You are here:  Home > Trust > OID=1.2.826.0.1.4624520 > SubTree > Policies Last updated 10 Sep 2016   

AllIncontext Certificate Policies

The Internet Engineering Task Force (HTTPS Direct, IETF) defines Certificate Policy in RFC 3647 (HTTPS DIRECT) as:

Certificate policy (CP) - A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular CP might indicate applicability of a type of certificate to the authentication of parties engaging in business-to-business transactions for the trading of goods or services within a given price range.

AllIncontext Limited issues an Added Value Ticket (AVT) for the concurrent running of its programs in the form of an X509 End Entity Digital Certificate which is chained to an AllIncontext Limited Intermediate Certificate Authority (IntCA) Certificate which itself chains to an AllIncontext Limited Root Certificate Authority Certificate (RootCA), also called a Trust Anchor. This chain implements the following Object Identifiers (HTTPS Direct, OIDs): The OID 1.2.826.0.1.4624520 is assigned to AllIncontext Limited with the sub-tree defining Certificate Policy details and OIDs.

Certificate Practice Statement (CPS)

In RFC 3647 the CPS is defined as:

A statement of the practices that a certification authority employs in issuing, managing, revoking, and renewing or re-keying certificates.

The AllIncontext Limited practices are as follows:
  • Added Value Ticksts (AVTs) are issued to an Email Address identity on recipt of a Certificate Signing Request (CSR) generated by the person with that Email Address using AllIncontext RunCMD (a CSR generated in other way will be rejected without notification). The CSR must be received as an attachment to an Email message and from the Email Address named in the CSR. A signed CSR, the AVT Puvblic Certificate, is sent to the Email Address in the Public Certificate in order to close the circle of Identity. The Public Certifcate is only valid when matched to the Private Key used to sign the CSR.
  • If an AVT is used for Email or File encryption that cipher text should only be regarded as safe from casual perusal even though the AVT uses the SHA512RSA algorithm and a Key Length of 4096 bits. If you printed off the plain text data in the file and posted it in an envelope, that is the sort of data protection you can reasonably expect since you would be unlikely to detect if the envelope had been opened and then re-sealed by an expert.
  • No AllIncontext AVT is revoked, since revocation is broken. See Dr Peter Gutmann's PDF (HTTPS Direct) on Everything you Never Wanted to Know about PKI but were Forced to Find Out for more detail. Similar views are held by the Tor (HTTPS Direct) Project and ImperialViolet (HTTPS Direct).
  • An AllIncontext AVT can be used for: concurrent running of AllIncontext programs, otherwise the are free to run one at a time; File encryption and decryption (both for stand alone files and for the smime.p7m file used as the alternate view in an encrypted Email message).
  • Finally, there are no guarantees whatsoever when using an X509 Public Certificate. An AllIncontext Limited AVT has no monetary value associated with it. If used for file encryption, you only give yourself time to take some action. As Dr Gutmann points out, an X509 Public Certificate is usually just an expensive collection of bits.
For other information please refer to 650 organizations, notable breaches, trust and trust or not.

AllIncontext Limited is registered in England, No 04624520. Registered office address: 12-14 High Street, Petersfield, Hampshire, GU32 3JG.

Valid XHTML 1.0 Strict   Valid CSS!