White Paper Certificate and Trust Management Requirements for Certificates and Trust Relationships
Total Page:16
File Type:pdf, Size:1020Kb
White Paper Certificate and Trust Management Requirements for certificates and trust relationships Version: 1.0 Last revised: 2010-11-12 Classification: öffentlich/public E – M A I L S E C U R I T Y - CERTIFIC ATE AND TRUST MANAGEMENT Table of contents Introduction ............................................................................................................................. 4 Initial context ............................................................................................................................. 4 General principles of the document ............................................................................... 5 Roles and responsibilities in secure e-mail communication ............................................ 6 Sender’s side ............................................................................................................................ 7 Sender .................................................................................................................. 7 E-mail infrastructure manager ................................................................................. 7 Recipient’s side ......................................................................................................................... 8 E-mail infrastructure manager ................................................................................. 8 Addressee ............................................................................................................ 8 Trust management ................................................................................................................... 8 Use cases ...................................................................................................................................... 9 Requirements for using STARTTLS .............................................................................. 9 Transport encryption with opportunistic STARTTLS ................................................. 9 Transport encryption with mandatory STARTTLS .................................................. 10 Content encryption ........................................................................................................... 11 Requirements for using an mail transfer agent .................................................... 11 Domain certificates .......................................................................................... 11 Certificates based on personal e-mail addresses ................................................ 12 Requirements for using “end-to-X” solutions .................................................................. 13 Requirements for end-to-end use ............................................................................. 13 Requirements for interim communication ................................................................ 13 VERSION 1.0 P A G E 2 E – M A I L S E C U R I T Y - CERTIFICATE AND TRUST MANAGEMENT Certificate management ...................................................................................................... 14 Requirements for certificates .................................................................................... 14 Identification of the requester .............................................................................. 14 Securing transport of the key to the requester ................................................... 15 Physical storage of the private key ........................................................................... 16 Life-cycle ............................................................................................................... 16 Summary of requirements for certificates ............................................................ 16 Recommendations for implementation ........................................................................ 17 Trust management .................................................................................................................... 19 Roles and tasks .................................................................................................................... 19 Trust managers ................................................................................................................. 19 Trust center .................................................................................................................................................. 21 Annex .................................................................................................................................... 22 List of authors ......................................................................................................................... 22 Document and version history ...................................................................................... 22 P A G E 3 VERSION 1.0 E – M A I L S E C U R I T Y - CERTIFICATE AND TRUST MANAGEMENT Introduction Initial context This document is one of a series of white papers prepared by the Working Group “E-Mail Security” of the IT-ABC. For references, the glossary and additional material, please see the main document “E-Mail Security” [W1]. Simply implementing encryption solutions is not sufficient to make communication secure. The core element is the management and provision of the certificates that are necessary when encryption solutions are applied. Such certificates must be available as needed and easy to use if they are to gain wide acceptance among users and ultimately bring about a high level of security. In the past, the necessary certificate and trust management was often left to the individual user. This frequently led to a lack of acceptance and to security loopholes relating to the quality of the certificates, encryption itself, and the validation of the certificates. In the case of server-based solutions, the same deficits are seen regarding trust in the default settings of various products. These default settings include permissible key lengths and algorithms, and certification authorities predefined as trusted. An example of this would be the use of STARTTLS in opportunistic mode. This mode is frequently accredited with better properties that, however, apply only if STARTTLS is used in a secure high-grade ciphers mandatory mode. This would include the following: ■ trusting self-signed certificates only after validation, ■ unencrypted transmission is not used as fallback solution [W3], ■ restriction to recognized algorithms and key lengths [W1]. In addition, requirements and processes have to be defined for: ■ providing certificates, ■ validation and maintenance of certificates pursuant to defined standards (trust management), ■ configuration and maintenance of policy settings. VERSION 1.0 PAGE 4 E – M A I L S E C U R I T Y - CERTIFICATE AND TRUST MANAGEMENT General principles of the document The term “CA” (certification authority) is used both in a hierarchical X.509 PKI (Public Key Infrastructure) and in a PGP PKI. The management of PGP keys is subject to the same quality requirements in respect of key lengths and algorithms as those for X.509 certificates. To reflect a hierarchical structure that exists only indirectly within the PGP web of trust (similar to an X.509 PKI), it is recommended that the PGP keys of individual users should be signed either with a PGP company key or by a recognized PGP CA. In the following, X.509 certificates and PGP keys will generally be called certificates. P A G E 5 VERSION 1 .0 E – M A I L S E C U R I T Y - CERTIFICATE AND TRUST MANAGEMENT Roles and responsibilities in secure e-mail communication A number of roles and assigned responsibilities are necessary to guarantee secure e-mail transmission. Figure: Schematic diagram of stages in secure e-mail transmission Legend: Green: Path the e-mail takes during secure transmission Red: Control information necessary for secure transmission Sender Addressee Classification addressee@domain Text/data Certificate VERSION 1.0 P A G E 6 E – M A I L S E C U R I T Y - CERTIFICATE AND TRUST MANAGEMENT Sender’s side Sender The sender is responsible for: ■ selecting the right e-mail address of the addressee, ■ classifying the e-mail correctly in accordance with its content. With the correct control information, the e-mail infrastructure manager is enabled to deliver the information to the correct addressee, and to recognize whether encryption is necessary and if so, which certificate material should be used. Please note: before confidential information is exchanged, the parties involved should agree on how to handle it, based on an information classification and a non-disclosure agreement (NDA). E-mail infrastructure manager The e-mail infrastructure must be set up by the manager so that it performs the following tasks reliably: receiving e-mails from the sender via a secure connection, implementing measures in accordance with the classification and other guidelines (e.g. domains for which traffic must generally be encrypted), using the correct certificate when traffic is encrypted, protecting e-mail from unauthorized access, providing the required secure e-mail transmission path between the sender’s infrastructure and the recipient’s infrastructure. Appropriate measures should be implemented based on the control information. This includes obtaining the necessary certificates of the addressee and obtaining, managing and supplying one’s own certificates (certificate management). Here special attention should to be paid to the trustworthiness, validity and quality of the certificates