ATIS - 1000080
Signature-based Handling of Asserted information using toKENs (SHAKEN): Governance Model and Certificate Management
|Publication Date:||1 October 2021|
This document expands the ATIS-1000074, Signature-based Handling of Asserted Information using Tokens (SHAKEN) [Ref 1], framework, introducing a governance model and defining certificate management procedures for Secure Telephone Identity (STI) technologies. The certificate management procedures identify the functional entities and protocols involved in the distribution and management of STI Certificates. The governance model identifies functional entities that have the responsibility to establish policies and procedures to ensure that only authorized entities are allowed to administer digital certificates within Voice over Internet Protocol (VoIP) networks. However, the details of these functional entities in terms of regulatory control and who establishes and manages those entities are outside the scope of this document.
This document introduces a governance model, certificate management architecture, and related protocols to the SHAKEN framework ATIS-1000074 [Ref 1]. The governance model defines recommended roles and relationships, such that the determination of who is authorized to administer and use digital certificates in VoIP networks can be established. This model includes sufficient flexibility to allow specific regulatory requirements to be implemented and evolved over time, minimizing dependencies on the underlying mechanisms for certificate management. The certificate management architecture is based on the definition of roles similar to those defined in Internet Engineering Task Force (IETF) RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile [Ref 11]. Per the SHAKEN framework, the certificates themselves are based on X.509 with specific policy extensions based on RFC 8226, Secure Telephone Identity Credentials: Certificates [Ref 20]. The objective of this document is to provide recommendations and requirements for implementing the protocols and procedures for certificate management within the SHAKEN framework.