FirmaSAT On-line Validator
Servicio de Administración Tributaria (SAT) Mexico; Comprobante Fiscal Digital por Internet (CFDI) versions and ; Timbre Fiscal Digital may do other checks that we do not do, like checking dates and RFC numbers. Status of This Memo This document specifies an Internet standards track protocol RFC PKIX Certificate and CRL Profile May Table of Contents 1. The field is represented as a SEQUENCE of two dates: the date on which the. A Digital Fiscal Document through Internet (CFDI or Comprobante Fiscal Digital por Egreso for nota de crédito (credit note); Traslado for carta de porte (waybill) UUID, client generated seal (SelloCFD), date and time (FechaTimbrado) and The RFC element is required according to both the CFD and CFDI XSDs. Serie.
The initial version number for certificates used in PEM is the X. An issuer must ensure that no two distinct certificates with the same issuer DN contain the same serial number. The serial number is used in CRLs to identify revoked certificates, as described in Section 3. Although this attribute is an integer, PEM UA processing of this attribute need not involve any arithmetic operations.
All PEM UA implementations must be capable of processing serial numbers at least bits in length, and size-independent support serial numbers is encouraged. The certificate signature is appended to the data structure, as defined by the signature macro in X. This algorithm identification information is replicated with the signature.
In this context, a signature is effected through the use of a Certificate Integrity Check CIC algorithm and a public-key encryption algorithm. RFC contains the definitions and algorithm IDs for signature algorithms employed in this architecture. The fundamental binding ensured by the key management architecture is that between the public component and the user's identity in this form.
A distinguished name is an X. Users who are not registered in a directory should keep in mind likely directory naming structure schema when selecting a distinguished name for inclusion in a certificate. The issuer identification is used to select the appropriate issuer public component to employ in performing certificate validation.
If an issuer CA is certified by multiple PCAs, then the issuer DN does not uniquely identify the public component used to sign the certificate.
In such circumstances it may be necessary to attempt certificate validation using multiple public components, from certificates held by the issuer under different PCAs. If the version of a certificate is employed, the issuer may employ distinct issuer UIDs in the certificates it issues, to further facilitate selection of the right issuer public component. The duration of the interval may be constant for all user certificates issued by a given CA or it might differ based on the nature of the user's affiliation.
For example, an organization might issue certificates with shorter intervals to temporary employees versus permanent employees. It is recommended that the UTCT Coordinated Universal Time values recorded here specify granularity to no more than the minute, even though finer granularity can be expressed in the format.
For example, a UTCT value which includes explict, zero values for seconds would not produce the same hash value as one in which the seconds were omitted. It also recommended that all times be expressed as Greenwich Mean Time Zuluto simplify comparisons and avoid confusion relating to daylight savings time. Note that UTCT expresses the value of a year modulo with no indication of centuryhence comparisons involving dates in different centuries must be performed with care.
The longer the interval, the greater the likelihood that compromise of a private component or name change will render it invalid and thus require that the certificate be revoked. Once revoked, the certificate must remain on the issuer's CRL see Section 3. PCAs may impose restrictions on the maximum validity interval that may be elected by CAs operating in their certification domain see Appendix B.
This algorithm identifier is independent of that which is specified in the signature field described above. RFC specifies the algorithm identifiers which may be used in this context. The following sections identify four types of entities within this architecture: For each type of entity, this document specifies the procedures which the entity must execute as part of the architecture and the responsibilities the entity assumes as a function of its role in the architecture.
It is essential that the user take all available precautions to protect his private component as the secrecy of this value is central to the security offered by PEM to that user. For example, the private component might be stored in encrypted form, protected with a locally managed symmetric encryption key e.
The user would supply a password or passphrase which would be employed as a symmetric key to decrypt the private component when required for PEM processing either on a per message or per session basis. Alternatively, the private component might be stored on a diskette which would be inserted by the user whenever he originated or received PEM messages. Explicit zeroing of memory locations where this component transiently resides could provide further protection.
Other precautions, based on local operating system security facilities, also should be employed. It is recommended that each user employ ancillary software not otherwise associated with normal UA operation or hardware to generate his personal public-key component pair. Software for generating user component pairs will be available as part of the reference implementation of PEM distributed freely in the U. It is critically important that the component pair generation procedure be effected in as secure a fashion as possible, to ensure that the resulting private component is unpredictable.
Introduction of adequate randomness into the component pair generation procedure is potentially the most difficult aspect of this process and the user is advised to pay particular attention to this aspect.
Component pairs employed in public-key cryptosystems tend to be large integers which must be "randomly" selected subject to mathematical constraints imposed by the cryptosystem. Input s used to seed the component pair generation process must be as unpredictable as possible.
An example of a poor random number selection technique is one in which a pseudo-random number generator is seeded solely with the current date and time. An attacker who could determine approximately when a component pair was generated could easily regenerate candidate component pairs and compare the public component to the user's public component to detect when the corresponding private component had been found.
Kent [Page 10] RFC Certificate-Based Key Management February There is no requirement imposed by this architecture that anyone other than the user, including any certification authority, have access to the user's private component. Thus a user may retain his component pair even if his certificate changes, e.
Even if a user is issued a certificate in the context of his employment, there is generally no requirement that the employer have access to the user's private component. The rationale is that any messages signed by the user are verifiable using his public component. In the event that the corresponding private component becomes unavailable, any ENCRYPTED messages directed to the user would be indecipherable and would require retransmission.
Alternatively, these transformed messages might be forwarded in ENCRYPTED form to a trivial distribution list which serves in a backup capacity and for which the user's employer holds the private component. A user may possess multiple certificates which may embody the same or different public components. For example, these certificates might represent a current and a former organizational user identity and a residential user identity.
It is recommended that a PEM UA be capable of supporting a user who possess multiple certificates, irrespective of whether the certificates associated with the user contain the same or different DNs or public components. In general a user must provide, at a minimum, his public component and distinguished name to a CA, or a representative thereof, for inclusion in the user's certificate. The user also might provide a complete certificate, minus the signature, as described in RFC The CA will employ some means, specified by the CA in accordance with the policy of its PCA, to validate the user's claimed identity and to ensure that the public component provided is associated with the user whose distinguished name is to be bound into the certificate.
The certifying authority generates a certificate containing the user's distinguished name and public component, the authority's Kent [Page 11] RFC Certificate-Based Key Management February distinguished name and other information see Section 3.
However, proper maintenance of such a cache is critical to the correct, secure operation of a PEM UA and provides a basis for improved performance. Moreover, use of a cache permits a PEM UA to operate in the absence of directories and in circumstances where directories are inaccessible.
The following discussion provides a paradigm for one aspect of cache management, namely the processing of CRLs, the functional equivalent of which must be embodied in any PEM UA implementation compliant with this document. Access to this database will be provided through mailboxes maintained by each PCA. Thus the UA must include a configuration parameter which specifies one or more mailbox addresses from which CRLs may be retrieved.
Access to the CRL database may be automated, e. This message format also may be employed to support a "push" versus a "pull" model of CRL distribution, i. Any cache entries which match CRL entries should be marked as revoked, but it is not necessary to delete cache entries marked as revoked nor to delete subordinate entries.
In processing a CRL against the cache it is important to recall that certificate serial numbers are unique only for each issuer and that multiple, distinct CRLs may be issued under the same CA DN signed using different private componentsso care Kent [Page 12] RFC Certificate-Based Key Management February must be exercised in effecting this cache search.
Optimization for the transmitted originator certification path may be effected by a UA as a side effect of the processing performed during message submission. In the course of performing this validation the UA can determine the minimum set of certificates which must be included to ensure that all recipients can process the received message. The public component of the IPRA forms the foundation for all certificate validation within this hierarchy.
This policy, and the services provided by the IPRA, are detailed below. This document will be published as an informational RFC. This convention is adopted so that every Internet user has a reference point for determining the policies associated with the issuance of any certificate which he may encounter. The existence of a digitally signed copy of the document ensures the immutability of the document.
An outline for PCA policy statements is contained in Section 3. Each a PCA must specify its distinguished name. This requirement is important to the success of distributed management for the certification hierarchy. However, since PCAs are expected to certify organizational CAs in widely disjoint portions of the directory namespace, and since X.
This architecture allows multiple PCAs to certify residential CAs and thus multiple, distinct residential CAs with identical DNs may come into existence, at least until such time as civil authorities assume responsibilities for such certification. In support of the uniqueness requirement, the IPRA will establish and maintain a database to detect potential, unintended duplicate certification of CA distinguished names. This database will be made accessible to all PCAs via an email interface.
Each entry in this database will consist of a 4-tuple. The first element in each entry is a hash value, computed on a canonical, ASN.
The second element contains the subjectPublicKey that appears in the CA's certificate. The third element is the distinguished name of the PCA which registered the entry. The fourth element consists of the date and time at which the entry was made, as established by the IPRA. This database structure provides a degree of privacy for CAs registered by PCAs, while providing a facility for ensuring global uniqueness of CA DNs certified in this scheme. The database will return any entries which match the query, i.
- General Definitions
- The software
If no potential conflicts appear, a PCA can then submit a candidate entry, consisting of the first three element values, plus any entries returned by the query. The database will register this entry, supplying the time and date stamp, only if two conditions are met: If the database detects a conflicting entry failure of case 1 aboveor if the submission indicates that the PCA's perception of possible conflicting entries is not current failure of case 2the submission is rejected and the database will return the potential conflicting entry entries.
If the submission is successful, the database will return the timestamped new entry. The database does not, in itself, guarantee uniqueness of CA DNs as it allows for two DNs associated with different public components to be registered.
Rather, it is the responsibility of PCAs to coordinate with one another whenever the database indicates a potential DN conflict and to resolve such conflicts prior to certification of CAs. Details of the protocol used to access the database will be provided in another document. In such circumstances the certificate issued to the CA by each PCA will contain a different subjectPublicKey and thus will represent a different entry in this database. The same situation may arise if multiple, equivalent residential CAs are certified by different PCAs.
This ensures that certificates issued by a CA are syntactically constrained to refer to subordinate entities in the X. CAs may sign certificates which do not comply with this requirement if the certificates are "cross-certificates" or "reverse certificates" see X. The IPRA also will establish and maintain a separate database to detect potential duplicate certification of residential user distinguished names.
Each entry in this database will consist of 4- tuple as above, but the first components is the hash of a residential user DN and the third component is the DN of the residential CA DN which registered the user. This structure provides a degree of privacy for users registered by CAs which service residential users while providing a facility for ensuring global uniqueness of user DNs certified under this scheme. The same database access facilities are provided as described above for the CA database.
Here it is the responsibility of the CAs to coordinate whenever the database indicates a potential conflict and to resolve the conflict prior to residential user certification. The procedures employed to ensure the accuracy of a CA distinguished name, i. Part of this effort should include a check that the purported CA DN is consistent with any applicable national standards for DN assignment, e. PCAs will certify CAs, but not users. These conventions are required to allow simple certificate validation within PEM, as described later.
The attributes employed in constructing DNs will be specified in a list maintained by the IANA, to provide a coordinated basis for attribute identification for all applications employing DNs. This list will initially be populated with attributes taken from X. This document does not impose detailed restrictions on the attributes used to identify different entities to which certificates are issued, but PCAs may impose such restrictions as part of their policies.
PCAs, CAs and users are urged to employ only those DN attributes which have printable representations, to facilitate display and entry. The format for these CRLs is that specified in Section 3. In the absence of ubiquitous X. Some algorithms, Kent [Page 17] RFC Certificate-Based Key Management February employed for signing certificates and validating certificate signatures, are patented in some countries.
The IPRA will not grant a license to any PCA for the use of any signature algorithm in conjunction with the management of this certification hierarchy. Additional policy information may be contained in the statement, but PCAs are requested not to use these statements as advertising vehicles.
Definitions for Mexico
A postal address, an Internet mail address, and telephone and optional fax numbers must be provided for human contact with the PCA.
The date on which this statement is effective, and its scheduled duration must be specified. There is not a requirement that a single PCA serve only one type of CA, but if a PCA serves multiple types of CAs, the policy statement must specify clearly how a user can distinguish among these classes.
If any security requirements are imposed on CAs certified by the PCA these must be specified as well. A PCA also must specify what measures it will take to protect the privacy of any information collected in the course of certifying CAs. Certification Policy- Each PCA must specify the policy and procedures which govern its certification of CAs and how this policy applies transitively to entities users or subordinate CAs certified by these CAs.
Similarly, if any requirements are imposed on CAs to validate the identity of users, these requirements must be specified. Since all PCAs are required to cooperate in the resolution of potential DN conflicts, each PCA is required to specify the procedure it will employ to resolve such conflicts.
It also must specify any constraints it imposes on the frequency of scheduled issue of CRLs by the CAs it certifies, and by subordinate CAs. Both maximum and minimum constraints should be specified. If any semantics are associated with such conventions, these semantics must be specified. Business Issues- If a legal agreement must be executed between a PCA and the CAs it certifies, reference to that agreement must be noted, but the agreement itself ought not be a part of the policy statement.
Similarly, if any fees are charged by the PCA this should be noted, but the fee structure per se ought not be part of this policy statement. Other- Any other topics the PCA deems relevant to a statement of its policy can be included.
However, the PCA should be aware that a policy statement is considered to be an immutable, long lived document and thus considerable care should be exercised in deciding what material is to be included in the statement. Such conventions are established throughout this document.
El Registro Federal de Contribuyentes- RFC- by Guadalupe Nicolás on Prezi
All CAs are required to maintain a database of the DNs which they have certified and to take measures to ensure that they do not certify duplicate DNs, either for users or for subordinate CAs. It is critical that the private component of a CA be afforded a high level of security, otherwise the authenticity guarantee implied by certificates signed by the CA is voided. Some PCAs may impose stringent requirements on CAs within their purview to ensure that a high level of security is afforded the certificate signing process, but not all PCAs are expected to impose such constraints.
A wide range of organizations are encompassed by this model: The common thread is that the entities certified by these CAs have some form of affiliation with the organization. The object classes for organizations, organizational units, organizational persons, organizational roles, etc. The affiliation implied by organizational certification motivates the DN subordination requirement cited in Section 3.
As an example, an organizational user certificate might contain a subject DN of the form: The issuer of this certificate might have a DN of the form: Note that the organizational unit attribute is omitted from the issuer DN, implying that there is no CA dedicated to the "Communications Division". Over time we anticipate that such users will be accommodated by civil government entities who will assume electronic certification responsibility at geographically designated points in the naming hierarchy.
Until civil authorities are prepared to issue certificates of this form, residential user CAs will accommodate such users.
Because residential CAs may be operated under the auspices of multiple PCAs, there is a potential for the same residential CA DN to be assumed by several distinct entities.
This represents the one exception to the rule articulated throughout this document that no two entities may have the same DN. This conflict is tolerated so as to allow residential CAs to be established offering different policies. Two requirements are levied upon residential CAs as a result: As an example, a residential user certificate might include a subject name of the form: In this case the certifying authority is explicitly NOT vouching for the identity of the user.
To minimize the possibility of syntactic confusion with certificates which do purport to specify an authenticated user identity, a PERSONA certificate is issued as a form of organizational user certificate, not a residential user certificate. This profile does not assume the deployment of an X. The profile does not prohibit the use of an X. Acceptability Criteria The goal of the Internet Public Key Infrastructure PKI is to meet the needs of deterministic, automated identification, authentication, access control, and authorization functions.
Support for these services determines the attributes contained in the certificate as well as the ancillary control information in the certificate such as policy data and certification path constraints. User Expectations Users of the Internet PKI are people and processes who use client software and are the subjects named in certificates. This profile recognizes the limitations of the platforms these users Cooper, et al.
This manifests itself in minimal user configuration responsibility e. Providing administrators with unbounded choices increases the chances that a subtle CA administrator mistake will result in broad compromise. Also, unbounded choices greatly complicate the software that process and validate the certificates created by the CA.
Overview of Approach Following is a simplified view of the architectural model assumed by the Public-Key Infrastructure using X. The components in this model are: CAs are responsible for indicating the revocation status of the certificates that they issue. This confidence is obtained through the use of public key certificates, which are data structures that bind public key values to subjects. The binding is asserted by having a trusted CA digitally sign each certificate.
The CA may base this assertion upon technical means a. A certificate has a limited valid lifetime, which is indicated in its signed contents.
Because a certificate's signature and timeliness can be independently checked by a certificate-using client, certificates can be distributed via Cooper, et al. The certificate format in the standard is called the version 1 v1 format.
The experience gained in attempts to deploy RFC made it clear that the v1 and v2 certificate formats were deficient in several respects. Most importantly, more fields were needed to carry information that PEM design and implementation experience had proven necessary. The v3 format extends the v2 format by adding provision for additional extension fields.
Particular extension field types may be specified in standards or may be defined and registered by any organization or community. In Junestandardization of the basic v3 format was completed [ X. These extensions can convey such data as additional subject identification information, key attribute information, policy information, and certification path constraints.
In order to develop interoperable implementations of X. Environments with additional requirements may build on this profile or may replace it. Certification Paths and Trust A user of a security service requiring knowledge of a public key generally needs to obtain and validate a certificate containing the required public key. If the public key user does not already hold an assured copy of the public key of the CA that signed the certificate, the CA's name, and related information such as the validity period or name constraintsthen it might need an additional certificate to obtain that public key.
In general, a chain of multiple certificates Cooper, et al. Such chains, called certification paths, are required because a public key user is only initialized with a limited number of assured CA public keys.
There are different ways in which CAs might be configured in order for public key users to be able to find certification paths. There are three types of PEM certification authority: This authority, operated under the auspices of the Internet Society, acts as the root of the PEM certification hierarchy at level 1.
It issues certificates only for the next level of authorities, PCAs. All certification paths start with the IPRA. A PCA shall establish and publish a statement of its policy with respect to certifying users or subordinate certification authorities.
Distinct PCAs aim to satisfy different user needs. For example, one PCA an organizational PCA might support the general electronic mail needs of commercial organizations, and another PCA a high-assurance PCA might have a more stringent policy designed for satisfying legally binding digital signature requirements.
CAs are at level 3 of the hierarchy and can also be at lower levels. Those at level 3 are certified by PCAs. CAs represent, for example, particular organizations, particular organizational units e. RFC furthermore has a name subordination rule, which requires that a CA can only issue certificates for entities whose names are subordinate in the X.
The name subordination rule ensures that CAs below the PCA are sensibly constrained as to the set of subordinate entities they can certify e.
Certificate user systems are able to mechanically check that the name subordination rule has been followed. The limitations of X. Knowledge of individual PCAs was required to determine if a chain could be accepted. In particular, the certificate extensions relating to certificate policies obviate the need for PCAs and the constraint extensions obviate the need for the name subordination rule.
As a result, this document supports a more flexible architecture, including: Starting with the public key of a CA in a user's own domain has certain advantages. In some environments, the local domain is the most trusted. The application can determine if the certification path is acceptable based on the contents of the certificates instead of a priori knowledge of PCAs.
This permits automation of certification path processing. This specification covers two classes of certificates: CA certificates and end entity certificates. CA certificates may be further divided into three classes: Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs.
Self-issued certificates are CA certificates in which the issuer and subject are the same entity.Descargar RFC en la página del SAT 2018
Self-issued certificates are generated to support changes in policy or operations. Self- signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths. End entity certificates are issued to subjects that are not authorized to issue certificates. Revocation When a certificate is issued, it is expected to be in use for its entire validity period.
However, various circumstances may cause a certificate to become invalid prior to the expiration of the validity period. Such circumstances include change of name, change of association between subject and CA e. Under such circumstances, the CA needs to revoke the certificate. This method involves each CA periodically issuing a signed data structure called a certificate revocation list CRL. Each revoked certificate is identified in a CRL by its certificate serial number.
When a certificate-using system uses a certificate e. The meaning of "suitably recent" may vary with local policy, but it usually means the most recently issued CRL. A new CRL is issued on a regular periodic basis e. An entry is added to the CRL as part of the next update following notification of revocation. An advantage of this revocation method is that CRLs may be distributed by exactly the same means as certificates themselves, namely, via untrusted servers and untrusted communications.
One limitation of the CRL revocation method, using untrusted communications and servers, is that the time granularity of revocation is limited to the CRL issue period.
For example, if a Cooper, et al. As with the X. It is one goal of this document to specify that profile. However, this profile does not require the issuance of CRLs. Message formats and protocols supporting on-line revocation notification are defined in other PKIX specifications. On-line methods of revocation notification may be applicable in some environments as an alternative to the X. On-line revocation checking may significantly reduce the latency between a revocation report and the distribution of the information to relying parties.
Once the CA accepts a revocation report as authentic and valid, any query to the on-line service will correctly reflect the certificate validation impacts of the revocation. However, these methods impose new security requirements: Operational Protocols Operational protocols are required to deliver certificates and CRLs or status information to certificate-using client systems.
Operational protocols supporting these functions are defined in other PKIX specifications. These specifications may include definitions of message formats and procedures for supporting all of the above operational environments, including definitions of or references to appropriate MIME content types.
Management Protocols Management protocols are required to support on-line interactions between PKI user and management entities. For example, a management protocol might be used between a CA and a client system with which a key pair is associated, or between two CAs that cross-certify each other. The set of functions that potentially need to be supported by management protocols include: This is the process whereby a user first makes itself known to a CA directly, or through an RAprior to that CA issuing a certificate or certificates for that user.
Before a client system can operate securely, it is necessary to install key materials that have the appropriate relationship with keys stored elsewhere in the infrastructure. For example, the client needs to be securely initialized with the public key and other assured information of the trusted CA sto be used in validating certificate paths. Furthermore, a client typically needs to be initialized with its own key pair s. As an option, user client key materials e. If a user needs to recover these backed-up key materials e.
All key pairs need to be updated regularly, i. An authorized person advises a CA of an abnormal situation requiring certificate revocation. Two CAs exchange information used in establishing a cross-certificate. A cross-certificate is a certificate issued by one CA to another CA that contains a CA signature key used for issuing certificates. Note that on-line protocols are not the only way of implementing the above functions.
For all functions, there are off-line methods of achieving the same result, and this specification does not mandate use of on-line protocols.
For example, when hardware tokens are used, many of the functions may be achieved as part of the physical token delivery. Furthermore, some of the above functions may be combined into one protocol exchange. In particular, two or more of the registration, initialization, and certification functions can be combined into one protocol exchange. The protocols for conveying these messages in different environments e. Certificate and Certificate Extensions Profile This section presents a profile for public key certificates that will foster interoperability and a reusable PKI.
This section is based upon the X. This section also defines private extensions required to support a PKI for the Internet community. Certificates may be used in a wide range of applications and environments covering a broad spectrum of interoperability goals and a broader spectrum of operational and assurance requirements. The goal of this document is to establish a common baseline for generic applications requiring broad interoperability and limited special purpose requirements. In particular, the emphasis will be on supporting the use of X.
Basic Certificate Fields The X. For signature calculation, the data that is to be signed is encoded using the ASN. The fields are described in detail in the following subsections. The fields are described in detail in Section 4. An algorithm identifier is defined by the following ASN. The contents of the optional parameters field will vary according to the algorithm identified. This field MUST contain the same algorithm identifier as the signature field in the sequence tbsCertificate Section 4.
By generating this signature, a CA certifies the validity of the information in the tbsCertificate field. In particular, the CA certifies the binding between the public key material and the subject of the certificate. The remainder of this section describes the syntax and semantics of these fields. A TBSCertificate usually includes extensions.
Version This field describes the version of the encoded certificate. When extensions are used, as expected in this profile, version MUST be 3 value is 2. At a minimum, conforming implementations MUST recognize version 3 certificates. Generation of version 2 certificates is not expected by implementations based on this profile.
Given the uniqueness requirements above, serial numbers can be expected to contain long integers. Non-conforming CAs may issue certificates with serial numbers that are negative or zero.