5.1.9 Security Consideration Citations

Implementers of this protocol should be aware of the following security considerations:

  • A secure communications channel should exist between the client and server that might require an out-of-band trust initialization process, such as DCOM (as specified in [MS-DCOM]) or TLS (as specified in [RFC2246]).

  • A client or server should follow generally accepted principles of secure key management, as specified in [RFC3280] section 9. For an introduction to these generally accepted principles, see [SCHNEIER] and [HOWARD].

  • A client or server should not archive or escrow a signing key. Details are specified in [RFC2797] section 9.

  • Clients should verify the public key of the server prior to submission of a private key for archival or escrow. Details are specified in [RFC2797] section 9.

  • Certificate enrollment clients and CAs that support the Diffie-Hellman algorithm for the certificate's key pair should validate cryptographic parameters prior to issuing or accepting certificates. Details are specified in [RFC2785]. Windows enrollment clients and CAs do not support Diffie-Hellman in the certificate requests.

  • A CA and RA should take care to validate the binding of a client identity to a public key. Details are specified in [RFC3280] section 9. An introduction on CA practices of binding an identity to a public key is specified in [RFC2527].

  • A client and server should validate and verify certificate path information, as specified in [RFC3280] section 6. Details about the requirement for certificate path validation are specified in [RFC3280] section 9.

  • A client and server should validate and verify the freshness of revocation information of all digital certificates prior to usage, trust, or encryption, as specified in [RFC3280] section 6.3. Details about the requirement for revocation freshness are specified in [RFC3280] section 9.

  • A CA must encode the DN in the subject field of a CA certificate identically to the DN in the issuer field in certificates issued by that CA. Details are specified in [RFC3280] section 9.

  • A client or server should follow all security considerations discussed throughout [RFC3852] and [RFC2986], as neither normative reference has a specific security section.

  • A client and server should use an authentication session between client and server to mitigate DOS attacks, as specified in [MS-DCOM]. For more information on generic DOS mitigation techniques, see [HOWARD].

  • A client and server should consider security issues regarding PKI or certificate repositories. For example, security considerations regarding LDAP repositories are as specified in [RFC2559] section 10.