diff --git a/CP-CPS.md b/CP-CPS.md index 0474733..d1cdd90 100644 --- a/CP-CPS.md +++ b/CP-CPS.md @@ -988,54 +988,115 @@ See [Section 5.5.5](#555-requirements-for-time-stamping-of-records). ## 7.1 Certificate profile -All fields are as specified in RFC 5280 and the Baseline Requirements, including fields and extensions not specifically mentioned. - -### Root CA Certificate - -| Field or extension | Value | -| ------------------------------ | ------------------------------------------------------------------------| -| Serial Number | Unique, with 64 bits of output from a CSPRNG | -| Issuer Distinguished Name | C=US, O=Internet Security Research Group or O=ISRG, and a meaningful CN | -| Subject Distinguished Name | Same as Issuer DN | -| Validity Period | Up to 25 years | -| Basic Constraints | cA=True, pathLength constraint absent (critical) | -| Subject Public Key | See Sections 6.1.5, 6.1.6, and 7.1.3.1 | -| Key Usage | keyCertSign, cRLSign (critical) | - -### Subordinate CA Certificate - -| Field or extension | Value | -| ------------------------------ | ----------------------------------------------------------------------------- | -| Serial Number | Unique, with 64 bits of output from a CSPRNG | -| Issuer Distinguished Name | Derived from Issuer certificate | -| Subject Distinguished Name | C=US, O=Let's Encrypt, and a meaningful CN | -| Validity Period | Up to 8 years | -| Basic Constraints | cA=True, pathLength constraint 0 (critical) | -| Key Usage | keyCertSign, cRLSign, digitalSignature (critical) | -| Extended Key Usage | TLS Server Authentication and optionally TLS Client Authentication | -| Certificate Policies | CAB Forum Domain Validated (2.23.140.1.2.1) | -| Authority Information Access | Contains CA Issuers URL and optionally an OCSP URL; URLs vary based on Issuer | -| Subject Public Key | See Sections 6.1.5, 6.1.6, and 7.1.3.1 | -| CRL Distribution Points | Contains a CRL URL; URL varies based on Issuer | - -### DV-SSL Subscriber Certificate - -| Field or extension | Value | -| --------------------------------- | --------------------------------------------------------------------------------- | -| Serial Number | Unique, with 64 bits of output from a CSPRNG | -| Issuer Distinguished Name | Derived from Issuer certificate | -| Subject Distinguished Name | CN=none, or one of the values from the Subject Alternative Name extension | -| Validity Period | Up to 100 days | -| Basic Constraints | cA=False (critical) | -| Key Usage | digitalSignature, and optionally keyEncipherment (critical) | -| Extended Key Usage | TLS Server Authentication and optionally TLS Client Authentication | -| Certificate Policies | CAB Forum Domain Validated (2.23.140.1.2.1) | -| Authority Information Access | Contains CA Issuers URL and optionally an OCSP URL; URLs vary based on Issuer | -| Subject Public Key | See Sections 6.1.5, 6.1.6, and 7.1.3.1 | -| Subject Alternative Name | A sequence of 1 to 100 dNSNames or ipAddresses (critical if no CN) | -| Precertificate poison | Per RFC 6962 (precertificates only, critical) | -| Signed Certificate Timestamp List | Per RFC 6962 (final certificates only) | -| CRL Distribution Point | If present, contains a URI to the CRL shard whose scope includes this certificate | +All certificates issued by ISRG are issued in accordance with exactly one of the following profiles. + +### Root CA Certificate Profile + +| **Field** | **Description** | +| ---- | ------ | +| `tbsCertificate` | | +|     `version` | See [Section 7.1.1](#711-version-numbers) | +|     `serialNumber` | Approximately 128 bits, including at least 64 bits of output from a CSPRNG | +|     `signature` | See [Section 7.1.3.2](#7132-signature-algorithmidentifier) | +|     `issuer` | Byte-for-byte identical to the `subject` field | +|     `validity` | At most 9132 days | +|     `subject` | C=US, O=ISRG, and a unique CN | +|     `subjectPublicKeyInfo` | See Sections [6.1.5](#615-key-sizes), [6.1.6](#616-public-key-parameters-generation-and-quality-checking), and [7.1.3.1](#7131-subjectpublickeyinfo) | +|     `issuerUniqueID` | Not present | +|     `subjectUniqueID` | Not present | +|     `extensions` | | +|         `basicConstraints` | Critical, with `cA` set to true | +|         `keyUsage` | Critical, with the `keyCertSign` (5) and `cRLSign` (6) bits set | +|         `subjectKeyIdentifier` | Contains a truncated hash of the `subjectPublicKey`, per Section 2(1) of RFC 7093 | +|         Any other extension | Not present | +| `signatureAlgorithm` | Byte-for-byte identical to the `tbsCertificate.signature` | +| `signatureValue` | A signature appropriate to the `signatureAlgorithm` field | + +### Cross-Certified Subordinate CA Certificate Profile + +| **Field** | **Description** | +| ---- | ------ | +| `tbsCertificate` | | +|     `version` | See [Section 7.1.1](#711-version-numbers) | +|     `serialNumber` | Approximately 128 bits, including at least 64 bits of output from a CSPRNG | +|     `signature` | See [Section 7.1.3.2](#7132-signature-algorithmidentifier) | +|     `issuer` | Byte-for-byte identical to the `subject` field of the Issuing CA | +|     `validity` | At most 8 years | +|     `subject` | Byte-for-byte identical to the `subject` field of the existing CA Certificate | +|     `subjectPublicKeyInfo` | See Sections [6.1.5](#615-key-sizes), [6.1.6](#616-public-key-parameters-generation-and-quality-checking), and [7.1.3.1](#7131-subjectpublickeyinfo) | +|     `issuerUniqueID` | Not present | +|     `subjectUniqueID` | Not present | +|     `extensions` | | +|         `authorityInformationAccess` | Contains the HTTP URI of the Issuing CA's Certificate | +|         `authorityKeyIdentifier` | Byte-for-byte identical to the `subjectKeyIdentifier` of the Issuing CA | +|         `basicConstraints` | Critical, with `cA` set to true | +|         `certificatePolicies` | Contains the Baseline Requirements Domain Validated Reserved Policy Identifier (OID 2.23.140.1.2.1) | +|         `crlDistributionPoints` | Contains the HTTP URI of a CRL issued by the Issuing CA | +|         `keyUsage` | Critical, with the `keyCertSign` (5) and `cRLSign` (6) bits set | +|         `subjectKeyIdentifier` | Byte-for-byte identical to the `subjectKeyIdentifier` of the existing CA Certificate | +|         Any other extension | Not present | +| `signatureAlgorithm` | Byte-for-byte identical to the `tbsCertificate.signature` | +| `signatureValue` | A signature appropriate to the `signatureAlgorithm` field | + +### TLS Subordinate CA Certificate Profile + +| **Field** | **Description** | +| ---- | ------ | +| `tbsCertificate` | | +|     `version` | See [Section 7.1.1](#711-version-numbers) | +|     `serialNumber` | Approximately 128 bits, including at least 64 bits of output from a CSPRNG | +|     `signature` | See [Section 7.1.3.2](#7132-signature-algorithmidentifier) | +|     `issuer` | Byte-for-byte identical to the `subject` field of the Issuing CA | +|     `validity` | At most 8 years | +|     `subject` | C=US, O=Let's Encrypt, and a unique CN | +|     `subjectPublicKeyInfo` | See Sections [6.1.5](#615-key-sizes), [6.1.6](#616-public-key-parameters-generation-and-quality-checking), and [7.1.3.1](#7131-subjectpublickeyinfo) | +|     `issuerUniqueID` | Not present | +|     `subjectUniqueID` | Not present | +|     `extensions` | | +|         `authorityInformationAccess` | Contains the HTTP URI of the Issuing CA's Certificate | +|         `authorityKeyIdentifier` | Byte-for-byte identical to the `subjectKeyIdentifier` of the Issuing CA | +|         `basicConstraints` | Critical, with `cA` set to true and `pathLenConstraint` set to 0 | +|         `certificatePolicies` | Contains the Baseline Requirements Domain Validated Reserved Policy Identifier (OID 2.23.140.1.2.1) | +|         `crlDistributionPoints` | Contains the HTTP URI of a CRL issued by the Issuing CA | +|         `extKeyUsage` | Contains `id-kp-serverAuth` (OID 1.3.6.1.5.5.7.3.1) | +|         `keyUsage` | Critical, with the `digitalSignature` (0), `keyCertSign` (5), and `cRLSign` (6) bits set | +|         `subjectKeyIdentifier` | Contains a truncated hash of the `subjectPublicKey`, per Section 2(1) of RFC 7093 | +|         Any other extension | Not present | +| `signatureAlgorithm` | Byte-for-byte identical to the `tbsCertificate.signature` | +| `signatureValue` | A signature appropriate to the `signatureAlgorithm` field | + +### Subscriber (Server) Certificate Profile + +| **Field** | **Description** | +| ---- | ------ | +| `tbsCertificate` | | +|     `version` | See [Section 7.1.1](#711-version-numbers) | +|     `serialNumber` | Approximately 144 bits, including at least 64 bits of output from a CSPRNG | +|     `signature` | See [Section 7.1.3.2](#7132-signature-algorithmidentifier) | +|     `issuer` | Byte-for-byte identical to the `subject` field of the Issuing CA | +|     `validity` | At most 100 days | +|     `subject` | CN omitted, or optionally contains one of the values from the Subject Alternative Name extension | +|     `subjectPublicKeyInfo` | See Sections [6.1.5](#615-key-sizes), [6.1.6](#616-public-key-parameters-generation-and-quality-checking), and [7.1.3.1](#7131-subjectpublickeyinfo) | +|     `issuerUniqueID` | Not present | +|     `subjectUniqueID` | Not present | +|     `extensions` | | +|         `authorityInformationAccess` | Contains the HTTP URI of the Issuing CA's Certificate | +|         `authorityKeyIdentifier` | Byte-for-byte identical to the `subjectKeyIdentifier` of the Issuing CA | +|         `basicConstraints` | Critical, with `cA` set to false | +|         `certificatePolicies` | Contains the Baseline Requirements Domain Validated Reserved Policy Identifier (OID 2.23.140.1.2.1) | +|         `crlDistributionPoints` | Contains the HTTP URI of a CRL issued by the Issuing CA | +|         `extKeyUsage` | Contains `id-kp-serverAuth` (OID 1.3.6.1.5.5.7.3.1), and optionally `id-kp-clientAuth` (OID 1.3.6.1.5.5.7.3.2) | +|         `keyUsage` | Critical, with the `digitalSignature` (0) bit set, and optionally the `keyEnciperment` (2) bit set | +|         `SignedCertificateTimestampList` | Contains at least two SCTs from logs run by different operators | +|         `subjectAltName` | A sequence of 1 to 100 names of type `dNSName` or `ipAddress` (critical if CN omitted) | +|         `subjectKeyIdentifier` | Optionally contains a truncated hash of the `subjectPublicKey`, per Section 2(1) of RFC 7093 | +|         Any other extension | Not present | +| `signatureAlgorithm` | Byte-for-byte identical to the `tbsCertificate.signature` | +| `signatureValue` | A signature appropriate to the `signatureAlgorithm` field | + +### Precertificate Profile + +Identical to the Subscriber (Server) Certificate Profile, except that the `SignedCertificateTimestampList` extension is omitted, and a critical "CT poison" extension (OID 1.3.6.1.4.1.11129.2.4.3) is included. ISRG Precertificates are issued directly by the Issuing CA, not by a delegated Precertificate Signing CA. ### 7.1.1 Version number(s)