems' Simple Certificate Enrollment Protocol draft-nourse-scep-20 Abstract This document specifies the Simple Certificate Enrollment Protocol, a PKI communication protocol which leverages existing technology by using PKCS#7 and PKCS#10 over HTTP. SCEP is the evolution of the enrollment protocol developed by VeriSign, Inc. for Cisco Systems, Inc. It now enjoys wide support in both client and CA implementations. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 3, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Pritikin, et al. Expires June 3, 2010 [Page 1] Internet-Draft SCEP November 2009 Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Pritikin, et al. Expires June 3, 2010 [Page 2] Internet-Draft SCEP November 2009 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 6 2. SCEP Overview . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1. SCEP Entities . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1. Requester . . . . . . . . . . . . . . . . . . . . . . 6 2.1.2. Certification Authority . . . . . . . . . . . . . . . 7 2.1.3. Registration Authority . . . . . . . . . . . . . . . . 8 2.2. Requester authentication . . . . . . . . . . . . . . . . . 8 2.3. Enrollment authorization . . . . . . . . . . . . . . . . . 9 2.4. CA/RA Certificate Distribution . . . . . . . . . . . . . . 10 2.5. Certificate Enrollment . . . . . . . . . . . . . . . . . . 11 2.5.1. Client State Transitions . . . . . . . . . . . . . . . 12 2.6. Certificate Access . . . . . . . . . . . . . . . . . . . . 13 2.7. CRL Access . . . . . . . . . . . . . . . . . . . . . . . . 14 2.8. Certificate Revocation . . . . . . . . . . . . . . . . . . 15 3. SCEP Secure Message Objects . . . . . . . . . . . . . . . . . 15 3.1. SCEP pkiMessage . . . . . . . . . . . . . . . . . . . . . 16 3.1.1. Signed Transaction Attributes . . . . . . . . . . . . 17 3.1.1.1. transactionID . . . . . . . . . . . . . . . . . . 18 3.1.1.2. messageType . . . . . . . . . . . . . . . . . . . 18 3.1.1.3. pkiStatus . . . . . . . . . . . . . . . . . . . . 18 3.1.1.4. failInfo . . . . . . . . . . . . . . . . . . . . . 19 3.1.1.5. senderNonce and recipientNonce . . . . . . . . . . 19 3.1.1.6. signingTime Attribute . . . . . . . . . . . . . . 19 3.1.2. SCEP pkcsPKIEnvelope . . . . . . . . . . . . . . . . . 20 3.2. SCEP pkiMessage types . . . . . . . . . . . . . . . . . . 20 3.2.1. PKCSReq . . . . . . . . . . . . . . . . . . . . . . . 20 3.2.2. CertRep . . . . . . . . . . . . . . . . . . . . . . . 21 3.2.2.1. CertRep SUCCESS . . . . . . . . . . . . . . . . . 21 3.2.2.2. CertRep FAILURE . . . . . . . . . . . . . . . . . 22 3.2.2.3. CertRep PENDING . . . . . . . . . . . . . . . . . 22 3.2.3. GetCertInitial . . . . . . . . . . . . . . . . . . . . 22 3.2.3.1. IssuerAndSubject . . . . . . . . . . . . . . . . . 23 3.2.4. GetCert . . . . . . . . . . . . . . . . . . . . . . . 23 3.2.5. GetCRL . . . . . . . . . . . . . . . . . . . . . . . . 23 3.3. Degenerate certificates-only PKCS#7 Signed-data . . . . . 24 4. SCEP Transactions . . . . . . . . . . . . . . . . . . . . . . 24 4.1. Get CA Certificate . . . . . . . . . . . . . . . . . . . . 24 4.1.1. Get CA Certificate Response Message Format . . . . . . 25 4.1.1.1. CA Certificate Response Message Format . . . . . . 25 4.1.1.2. CA/RA Certificate Response Message Format . . . . 25 4.2. Certificate Enrollment . . . . . . . . . . . . . . . . . . 25 4.2.1. Certificate Enrollment Response Message . . . . . . . 26 4.3. Poll for Requester Initial Certificate . . . . . . . . . . 26 4.3.1. Polling Response Message Format . . . . . . . . . . . 27 4.4. Certificate Access . . . . . . . . . . . . . . . . . . . . 27 Pritikin, et al. Expires June 3, 2010 [Page 3] Internet-Draft SCEP November 2009 4.4.1. Certificate Access Response Message Format . . . . . . 27 4.5. CRL Access . . . . . . . . . . . . . . . . . . . . . . . . 27 4.5.1. CRL Access Response Message Format . . . . . . . . . . 27 4.6. Get Next Certification Authority Certificate . . . . . . . 28 4.6.1. Get Next CA Response Message Format . . . . . . . . . 28 5. SCEP Transport . . . . . . . . . . . . . . . . . . . . . . . . 28 5.1. HTTP "GET" Message Format . . . . . . . . . . . . . . . . 28 5.1.1. Response Message Format . . . . . . . . . . . . . . . 29 5.2. SCEP HTTP Messages . . . . . . . . . . . . . . . . . . . . 29 5.2.1. GetCACert . . . . . . . . . . . . . . . . . . . . . . 29 5.2.1.1. GetCACert Response . . . . . . . . . . . . . . . . 29 5.2.2. PKCSReq . . . . . . . . . . . . . . . . . . . . . . . 30 5.2.2.1. PKCSReq Response . . . . . . . . . . . . . . . . . 30 5.2.3. GetCertInitial . . . . . . . . . . . . . . . . . . . . 30 5.2.3.1. GetCertInitial Response . . . . . . . . . . . . . 30 5.2.4. GetCert . . . . . . . . . . . . . . . . . . . . . . . 30 5.2.4.1. GetCert Response . . . . . . . . . . . . . . . . . 31 5.2.5. GetCRL . . . . . . . . . . . . . . . . . . . . . . . . 31 5.2.5.1. GetCRL Response . . . . . . . . . . . . . . . . . 31 5.2.6. GetNextCACert . . . . . . . . . . . . . . . . . . . . 31 5.2.6.1. GetNextCACert Response . . . . . . . . . . . . . . 31 6. Contributors/Acknowledgements . . . . . . . . . . . . . . . . 31 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 8. Security Considerations . . . . . . . . . . . . . . . . . . . 32 8.1. General Security . . . . . . . . . . . . . . . . . . . . . 33 8.2. Use of the CA keypair . . . . . . . . . . . . . . . . . . 33 8.3. ChallengePassword . . . . . . . . . . . . . . . . . . . . 34 8.4. transactionID . . . . . . . . . . . . . . . . . . . . . . 34 8.5. Nonces and Replay . . . . . . . . . . . . . . . . . . . . 34 8.6. Key Usage Issues . . . . . . . . . . . . . . . . . . . . . 34 8.7. GetCACaps Issues . . . . . . . . . . . . . . . . . . . . . 35 8.8. Unnecessary cryptography . . . . . . . . . . . . . . . . . 35 8.9. GetNextCACert . . . . . . . . . . . . . . . . . . . . . . 35 9. Normative References . . . . . . . . . . . . . . . . . . . . . 35 Appendix A. Private OID Definitions . . . . . . . . . . . . . . . 36 Appendix B. SCEP State Transitions . . . . . . . . . . . . . . . 37 Appendix C. CA Capabilities . . . . . . . . . . . . . . . . . . . 39 C.1. GetCACaps HTTP Message Format . . . . . . . . . . . . . . 39 C.2. CA Capabilities Response Format . . . . . . . . . . . . . 39 Appendix D. Client Certificate Renewal . . . . . . . . . . . . . 40 Appendix E. CA Key Rollover . . . . . . . . . . . . . . . . . . . 41 Appendix F. PKIOperation via HTTP POST Message . . . . . . . . . 42 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 42 Pritikin, et al. Expires June 3, 2010 [Page 4] Internet-Draft SCEP November 2009 1. Introduction Public key technology is widely available and increasingly widely deployed. X.509 certificates serve as the basis for several standards-based security protocols in the IETF, such as IKE [RFC2409] and IKEv2 [RFC4306], and TLS [RFC4346]. When an X.509 certificate is issued by other than the certificate subject (a self-issued certificate), there typically is a need for a certificate management protocol. Such a protocol enables a PKI client to request a certificate, certificate renewal, or certificate revocation from a certification authority. Often there also is a need for protocols to request a certificate or certificate status information, although these functions are often provided by distinct protocols. This specification defines a protocol, SCEP, for certificate management and certificate and CRL queries in a closed environment. While widely deployed, this protocol omits some certificate management features, e.g., in-band certificate revocation transactions, that can significantly enhance the security achieved in a PKI. The IETF protocol suite currently includes two certificate management protocols with more comprehensive functionality: CMP [RFC4210] and Certificate Management over CMS [RFC5272]. Where interoperability with the installed base of SCEP implementations is required, implementers are encouraged to support a comprehensive standards track certificate management protocol in addition to the protocol defined in this specification. This implementation strategy balances near term requirements for interoperability with longer term security goals. As a reflection of the history of SCEP implementations some of the operations described in this document are indicated as 'SHOULD' or 'MAY' where a stricter protocol specification might have indicated a 'MUST'. The protocol supports the following general operations: o CA and RA public key distribution o Certificate enrollment o Certificate query o CRL query SCEP makes extensive use of PKCS#7 [RFC2315] and PKCS#10 [RFC2986]. Pritikin, et al. Expires June 3, 2010 [Page 5] Internet-Draft SCEP November 2009 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. SCEP Overview In this section, we give a high level overview of the functionality of SCEP. 2.1. SCEP Entities The entity types defined in SCEP are o the Requester (Section 2.1.1) (e.g., IPSEC clients) o the Server, which may be either a Certification Authority (CA) (Section 2.1.2) or a Registration Authority (RA) (Section 2.1.3) 2.1.1. Requester The requester is sometimes called a "client" in this document. It is the client of the SCEP exchange. The requester MAY submit SCEP messages for itself or it MAY submit SCEP messages on behalf of peers as described in Registration Authority (Section 2.1.3). This section focuses on the requester that is obtaining certificates for its own use. Before a requester can start a PKI transaction, it MUST have at least one RSA key pair use for signing the SCEP pkiMessage (Section 3.1). The requester MUST use RSA keys for all symmetric key operations. (The message types, being based on PKCS#7 [RFC2315], fully support algorithm agility). A requester MUST have the following information locally configured: 1. The Certification Authority IP address or fully qualified domain name 2. The Certification Authority HTTP CGI script path 3. The identifying information that is used for authentication of the Certification Authority in Section 4.1.1. This information MAY be obtained from the user, or presented to the end user for Pritikin, et al. Expires June 3, 2010 [Page 6] Internet-Draft SCEP November 2009 manual authorization during the protocol exchange (e.g. the user indicates acceptance of a fingerprint via a user-interface element). The requester MUST have MESSAGE information configured if the Certification Authority requires it (see Section 5.1). The requester MAY maintain multiple independent configurations appropriate for multiple Certification Authorities. Doing so does not effect the protocol operation and is not in scope of this document. Certificate requests for certificates whose purpose is a specific solution are encouraged to conform to the solution's profile, e.g. [RFC4945] section 5 for IKE/IPsec certificates. 2.1.2. Certification Authority An SCEP Certification Authority (CA) is the entity that signs client certificates. The CAs name appears in the issuer field of resulting certificates. Before any PKI operations can occur, the SCEP CA server obtains a 'CA' certificate that matches the profile in [RFC5280]. This MAY be a CA certificate that was issued by a higher level CA. The SCEP server CA certificate MUST be provided out-of-band to the SCEP requester. The CA certificate fingerprint MAY be used to authenticate a CA Certificate distributed by the GetCACert response (Section 4.1.1). The fingerprint is created by calculating a SHA-1, SHA-256, SHA-512, or MD5 hash on the whole CA certificate. The certification authority MUST either include a cRLDistributionPoint extension in every certificate it issues or answer CRL queries itself, in which case it SHOULD be online at all times. The certification authority SHOULD either answer certificate queries or make certificates available via LDAP. A certification authority may enforce any arbitrary policies, including name uniqueness policies, and apply them to certification requests. The certification authority MAY reject any request. If the client has already been issued a certificate for this keypair the server MAY return the previously created certificate. The requester MUST NOT assume any of the fields in the certification request, except for the public key, will be the same in the certificate issued. If a client times out from polling for a pending request it can Pritikin, et al. Expires June 3, 2010 [Page 7] Internet-Draft SCEP November 2009 resynchronize by reissuing the original request with the original subject name, key, and transaction ID. The CA SHOULD return the status of the original transaction, including the certificate if it was granted. The CA SHOULD NOT create a new transaction unless the original certificate has been revoked, or the transaction arrives more than halfway through the validity period of the original certificate. 2.1.3. Registration Authority An SCEP Registration Authority (RA) is an SCEP server that performs validation and authorization checks of the SCEP requester but forwards the certification requests to the CA. The RAs name does not appear in the issuer field of resulting certificates. The RA MUST return the RA certificate, in addition to the CA certificate, in the GetCACert Response (see Section 5.2.1.1.2). The existence of an RA certificate in this response indicates to the client that an RA is in use. In order to securely communicate with an RA using SCEP Secure Message Objects (Section 3) the client MUST use the RA's keys instead of the CA's keys to sign the messages. In order to service certification requests the RA must pass the requests to the CA server for signing. The RA MAY use SCEP to communicate with the CA, in which case the RA acts as both an SCEP server (between the client and the RA) and an SCEP requester (between the RA and the CA). The RA MAY respond to client certificate requests with a PENDING response while communicating with the CA; for example if the CA must manually authorize a certification request and thus returns PENDING to the RA the RA may respond with PENDING to the client while polling the CA. Communication between the RA and the CA MAY be over other protocols such as Certificate Management over CMS [RFC5272]. 2.2. Requester authentication As with every protocol that uses public-key cryptography, the association between the public keys used in the protocol and the identities with which they are associated must be authenticated in a cryptographically secure manner. This requirement is needed to prevent a "man-in-the-middle" attack, in which an adversary can manipulate the data as it travels between the protocol participants and subvert the security of the protocol. The communication between the requester and the certification authority are secured using SCEP Secure Message Objects (Section 3) which specifies how PKCS#7 [RFC2315] is used to encrypt and sign the Pritikin, et al. Expires June 3, 2010 [Page 8] Internet-Draft SCEP November 2009 data. In order to perform the signing operation the client uses an appropriate local certificate: 1. If the requesting system already has a certificate issued by the SCEP server, and the server supports RENEWAL (see Appendix C), that certificate SHOULD be used. 2. If the requesting system has no certificate issued by the new CA, but has credentials from an alternate CA the certificate issued by the alternate CA MAY be used. Policy settings on the new CA will determine if the request can be accepted or not. This is useful when enrolling with a new administrative domain; by using a certificate from the old domain as credentials. 3. If the requester does not have an appropriate existing certificate, then a locally generated self-signed certificate MUST be used instead. The self-signed certificate MUST use the same subject name as in the PKCS#10 request. During the certificate enrollment, the requester MUST use the selected certificate to sign the PKCS#7 [RFC2315] (see Section 3). The server CertResp uses this signing certificate when encrypting the response (see Section 3.2.2). When the certification authority creates the PKCS#7 [RFC2315] envelope on the issued certificate, it SHOULD use the public key, issuer name, and serial number conveyed in the above included certificate. This will inform the end entity of which private key should be used to open the envelope. Note that when a client enrolls for separate encryption and signature certificates, it MAY use the signature certificate to sign both requests, and then expect its signature key to be used to encrypt both responses. In any case, the RecipientInfo on the envelope MUST reflect the key used to encrypt the request. 2.3. Enrollment authorization There are two mechanisms for automated enrollment authorization. Since the client uses an existing certificate to sign SCEP messages the server MAY use this certificate to authenticate the client and determine the appropriate authorization. In addition to the policy requirements implied by optional support of RENEWAL, see Appendix D, the SCEP server SHOULD implement appropriate logic to support client authentication and automated enrollment using existing client credentials that were issued by an alternate PKI hierarchy. Additionally PKCS#10 [RFC2986] specifies the use of a PKCS#9 Pritikin, et al. Expires June 3, 2010 [Page 9] Internet-Draft SCEP November 2009 [RFC2985] challengePassword attribute to be sent as part of the enrollment request. SCEP optionally uses this challengePassword to allow for unauthenticated authorization of enrollment requests. The PKCS#7 [RFC2315] envelope protects the privacy of the challenge password. When utilizing the challengePassword, the server distributes a shared secret to the requester which will uniquely associate the enrollment request with the requester. The distribution of the secret must be private: only the end entity should know this secret. If a challengePassword is provided by the CA operator the client SHOULD use this in the certification request. The actual binding mechanism between the requester and the secret is subject to the server policy and implementation. . The requester MAY use any of the requester authentication mechanisms to provide additional authentication material, although the server MAY ignore everything but the challengePassword. In the manual mode the requester's messages wait, or are placed in the PENDING state, until the CA operator authorizes or rejects them. Manual authorization is used when the client has only a self-signed certificate and/or a challengePassword is not available.. The requester generates a SHA-1, SHA-256, SHA-512, or MD5 'fingerprint' of the PKCS#10 [RFC2986] (before PKCS#7 [RFC2315] enveloping and signing). This fingerprint is sent to the CA operator using an out-of-band method. The CA operator MUST compared this fingerprint to a locally generated fingerprint based on the message received during the SCEP exchange. SCEP clients and CAs (or RAs, if appropriate) MUST support display of this fingerprint to the operator to enable this authorization method. The out-of-band distribution and comparison of fingerprints is not covered by this document. 2.4. CA/RA Certificate Distribution If the CA and/or RA certificates have not previously been acquired by the requester in some other means, the requester MUST retrieve the CA/RA certificates before any PKI operation (Section 3) can be started. Since no public key has yet been exchanged between the requester and the CA/RA, the messages cannot be secured using PKCS#7 [RFC2315], and the data is instead transferred in the clear. If an RA is in use, a certificates-only PKCS#7 [RFC2315] SignedData with a certificate chain consisting of both RA and CA certificates is Pritikin, et al. Expires June 3, 2010 [Page 10] Internet-Draft SCEP November 2009 returned. Otherwise the CA certificate itself is returned. The transport protocol (Section 5) MUST indicate which one is returned. After the requester gets the CA certificate, it MUST authenticate the CA certificate by comparing the CA certificate fingerprint (see Section 2.1.2) with the locally configured, out-of-band distributed, identifying information. Since the optional RA certificates are signed by the CA there is no need to authenticate them against the out-of-band data. Clients MUST verify the RA certificate signature before use during protocol exchanges. Clients MUST verify the authorization of the RA certificates. The authorization mechanism is specified by the CA administrator and is out of scope for this document. Because a long time can pass between queries from a requester to a CA/RA and because RA certificates can change at any time, it is recommended that a requester not store RA certificates. Instead, the requester SHOULD retrieve the CA/RA certificates before each operation. 2.5. Certificate Enrollment A requester starts an enrollment (Section 3.2.1) transaction by creating a certificate request using PKCS#10 [RFC2986] and sends it to the CA/RA enveloped using the PKCS#7 (Section 3). It is up to local CA policy (and CA implementation) as to whether a certificate is granted automatically, or whether it is manually granted by the administrator. The challengePassword MAY be used to automatically authenticate the request. If the CA/RA returns a CertRep (Section 3.2.2) message with status set to PENDING, the requester enters into polling mode by periodically sending a GetCertInitial (Section 3.2.3) PKI message to the CA/RA, until the CA/RA operator completes the manual authentication (approving or denying the request). In general, the requester will send a single PKCSReq (Section 3.2.1) message, followed by 0 or more GetCertInitial (Section 3.2.3) messages, if polling mode is entered. In general, the CA/RA will send 0 or more CertRep (Section 3.2.2) messages with status set to PENDING, followed by a single CertRep (Section 3.2.2) with status set to either SUCCESS or FAILURE. Pritikin, et al. Expires June 3, 2010 [Page 11] Internet-Draft SCEP November 2009 2.5.1. Client State Transitions The requester state transitions during enrollment operation are indicated in Figure 1. GetCertInitial +----<---+ | | CertRep(PENDING), | | GetCertInitial send-timeout, | | new-poll timer | | [CERT-NONEXISTANT] -----+---> [CERT-REQ-PENDING] [CERT-ISSUED] ^ PKCSReq | | ^ | | | | | | +---------------+ | | CertRep(SUCCESS) +--------------------------+ CertRep(FAILURE), PKCSReq send-timeout, max-time/max-polls exceeded Figure 1: State Transition Diagram Certificate enrollment starts at the state CERT-NONEXISTANT. Sending a PKCSReq message changes the state to CERT-REQ-PENDING. If there is no response, or sending is not possible, the state reverts back to CERT-NONEXISTANT. Receiving a CertRep message with pkiStatus set to SUCCESS changes the state to CERT-ISSUED. Receiving a CertRep message with pkiStatus set to FAILURE changes the state to CERT-NONEXISTANT. If the server sends back a CertRep message with pkiStatus set to PENDING, the requester will keep polling by sending a GetCertInitial message to the server, until either a CertRep message with status set to SUCCESS or FAILURE is received, or the maximum number of polls has been exceeded. If the maximum number of polls has been exceeded or a CertRep message with pkiStatus set to FAILURE is received while in the CERT-REQ- PENDING state, the end entity will transition to the CERT-NONEXISTANT state, and the SCEP client can eventually initiate another enrollment request. It is important to note that, as long as the requester does not change its subject name or keys, the same transaction ID will be used in the "new" transaction. This is important because based on this transaction ID, the certification authority can recognize this Pritikin, et al. Expires June 3, 2010 [Page 12] Internet-Draft SCEP November 2009 as an existing transaction instead of a new one. A successful transaction in automatic mode: REQUESTER CA SERVER PKCSReq: PKI cert. enrollment msg --------------------------------> CertRep: pkiStatus = SUCCESS certificate attached <------------------------------ Receive issued certificate. Figure 2: Automatic mode transaction A successful transaction in manual mode: REQUESTER CA SERVER PKCSReq: PKI cert. enrollment msg --------------------------------> CertRep: pkiStatus = PENDING <------------------------------ GetCertInitial: polling msg --------------------------------> CertRep: pkiStatus = PENDING <------------------------------ ................ ............... GetCertInitial: polling msg --------------------------------> CertRep: pkiStatus = SUCCESS certificate attached <------------------------------ Receive issued certificate. Figure 3: Manual mode transaction 2.6. Certificate Access There are two methods to query certificates. The first method is to use LDAP as a query protocol. Using LDAP to query assumes the client understands the LDAP scheme supported by the CA. The SCEP client assumes that the subject DN in the certificate is used as the URL to query the certificate. The standard attributes (userCertificate and caCertificate) are used as filter. For the environment where LDAP is not available, a certificate query message is defined to retrieve the certificates from the CA. To query a certificate from the certification authority, a requester sends a request consisting of the certificate's issuer name and serial number. This assumes that the requester has saved the issuer name and the serial number of the issued certificate from the previous enrollment transaction. The transaction to query a Pritikin, et al. Expires June 3, 2010 [Page 13] Internet-Draft SCEP November 2009 certificate consists of one GetCert (Section 3.2.4) message and one CertRep (Section 3.2.2) message, as shown in Figure 4. REQUESTER CA SERVER GetCert: PKI certificate query msg -------------------------------> CertRep: pkiStatus = SUCCESS certificate attached <----------------------------- Receive the certificate. Figure 4: GetCert Transaction 2.7. CRL Access SCEP clients request a CRL via one of two methods: 1. If the CA supports CRL Distribution Points [RFC5280] (section 4.2.1.13), then the CRL MUST be retrieved via the mechanism specified in the CDP. 2. If the CA does not support CDP's, a CRL query is composed by creating a GetCRL message consisting of the issuer name and serial number from a certificate within the scope of the CRL to be retrieved (e.g. from a certificate to be validated). The server SHOULD NOT support the GetCRL method because: o it does not scale well due to the unnecessary cryptography (see, Section 8.8) o it requires the CA to be a high-availability service o only limited information to determine the CRL scope is provided (see [RFC5280] Section 5). The message is sent to the SCEP server in the same way as the other SCEP requests: The transaction to retrieve a CRL consists of one GetCRL PKI message and one CertRep PKI message, which contains only the CRL (no certificates), as shown in Figure 5. On receipt of this message, the SCEP server MAY use the IssuerAndSerial information to return an appropriate CRL. REQUESTER CA SERVER GetCRL: PKI CRL query msg ----------------------------------> CertRep: CRL attached <-------------------------------- Pritikin, et al. Expires June 3, 2010 [Page 14] Internet-Draft SCEP November 2009 Figure 5: GetCRL Transaction 2.8. Certificate Revocation SCEP does not specify a method to request certificate revocation. In order to revoke a certificate, the requester must contact the CA server operator using a non-SCEP defined mechanism. Although the PKCS#10 [RFC2986] challengePassword is used by SCEP for enrollment authorization (see Enrollment authorization (Section 2.3)) this does not inhibit the CA server from maintaining a record of the challengePassword to use during subsequent revocation operations as implied by [RFC2985]. 3. SCEP Secure Message Objects PKCS#7 [RFC2315] is a general enveloping mechanism that enables both signed and encrypted transmission of arbitrary data. All messages MUST be valid PKCS#7 [RFC2315] structures, unless otherwise noted. SCEP messages that require confidentiality use two layers of PKCS#7, as shown in Figure 6. By applying both enveloping and signing transformations, the SCEP message is protected both for the integrity of its end-to-end transaction information and the confidentiality of its information portion. The advantage of this technique over the conventional transaction message format is that the signed transaction type information and the status of the transaction can be determined prior to invoking security handling procedures specific to the information portion being processed. Some messages do not require enveloping, in which case the EnvelopedData in Figure 6 is omitted. Pritikin, et al. Expires June 3, 2010 [Page 15] Internet-Draft SCEP November 2009 ContentType = SignedData (called pkiMessage) SignerInfo Signature authenticatedAttributes transactionID messageType pkiStatus failInfo senderNonce recipientNonce etc ContentInfo type = EnvelopedData (called pkcsPKIEnvelope; optional) RecipientInfo ContentInfo type = Data messageData Figure 6: PKCS#7 Layering Description: o The outer PKCS#7 is a pkiMessage (Section 3.1). o The SignedData ContentInfo, if present (e.g. FAILURE and PENDING CertRep messages will lack any signed content), MUST be a pkcsPKIEnvelope (Section 3.1.2). When a particular SCEP message carries data, this data is carried in the messageData. Note: The remainder of this document will refer only to 'messageData', but it is understood to always be encapsulated in the pkcsPKIEnvelope (Section 3.1.2). The format of the data in the messageData is defined by the messageType attribute (see Section 3.1.1) of the SignedData. If there is no messageData to be transmitted, the entire pkcsPKIEnvelope MUST be omitted. 3.1. SCEP pkiMessage The basic building block of all secured SCEP messages is the SCEP pkiMessage. It consists of an PKCS#7 signed-data content type, as defined in PKCS#7 [RFC2315] Section 9. The following restrictions apply: o version MUST be 1 o the contentType in contentInfo MUST be data ({pkcs-7 1}) as defined in PKCS#7 [RFC2315] Section 8. Pritikin, et al. Expires June 3, 2010 [Page 16] Internet-Draft SCEP November 2009 o The signed content, if present (e.g. FAILURE and PENDING CertRep messages will lack any signed content), MUST be a pkcsPKIEnvelope (Section 3.1.2), and must match the messageType attribute. o The SignerInfo MUST contain a set of authenticatedAttributes (see PKCS#7 [RFC2315] Section 9.2 as well as Section 3.1.1 in this document). All messages MUST contain * an SCEP transactionID attribute * an SCEP messageType attribute * an SCEP senderNonce attribute * any attributes required by PKCS#7 [RFC2315] section 9.2 If the message is a response, it MUST also include * an SCEP pkiStatus attribute * an SCEP recipientNonce attribute 3.1.1. Signed Transaction Attributes The following transaction attributes are encoded as authenticated attributes, and are carried, as specified in PKCS#7 [RFC2315] Section 9.2, in the SignerInfo for this signedData. Please refer to Appendix A for the OID definitions. +----------------+-----------------+---------------------------+ | Attribute | Encoding | Comment | +----------------+-----------------+---------------------------+ | transactionID | PrintableString | Hash value as a string | | messageType | PrintableString | Decimal value as a string | | pkiStatus | PrintableString | Decimal value as a string | | failInfo | PrintableString | Decimal value as a string | | senderNonce | OCTET STRING | | | recipientNonce | OCTET STRING | | +----------------+-----------------+---------------------------+ Transaction Attributes The attributes are detailed in the following sections. Pritikin, et al. Expires June 3, 2010 [Page 17] Internet-Draft SCEP November 2009 3.1.1.1. transactionID A PKI operation is a transaction consisting of the messages exchanged between a requester and the server. The transaction identifier is a string generated by the client when starting a transaction. The client MUST generate a unique string as the transaction identifier, which MUST be used for all PKI messages exchanged for a given enrollment, encoded as a PrintableString. The transaction identifier SHOULD be generated as a SHA-1, SHA-256, SHA-512 or MD5 hash on the public key value for which the enrollment request is made. This allows the SCEP client to automatically generate the same transaction id for any given keypair. The SCEP protocol requires that transaction identifiers be unique, so that subsequent polling queries can be matched with previous transactions. Thus, if separate signing and encryption certificates are requested by the client the keys must be different. When using the certificate query and CRL query messages defined in this protocol, the transaction identifier is still required so that the requester can match the response message with the outstanding request message. When using LDAP to query the certificate and the CRL, the behavior is specified by the LDAP protocol. For a non- enrollment message (for example GetCert and GetCRL), the transactionID SHOULD be a number unique to the client. 3.1.1.2. messageType The messageType attribute specifies the type of operation performed by the transaction. This attribute MUST be included in all PKI messages. Currently, the following message types are defined: o PKCSReq (19) -- PKCS#10 [RFC2986] certificate request o CertRep (3) -- Response to certificate or CRL request o GetCertInitial (20) -- Certificate polling in manual enrollment o GetCert (21) -- Retrieve a certificate o GetCRL (22) -- Retrieve a CRL 3.1.1.3. pkiStatus All response messages MUST include transaction status information, which is defined as pkiStatus attribute: Pritikin, et al. Expires June 3, 2010 [Page 18] Internet-Draft SCEP November 2009 o SUCCESS (0) -- request granted o FAILURE (2) -- request rejected. When pkiStatus is FAILURE, the failInfo attribute, as defined in Section 3.1.1.4, MUST also be present. o PENDING (3) -- request pending for manual approval 3.1.1.4. failInfo The failInfo attribute MUST contain one of the following failure reasons: o badAlg (0) -- Unrecognized or unsupported algorithm identifier o badMessageCheck (1) -- integrity check failed o badRequest (2) -- transaction not permitted or supported o badTime (3) -- The signingTime attribute from the PKCS#7 authenticatedAttributes was not sufficiently close to the system time (see Section 3.1.1.6). o badCertId (4) -- No certificate could be identified matching the provided criteria 3.1.1.5. senderNonce and recipientNonce The attributes of senderNonce and recipientNonce are 16 byte random numbers generated for each transaction to prevent replay attacks. When a requester sends a PKI message to the server, a senderNonce MUST be included in the message. The recipient SHOULD copy the senderNonce into the recipientNonce of the reply as a proof of liveliness. The requester SHOULD verify that the recipientNonce of the reply matches the senderNonce it sent in the request. 3.1.1.6. signingTime Attribute The signingTime Attribute is defined in [RFC2985] Section 5.3.3, and is carried as defined in a [RFC2315] authenticated attribute (Section 9.2). This attribute is optional. Pritikin, et al. Expires June 3, 2010 [Page 19] Internet-Draft SCEP November 2009 3.1.2. SCEP pkcsPKIEnvelope The information portion of a SCEP message is carried inside an enveloped-data content type, as defined in PKCS#7 [RFC2315] Section 10, with the following restrictions: o version MUST be 0 o contentType in encryptedContentInfo MUST be data ({pkcs-7 1}) as defined in PKCS#7 [RFC2315] Section 8. o encryptedContent MUST be the SCEP message being transported (see Section 4), and must match the messageType authenticated Attribute in the pkiMessage. The message is encrypted using the public key of the recipient of the message, i.e. the RA or the CA public key (if sent from the requester), or the requester public key (if sent as a reply to the requester). 3.2. SCEP pkiMessage types All of the messages in this section are pkiMessages (Section 3.1), where the type of the message MUST be specified in the 'messageType' authenticated Attribute. Each section defines a valid message type, the corresponding messageData formats, and mandatory authenticated attributes for that type. 3.2.1. PKCSReq The messageData for this type consists of a DER-encoded PKCS#10 Certification Request [RFC2986]. The certification request MAY contain any fields defined in PKCS#10 [RFC2986], and MUST contain at least the following items: o the subject Distinguished Name o the subject public key o a challengePassword attribute. The Challenge Password may be used to (out-of-band) authenticate the enrollment request itself, or in an out-of-band revocation request for the issued certificate. In addition to the authenticatedAttributes required for a valid PKCS#7 [RFC2315], this pkiMessage MUST include the following attributes: Pritikin, et al. Expires June 3, 2010 [Page 20] Internet-Draft SCEP November 2009 o a transactionID (Section 3.1.1.1) attribute o a messageType (Section 3.1.1.2) attribute set to PKCSReq o a senderNonce (Section 3.1.1.5) attribute The pkcsPKIEnvelope for this message type is encrypted using the public key of the recipient, i.e. the CA or RA public key. 3.2.2. CertRep The messageData for this type consists of a DER-encoded degenerate certificates-only Signed-data (Section 3.3). The exact contents required for certain CertRep replies depends on the type of request this message is a reply to and is detailed in Table 1 and in Section 4. In addition to the authenticatedAttributes required for a valid PKCS#7 [RFC2315], this pkiMessage MUST include the following attributes: o the transactionID (Section 3.1.1.1) attribute copied from the request we are responding to o a messageType (Section 3.1.1.2) attribute set to CertRep o a senderNonce (Section 3.1.1.5) attribute o a recipientNonce attribute (Section 3.1.1.5) copied from the senderNonce from the request we are responding to. o a pkiStatus (Section 3.1.1.3) set to the status of the reply. The pkcsPKIEnvelope of a CertRep (if present), MUST be encrypted with the same certificate used to sign the PKCSReq this message is a reply to, according to section 10 in PKCS#7 [RFC2315]. This means that if a self-signed certificate was used to send the request, this self- signed certificate will be reflected in the recipientInfo field of the envelopedData, in accordance with PKCS#7 [RFC2315] section 10. 3.2.2.1. CertRep SUCCESS When the pkiStatus attribute is set to SUCCESS, the messageData for this message consists of a DER-encoded degenerate certificates-only Signed-data (Section 3.3). The contents of this degenerate certificates-only Signed-Data depends on what the original request was, as outlined in Table 1. Pritikin, et al. Expires June 3, 2010 [Page 21] Internet-Draft SCEP November 2009 +----------------+--------------------------------------------------+ | Request-type | Reply-contents | +----------------+--------------------------------------------------+ | PKCSReq | the reply MUST contain at least the issued | | | certificate in the certificates field of the | | | Signed-Data. The reply MAY contain additional | | | certificates, but the issued certificate MUST be | | | the first in the list. The reply MUST NOT | | | contain any CRL's. All returned certificates | | | MUST conform to [RFC5280]. | | GetCertInitial | same as PKCSReq | | GetCert | the reply MUST contain at least the requested | | | certificate in the certificates field of the | | | Signed-Data. The reply MAY contain additional | | | certificates, but the requested certificate MUST | | | be the first in the list. The reply MUST NOT | | | contain any CRL's. All returned certificates | | | MUST conform to [RFC5280]. | | GetCRL | the reply MUST contain the CRL in the crls field | | | of the Signed-Data. The reply MUST NOT contain | | | any certificates. The CRL MUST be a valid CRL | | | according to [RFC5280]. | +----------------+--------------------------------------------------+ Table 1: CertRep Types 3.2.2.2. CertRep FAILURE When the pkiStatus attribute is set to FAILURE, the reply MUST also contain a failInfo (Section 3.1.1.4) attribute set to the appropriate error condition describing the failure. The pkcsPKIEnvelope (Section 3.1.2) MUST be omitted. 3.2.2.3. CertRep PENDING When the pkiStatus attribute is set to PENDING, the pkcsPKIEnvelope (Section 3.1.2) MUST be omitted. 3.2.3. GetCertInitial The messageData for this type consists of a DER-encoded IssuerAndSubject (Section 3.2.3.1). The issuer is set to the issuerName from the certification authority from which we are issued certificates. The Subject is set to the SubjectName we used when requesting the certificate. In addition to the authenticatedAttributes required for a valid PKCS#7 [RFC2315], this pkiMessage MUST include the following Pritikin, et al. Expires June 3, 2010 [Page 22] Internet-Draft SCEP November 2009 attributes: o the same transactionID (Section 3.1.1.1) attribute from original PKCSReq message o a messageType (Section 3.1.1.2) attribute set to GetCertInitial o a senderNonce (Section 3.1.1.5) attribute 3.2.3.1. IssuerAndSubject Similar to the IssuerAndSerial defined in PKCS#7 [RFC2315] Section 6.7, we need to define an IssuerAndSubject ASN.1 type (Figure 7). The ASN.1 definition of the issuerAndSubject type is as follows: issuerAndSubject ::= SEQUENCE { issuer Name, subject Name } Figure 7: IssuerAndSubject ASN.1 3.2.4. GetCert The messageData for this type consists of a DER-encoded IssuerAndSerial as defined in PKCS#7 [RFC2315] Section 6.7 containing the "distinguished name of the certificate issuer and an issuer- specific certificate serial number" which uniquely identifies the certificate being requested. In addition to the authenticatedAttributes required for a valid PKCS#7 [RFC2315], this pkiMessage MUST include the following attributes: o a transactionID (Section 3.1.1.1) attribute o a messageType (Section 3.1.1.2) attribute set to PKCSReq o a senderNonce (Section 3.1.1.5) attribute A self-signed certificate MAY be used in the signed envelope. This enables the requester to request their own certificate if they were unable to store it previously. 3.2.5. GetCRL The messageData for this type consists of a DER-encoded IssuerAndSerial as defined in PKCS#7 [RFC2315] Section 6.7 the issuer Pritikin, et al. Expires June 3, 2010 [Page 23] Internet-Draft SCEP November 2009 name and serial number from the certificate to be validated. In addition to the authenticatedAttributes required for a valid PKCS#7 [RFC2315], this pkiMessage MUST include the following attributes: o a transactionID (Section 3.1.1.1) attribute o a messageType (Section 3.1.1.2) attribute set to PKCSReq o a senderNonce (Section 3.1.1.5) attribute 3.3. Degenerate certificates-only PKCS#7 Signed-data [RFC2315] section 9 includes a degenerate case of the PKCS#7 Signed- data content type, in which there are no signers. The use of such a degenerate case is to disseminate certificates and certificate- revocation lists. For SCEP the content field of the ContentInfo value of a degenerate certificates-only Signed-Data MUST be omitted. When carrying certificates, the certificates are included in the 'certificates' field of the Signed-Data. When carrying a CRL, the CRL will be included in the 'crls' field of the Signed-Data. 4. SCEP Transactions This section describes the SCEP Transactions, without explaining the transport. The transport of each message is discussed in Section 5. Some of the transaction-requests have no data to send, i.e. the only data is the message-type itself (e.g. a GetCACert message has no additional data). The use of such messages will become clearer in Section 5. In this section, each SCEP transaction is specified in terms of the complete messages exchanged during the transaction. The order of the transactions in this section is mirrored in Section 5.2 for better organization and readability. 4.1. Get CA Certificate To get the CA certificate(s), the requester sends a GetCACert message to the server. There is no request data associated with this message (see Section 5.2.1). Pritikin, et al. Expires June 3, 2010 [Page 24] Internet-Draft SCEP November 2009 4.1.1. Get CA Certificate Response Message Format The response depends on whether the responding server has RA certificates or only a single CA certificate. The server MUST indicate which response it is sending via the transport protocol used (see Section 5.2.1). All returned certificates MUST conform to [RFC5280]. Once the CA certificate is received by the requester (regardless of the presence of RA certificates), a fingerprint is generated using the SHA1, SHA256, SHA512 or MD5 hash algorithm on the whole CA certificate. If the requester does not have a certificate path to a trusted CA certificate, this fingerprint may be used to verify the certificate, by some positive out-of-band means, such as a phone call or pre-provisioning. 4.1.1.1. CA Certificate Response Message Format If the server is a certification authority and does not have any RA Certificates, the response consists of a single DER-encoded X.509 CA certificate. 4.1.1.2. CA/RA Certificate Response Message Format If the server has RA Certificates, the response consists of a DER- encoded degenerate certificates-only Signed-data (Section 3.3) containing the CA certificate and RA certificates. 4.2. Certificate Enrollment A PKCSReq (Section 3.2.1) message is used to perform a certificate enrollment transaction. The reply MUST be a CertRep (Section 3.2.2) message sent back from the server, indicating SUCCESS, FAILURE, or PENDING. Precondition: Both the requester and the certification authority have completed their initialization process. The requester has already been configured with the CA/RA certificate. Postcondition: Either the certificate is received by the requester, or the end entity is notified to do the manual authentication, or the request is rejected. Pritikin, et al. Expires June 3, 2010 [Page 25] Internet-Draft SCEP November 2009 4.2.1. Certificate Enrollment Response Message If the request is granted, a CertRep (Section 3.2.2) message with pkiStatus set to SUCCESS is returned. The reply MUST also contain the certificate (and MAY contain any other certificates needed by the requester). The issued certificate MUST be the first in the list. If the request is rejected, a CertRep (Section 3.2.2) message with pkiStatus set to FAILURE is returned. The reply MUST also contain a failInfo attribute. If the the CA is configured to manually authenticate the requester, a CertRep (Section 3.2.2) message with pkiStatus set to 'PENDING' MAY be returned. 4.3. Poll for Requester Initial Certificate Triggered by a CertRep (Section 3.2.2) with pkiStatus set to PENDING, a requester will enter the polling state by periodically sending GetCertInitial (Section 3.2.3) to the server, until either the request is granted and the certificate is sent back, or the request is rejected, or the configured time limit for polling (or maximum number of polls) is exceeded. Since GetCertInitial is part of the enrollment, the messages exchanged during the polling period MUST carry the same transactionID attribute as the previous PKCSReq. A server receiving a GetCertInitial for which it does not have a matching PKCSReq MUST ignore this request. Since at this time the certificate has not been issued, the requester can only use its own subject name (which was contained in the original PKCS#10 sent via PKCSReq) to identify the polled certificate request. Since there can be multiple outstanding requests from one requester (for example, if different keys and different key-usages were used to request multiple certificates), the transaction ID must also be included, to disambiguate between multiple requests. PreCondition: The requester has received a CertRep with pkiStatus set to PENDING. PostCondition: The requester has either received a valid response, which could be either a valid certificate (pkiStatus = SUCCESS), or a FAILURE message, or the polling period times out. Pritikin, et al. Expires June 3, 2010 [Page 26] Internet-Draft SCEP November 2009 4.3.1. Polling Response Message Format The response messages for GetCertInitial are the same as in Section 4.2.1. 4.4. Certificate Access The certificate query message is an option when the LDAP server is not available to provide the certificate query. A requester should be able to query an issued certificate from the certification authority, as long as the issuer name and the issuer assigned certificate serial number is known to the requesting end entity. This transaction is not intended to provide the service as a certificate directory service. A more complicated query mechanism would have to be defined in order to allow a requester to query a certificate using various different fields. This transaction consists of one GetCert (Section 3.2.4) message sent to the server by a requester, and one CertRep (Section 3.2.2) message sent back from the server. PreCondition: The queried certificate have been issued by the certification authority and the issuer assigned serial number is known. PostCondition: Either the certificate is sent back or the request is rejected. 4.4.1. Certificate Access Response Message Format In this case, the CertRep from the server is same as in Section 4.2.1, except that the server will only either grant the request (SUCCESS) or reject the request (FAILURE). 4.5. CRL Access Clients MAY request a CRL from the SCEP server as described in Section 2.7. PreCondition: The certification authority certificate has been downloaded to the end entity. PostCondition: CRL sent back to the requester. 4.5.1. CRL Access Response Message Format The CRL is sent back to the requester in a CertRep (Section 3.2.2) message. The information portion of this message is a degenerate Pritikin, et al. Expires June 3, 2010 [Page 27] Internet-Draft SCEP November 2009 certificates-only Signed-data (Section 3.3) which contains only the most recent CRL in the crls field of the Signed-Data. The server MAY return any appropriate CRL. 4.6. Get Next Certification Authority Certificate When a CA certificate is about to expire, clients need to retrieve the CA's next CA certificate (i.e. the Rollover Certificate). This is done via the GetNextCACert message. There is no request data associated with this message (see Section 5.2.6). 4.6.1. Get Next CA Response Message Format The response consists of a SignedData PKCS#7 [RFC2315], signed by the current CA (or RA) signing key. Clients MUST validate the signature on the the SignedData PKCS#7 [RFC2315] before accepting any of its contents. The content of the SignedData PKCS#7 [RFC2315] is a degenerate certificates-only Signed-data (Section 3.3) message containing the new CA certificate and any new RA certificates, as defined in Section 5.2.1.1.2, to be used when the current CA certificate expires. If the CA (or RA) does not have the Rollover certificate(s) it MUST reject the request. It SHOULD also remove the GetNextCACert setting from the capabilities until it does have rollover certificates. If there are any RA certificates in this response, clients MUST check that these RA certificates are signed by the CA, and MUST check authorization of these RA certificates (see Section 2.1.3). 5. SCEP Transport HTTP is used as the transport protocol for SCEP Message Objects. 5.1. HTTP "GET" Message Format SCEP uses the HTTP "GET" messages to request information from the CA. The following is the syntax definition of a HTTP GET message sent from a requester to a certification authority server: "GET" CGI-PATH CGI-PROG "?operation=" OPERATION "&message=" MESSAGE where: Pritikin, et al. Expires June 3, 2010 [Page 28] Internet-Draft SCEP November 2009 o CGI-PATH defines the actual CGI path to invoke the CGI program that parses the request. o CGI-PROG is set to be the string "pkiclient.exe". This is intended to be the program that the CA will use to handle the SCEP transactions, though the CA may ignore CGI-PROG and use only the CGI-PATH. o OPERATION depends on the SCEP transaction and is defined in the following sections. o MESSAGE depends on the SCEP transaction and is defined in the following sections. If the CA supports it, requests may also be done via an HTTP POST. This is described in Appendix F. 5.1.1. Response Message Format For each GET operation, the CA/RA server MUST return a Content-Type and appropriate response data, if any. 5.2. SCEP HTTP Messages 5.2.1. GetCACert OPERATION MUST be set to "GetCACert". MESSAGE MAY be omitted, or it MAY be a string that represents the certification authority issuer identifier, if such has been set by the CA Administrator. 5.2.1.1. GetCACert Response The response for GetCACert is different between the case where the CA directly communicates with the requester during the enrollment, and the case where a RA exists and the requester communicates with the RA during the enrollment. 5.2.1.1.1. CA Certificate Only Response The response will have a Content-Type of "application/ x-x509-ca-cert". The body of this response consists of a DER-encoded X.509 CA certificate, as defined in Section 4.1.1.1. "Content-Type:application/x-x509-ca-cert\n\n" Pritikin, et al. Expires June 3, 2010 [Page 29] Internet-Draft SCEP November 2009 5.2.1.1.2. CA and RA Certificates Response The response will have a Content-Type of "application/ x-x509-ca-ra-cert". The body of this response consists of a DER-encoded degenerate certificates-only Signed-data (Section 3.3) containing both CA and RA certificates, as defined in Section 4.1.1.2. "Content-Type:application/x-x509-ca-ra-cert\n\n" 5.2.2. PKCSReq OPERATION MUST be set to "PKIOperation". MESSAGE consists of a base64-encoded DER-encoded PKCSReq SCEP message. An example PKIOperation request might look as follows: GET /cgi-bin/pkiclient.exe?operation=PKIOperation&message=MIAGCSqGSIb3D QEHA6CAMIACAQAxgDCBzAIBADB2MGIxETAPBgNVBAcTCE ......AAAAAA== HTTP/1.0 5.2.2.1. PKCSReq Response The response will have a Content-Type of "application/x-pki-message". The body of this response consists of a DER-encoded CertRep SCEP message defined in Section 4.2.1. The following is an example of the response: "Content-Type:application/x-pki-message\n\n" 5.2.3. GetCertInitial OPERATION MUST be set to "PKIOperation". MESSAGE consists of a base64-encoded DER-encoded GetCertInitial SCEP message. 5.2.3.1. GetCertInitial Response The body of this response consists of a DER-encoded CertRep SCEP message defined in Section 4.3.1. 5.2.4. GetCert OPERATION MUST be set to "PKIOperation". MESSAGE consists of a base64-encoded DER-encoded GetCert SCEP message. Pritikin, et al. Expires June 3, 2010 [Page 30] Internet-Draft SCEP November 2009 5.2.4.1. GetCert Response The body of this response consists of a DER-encoded CertRep SCEP message defined in Section 4.4.1. 5.2.5. GetCRL OPERATION MUST be set to "PKIOperation". MESSAGE consists of a base64-encoded DER-encoded GetCRL SCEP message. 5.2.5.1. GetCRL Response The body of this response consists of a DER-encoded CertRep SCEP message defined in Section 4.5.1. 5.2.6. GetNextCACert OPERATION MUST be set to "GetNextCACert". MESSAGE MAY be ommitted, or it MAY be a string that represents the certification authority issuer identifier, if such has been set by the CA Administrator. 5.2.6.1. GetNextCACert Response The response will have a Content-Type of "application/ x-x509-next-ca-cert". The body of this response consists of a SignedData PKCS#7 [RFC2315], as defined in Section 4.6.1. (This is similar to the GetCert response but does not include any of the attributes defined in Section 3.1.1.) "Content-Type:application/x-x509-next-ca-cert\n\n" > 6. Contributors/Acknowledgements The editor would like to thank all the previous authors and contributors: Cheryl Madson, Xiaoyi Liu, David McGrew, David Cooper, etc for their work on the draft over the years. The authors would like to thank Peter William of ValiCert, Inc. (formerly of VeriSign, Inc.) and Alex Deacon of VeriSign, Inc. and Christopher Welles of IRE, Inc. for their contributions to early versions of this protocol and this document. Pritikin, et al. Expires June 3, 2010 [Page 31] Internet-Draft SCEP November 2009 7. IANA Considerations This memo includes no request to IANA. 8. Security Considerations The security goals of SCEP are that no adversary can: o subvert the public key/identity binding from that intended, o discover the identity information in the enrollment requests and issued certificates, o cause the revocation of certificates with any non-negligible probability. Here an adversary is any entity other than the requester and the CA (and optionally the RA) participating in the protocol that is computationally limited, but that can manipulate data during transmission (that is, a man-in-the-middle). The precise meaning of 'computationally limited' depends on the implementer's choice of cryptographic hash functions and ciphers. The required algorithms are RSA, DES and MD5. Depending on the CA capabilities (see Appendix C), Triple-DES MAY be used instead of DES, and SHA-1, SHA- 256, or SHA-512 MAY be used instead of MD5. The first and second goals are met through the use of PKCS#7 [RFC2315] and PKCS#10 [RFC2986] encryption and digital signatures using authenticated public keys. The CA's public key is authenticated via the checking of the CA fingerprint, as specified in Section 2.1.2, and the SCEP client's public key is authenticated through the manual authentication or pre-shared secret authentication, as specified in Section 2.2. The third goal is met through the use of a challenge password for revocation, which is chosen by the SCEP client and communicated to the CA protected by the PKCS#7 [RFC2315] encryptedData, as specified in Section 2.8. The motivation of the first security goal is straightforward. The motivation for the second security goal is to protect the identity information in the enrollment requests and certificates. For example, two IPSEC hosts behind a firewall may need to exchange certificates, and may need to enroll certificates with a CA that is outside of a firewall. Most networks with firewalls seek to prevent IP addresses and DNS information from the trusted network leaving that network. The second goal enables the hosts in this example to enroll with a CA Pritikin, et al. Expires June 3, 2010 [Page 32] Internet-Draft SCEP November 2009 outside the firewall without revealing this information. The motivation for the third security goal is to protect the SCEP clients from denial of service attacks. 8.1. General Security Common key-management considerations such as keeping private keys truly private and using adequate lengths for symmetric and asymmetric keys must be followed in order to maintain the security of this protocol. This is especially true for CA keys, which, when compromised, compromise the security of all relying parties. 8.2. Use of the CA keypair A CA key pair is generally meant for (and is usually flagged as) "certificate signing" (exclusively), rather than 'data signing' or 'data encryption'. The SCEP protocol, however, uses the CA key pair to encrypt and sign PKCS#7 [RFC2315] transport messages, regardless of the key usage of the CA certificate. This is generally considered undesirable, as it widens the possibility of an implementation weakness, and provides o another place that the private key must be used (and hence is slightly more vulnerable to exposure), o another place where a side channel attack (say, timing or power analysis) might be used, o another place that the attacker might somehow insert his own text, and get it signed by the private key. While the CA key pair can be generated with the 'data encryption' and 'data signing' flags set, this is operationally not encouraged. It would make using the key as a PKCS#7 [RFC2315] transport key 'legal', but the discussion from the previous paragraph still applies. A solution is to use RA keys to secure the SCEP transport (i.e. message signing and encrypting), which allows the CA keys to be used only for their intended purpose of "certificate signing". An RA can be implemented in two ways: physically separate or implicit. In the implicit case, the CA simply creates an extra key pair. A physically separate RA allows the CA to be inside the secure network, not accessible to hackers at all. Pritikin, et al. Expires June 3, 2010 [Page 33] Internet-Draft SCEP November 2009 8.3. ChallengePassword The challengePassword sent in the PKCS#10 enrollment request is signed and encrypted by way of being encapsulated in a pkiMessage. When saved by the CA, care should be taken to protect this password. If the challengePassword is used to automatically authenticate an enrollment request, it is recommended that some form of one-time password be used to minimize damage in the event the data is compromised. 8.4. transactionID A well-written CA/RA SHOULD NOT rely on the transactionID to be correct or as specified in this document. Requesters with buggy software might add additional undetected duplicate requests to the CA's queue (or worse). A well-written CA/RA should never assume the data from a requester is well-formed. 8.5. Nonces and Replay In order to detect replay attacks, both sides need to maintain state information sufficient to detect a repeated, duplicate senderNonce. Since existing implementations do not copy the senderNonce from a CertRep into subsequent GetCertinitial requests, the server will never see its own nonce reflected back to it. The transactionID links together the GetCertInitial and PKCSReq, in any case. 8.6. Key Usage Issues Key pairs may be intended for particular purposes, such as encryption only or signing only. The usage of any associated certificate can be restricted by adding key usage and extended key usage attributes to the PKCS#10 [RFC2986]. If key usage is not present, the public key is assumed to be a general purpose key that may be used for all purposes. When building a pkiMessage, clients MUST have a certificate to sign the PKCS#7 [RFC2315] signed-data (because PKCS#7 [RFC2315] requires it). Clients MUST either use an existing certificate, or create a self-signed certificate (see Section 2.3). If this certificate has a key usage extension in it, then this key usage MUST be ignored by both the SCEP client and SCEP server for the duration of the transaction (the key will be used for signing during the creation of the PKCSReq message, and for encryption during the creation of the CertRep message). Pritikin, et al. Expires June 3, 2010 [Page 34] Internet-Draft SCEP November 2009 8.7. GetCACaps Issues The GetCACaps response is not signed. This allows an attacker to use downgrade attacks (as well as "upgrade attacks") on the cryptographic capabilities of the CA. 8.8. Unnecessary cryptography Some of the SCEP exchanges use signing and encryption operations that are not necessary. In particular the GetCert and GetCRL exchanges are encrypted and signed in both directions. The information requested is public and thus signing the requests is of questionable value but also CRLs and Certificates, i.e. the respective responses, are already signed by the CA and can be verified by the recipient without requiring additional signing and encryption. This may affect performance and scalability of the CA which could be used as an attack vector on the CA (though not an anonymous one). The use of CDPs is recommended for CRL access, as well as other ways of retrieving certificates (LDAP, direct HTTP access, etc.). 8.9. GetNextCACert Servers implementing early versions of the SCEP draft might return an unsigned GetNextCACert response by erroneously mirroring the (unsigned) functionality of GetCACert. Client receiving such responses MUST ignored them. GetNextCACert depends on a 'flag moment' at which every client in the PKI infrastructure switches from the current CA certificate (and client certificate) to the new CA certificate and client certificates. Proper monitoring of the network infrastructure can ensure that this will proceed as expected but any errors in processing or implementation can result in a failure of the PKI infrastructure. 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version 1.5", RFC 2315, March 1998. [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998. Pritikin, et al. Expires June 3, 2010 [Page 35] Internet-Draft SCEP November 2009 [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object Classes and Attribute Types Version 2.0", RFC 2985, November 2000. [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification Request Syntax Specification Version 1.7", RFC 2986, November 2000. [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, "Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)", RFC 4210, September 2005. [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005. [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006. [RFC4945] Korver, B., "The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007. [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS (CMC)", RFC 5272, June 2008. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. Appendix A. Private OID Definitions The OIDs used in SCEP are VeriSign self-maintained OIDs. +-------------------+-----------------------------------------------+ | Name | ASN.1 Definition | +-------------------+-----------------------------------------------+ | id-VeriSign | OBJECT_IDENTIFIER ::= {2 16 US(840) 1 | | | VeriSign(113733)} | | id-pki | OBJECT_IDENTIFIER ::= {id-VeriSign pki(1)} | | id-attributes | OBJECT_IDENTIFIER ::= {id-pki attributes(9)} | | id-messageType | OBJECT_IDENTIFIER ::= {id-attributes | | | messageType(2)} | | id-pkiStatus | OBJECT_IDENTIFIER ::= {id-attributes | | | pkiStatus(3)} | | id-failInfo | OBJECT_IDENTIFIER ::= {id-attributes | | | failInfo(4)} | Pritikin, et al. Expires June 3, 2010 [Page 36] Internet-Draft SCEP November 2009 | id-senderNonce | OBJECT_IDENTIFIER ::= {id-attributes | | | senderNonce(5)} | | id-recipientNonce | OBJECT_IDENTIFIER ::= {id-attributes | | | recipientNonce(6)} | | id-transId | OBJECT_IDENTIFIER ::= {id-attributes | | | transId(7)} | | id-extensionReq | OBJECT_IDENTIFIER ::= {id-attributes | | | extensionReq(8)} | +-------------------+-----------------------------------------------+ Appendix B. SCEP State Transitions SCEP state transitions are indexed by the transactionID attribute. The design goal is to ensure the synchronization between the CA and the requester under various error situations. Each enrollment transaction is uniquely associated with a transaction identifier (carried in the transactionID signed attribute (see Section 3.1.1.1). Because the enrollment transaction could be interrupted by various errors, including network connection errors or client reboot, the SCEP client generates a transaction identifier by calculating a hash on the public key value for which the enrollment is requested. This retains the same transaction identifier throughout the enrollment transaction, even if the client has rebooted or timed out, and issues a new enrollment request for the same key pair. It also provides the way for a CA to uniquely identify a transaction in its database. At the requester side, it generates a transaction identifier which is included in PKCSReq. If the CA returns a response of PENDING, the requester will poll by periodically sending out GetCertInitial with the same transaction identifier until either a response other than PENDING is obtained, or the configured maximum time has elapsed. If the client times out or the client reboots, the client administrator will start another enrollment transaction with the same key pair. The second enrollment will have the same transaction identifier. At the server side, instead of accepting the PKCSReq as a new enrollment request, it should respond as if another GetCertInitial message had been sent with that transaction ID. The second PKCSReq should be taken as a resynchronization message to allow the enrollment to resume as the same transaction. It is important to keep the transaction ID unique since SCEP requires the same policy and same identity be applied to the same subject name and key pair binding. In the current implementation, an SCEP client can only assume one identity. At any time, only one key pair, with a given key usage, can be associated with the same identity. Pritikin, et al. Expires June 3, 2010 [Page 37] Internet-Draft SCEP November 2009 The following gives several examples of client to CA transactions. Client actions are indicated in the left column, CA actions are indicated in the right column. A blank action signifies that no message was received. The first transaction, for example, would read like this: "Client Sends PKCSReq message with transaction ID 1 to the CA. The CA signs the certificate and constructs a CertRep Message containing the signed certificate with a transaction ID 1. The client receives the message and installs the certificate locally." Successful Enrollment Case: no manual authentication PKCSReq (1) ----------> CA Signs Cert Client Installs Cert <---------- CertRep (1) SIGNED CERT Successful Enrollment Case: manual authentication required PKCSReq (10) ----------> Cert Request goes into Queue Client Polls <---------- CertRep (10) PENDING GetCertInitial (10) ----------> Still pending Client Polls <---------- CertRep (10) PENDING GetCertInitial (10) ----------> Still pending Client Polls <---------- CertRep (10) PENDING GetCertInitial (10) ----------> Still pending Client Polls <---------- CertRep (10) PENDING GetCertInitial (10) ----------> Cert has been signed <---------- CertRep (10) SIGNED CERT Client Installs Cert Resync Case 1 - CA Receives PKCSReq, sends PENDING, eventually grants the certificate and returns SUCCESS, with the certificate. The SUCCESS gets lost: PKCSReq (3) ----------> Cert Request goes into queue <---------- CertRep (3) PENDING GetCertInitial (3) ----------> Still pending <---------- CertRep (3) PENDING GetCertInitial (3) -----------> Cert has been signed X-------- CertRep(3) SIGNED CERT (Time Out) PKCSReq (3) ----------> Cert already granted <---------- CertRep (3) SIGNED CERT Client Installs Cert Pritikin, et al. Expires June 3, 2010 [Page 38] Internet-Draft SCEP November 2009 Resync Case 2 - CA Receives PKCSReq, sends PENDING, PENDING reply gets lost: PKCSReq (3) ----------> Cert Request goes into queue X-------- CertRep (3) PENDING (Time Out) PKCSReq (3) ----------> <---------- CertRep (3) PENDING etc... Case when the Certificate is lost, the CA arbitrarily refuses to sign a replacement (enforcing name-uniqueness) until the original certificate has been revoked (there is no change of name information): PKCSReq (4) ----------> CA Signs Cert <---------- CertRep (4) SIGNED CERT Client Installs Cert (Client looses Cert) PKCSReq (5) ----------> There is already a valid cert with this DN. <---------- CertRep (5) BAD REQUEST Admin Revokes PKCSReq (5) ----------> CA Signs Cert <---------- CertRep (5) SIGNED CERT Client Installs Cert Appendix C. CA Capabilities C.1. GetCACaps HTTP Message Format "GET" CGI-PATH CGI-PROG "?operation=GetCACaps" "&message=" CA-IDENT This message requests capabilities from CA. The response is a list of text capabilities, as defined in Appendix C.2. Support for this message is OPTIONAL, but if it is not supported, the client SHOULD assume that none of the capabilities in Appendix C.2 are supported. C.2. CA Capabilities Response Format The response for a GetCACaps message is a list of CA capabilities, in plain text, separated by characters, as follows (quotation marks are NOT sent): Pritikin, et al. Expires June 3, 2010 [Page 39] Internet-Draft SCEP November 2009 +--------------------+----------------------------------------------+ | Keyword | Description | +--------------------+----------------------------------------------+ | "GetNextCACert" | CA Supports the GetNextCACert message. | | "POSTPKIOperation" | PKIOPeration messages may be sent via HTTP | | | POST. | | "Renewal" | Clients may use current certificate and key | | | to authenticate an enrollment request for a | | | new certificate. | | "SHA-512" | CA Supports the SHA-512 hashing algorithm in | | | signatures and fingerprints. | | "SHA-256" | CA Supports the SHA-256 hashing algorithm in | | | signatures and fingerprints. | | "SHA-1" | CA Supports the SHA-1 hashing algorithm in | | | signatures and fingerprints. | | "DES3" | CA Supports triple-DES for encryption. | +--------------------+----------------------------------------------+ The client SHOULD use SHA-1, SHA-256, or SHA-512 in preference to MD5 hashing if it is supported by the CA. A client MUST be able to accept and ignore any unknown keywords that might be sent back by a CA. If none of the above capabilities are supported by the CA, a server SHOULD return an empty message. A server MAY simply return an HTTP error. The Content-type of the reply SHOULD be "text/plain". Clients SHOULD ignore the Content-type, as older server implementations of SCEP may send various Content-types. Example: GET /cgi-bin/pkiclient.exe?operation=GetCACaps&message=myca might return: GetNextCACertPOSTPKIOperation This means that the CA supports the GetNextCACert message and allows PKIOperation messages (PKCSreq, GetCert, GetCertInitial, ...) to be sent using HTTP POST. Appendix D. Client Certificate Renewal An enrollment request that occurs more than halfway through the validity period of an existing certificate for the same subject name and key usage MAY be interpreted as a re-enrollment or renewal Pritikin, et al. Expires June 3, 2010 [Page 40] Internet-Draft SCEP November 2009 request and be accepted. A new certificate with new validity dates may be issued, even though the old one is still valid, if the CA policy permits. The server MAY automatically revoke the old client certificate. Clients MUST use GetCACaps (see Appendix C) to determine if the CA supports renewal. Clients MUST support servers that do not implement renewal, or that reject renewal requests. To renew a client certificate, the client uses the PKCSreq message and signs it with the existing client certificate. The client SHOULD use a new keypair when requesting a new certificate. The client MAY request a new certicate using the old keypair. Appendix E. CA Key Rollover When the CA certificate expires all certificates that have been signed by it are no longer valid. CA key rollover provides a mechanism by which the server MAY distribute a new CA certificate which is valid in the future; when the current certificate has expired. Clients MUST use GetCACaps (see Appendix C) to determine if the CA supports GetNextCACert. To obtain the new CA certificate prior to the expiration of the current one, the client uses the GetNextCACert message. To obtain a new client certificate signed by the new CA certificate, use the new CA or RA certificate in the PKCSreq message envelope. Clients MUST store the not-yet-valid CA certificate, and any not-yet- valid client certificates obitained, until such time that they are valid. At which point clients switch over to using the newly valid certificates. Example: GetNextCACert ----------> <---------- New CA certificate PKCSReq* ----------> CA Signs certificate with NEW key Client Stores Cert <---------- CertRep - Certificate issued for installation when from NEW CA certificate and key pair existing cert expires. *enveloped for new CA or RA cert and key pair. The CA will use the envelope to determine which key and certificate to use to issue the client certificate. Pritikin, et al. Expires June 3, 2010 [Page 41] Internet-Draft SCEP November 2009 Appendix F. PKIOperation via HTTP POST Message If the remote CA supports it, any of the PKCS#7 [RFC2315]-encoded SCEP messages may be sent via HTTP POST instead of HTTP GET. This is allowed for any SCEP message except GetCACert, GetNextCACert, or GetCACaps. In this form of the message, Base 64 encoding is not used. POST /cgi-bin/pkiclient.exe?operation=PKIOperation HTTP/1.0 Content-Length: General POST Syntax The client can verify that the CA supports SCEP messages via POST by looking for the "POSTPKIOperation" capability (See Appendix C). Authors' Addresses Max Pritikin (editor) Cisco Systems, Inc Email: pritikin@cisco.com Andrew Nourse Cisco Systems, Inc Email: nourse@cisco.com Jan Vilhuber Cisco Systems, Inc Email: vilhuber@cisco.com Pritikin, et al. Expires June 3, 2010 [Page 42]