Computer Security: Federal Agency Use of Public Key Technology for DigitalSignatures and Authentication

摘要

This guidance document was developed by the Federal Public Key InfrastructureSteering Committee to assist Federal agencies that are considering the use of public key technology for digital signatures or authentication over open networks such as the Internet. This includes communications with other Federal or non-Federal entities, such as members of the public, private firms, citizen groups, and state and local governments. Most public key technology applications for digital signatures provide for user authentication as well. However, public key technology can be used for user authentication only without digital signatures. Standards such as X.509 provide for that functionality. This document encourages the thoughtful use of public key technology by Federal agencies as set forth in guidance published by the Office of Management and Budget implementing the Government Paperwork Elimination Act (GPEA). It also amplifies upon principles contained in the GPEA guidance and separately in Access with Trust issued in September 1998 by the Office of Management and Budget, the National Partnership for Reinventing Government, and the Government Information Technology Services Board. Finally, it discusses briefly the government-wide Public Key Infrastructure (PKI) which is developing to enable applications programs to effectively use public key technology across Federal agencies.