This Recommendation is intended to promote interoperability among TMN elements that use Public Key Infrastructure (PKI) to support security-related functions. It applies to all TMN interfaces and applications. It is independent of which communications protocol stack or which network management protocol is being used. PKI facilities can be used for a broad range of security functions, such as, authentication, integrity, non-repudiation, and key exchange (ITU-T M.3016). However, this Recommendation does not specify how such functions should be implemented, with or without PKI.

PKI has emerged as an efficient, scalable method for secure authentication, for non-repudiation, and for the distribution and management of encryption keys and other security-related parameters. A PKI is based on digital certificates. ITU-T X.509 specifies the format of such certificates. X.509 digital certificates can contain any number of extensions. In order for a PKI to support interoperability among TMN elements, all such elements must be able to process the same set of certificate extensions. Ideally, all TMN elements should also exhibit the same behaviour in processing certificate extensions. In order to promote secure interoperability among TMN elements this Recommendation specifies the certificate extensions that are to be supported by a TMN PKI. It further provides default behaviours for the processing of those extensions. In order to promote harmonization with other industries, this Recommendation is based on ITU-T X.500-series Recommendations, in particular ITU-T X.509 and PKI-related Request for Comments (RFC) 2459 from the Internet Engineering Task Force (IETF).

Purpose

The purpose of this Recommendation is to provide interoperable, scalable mechanism for key distribution and management within a TMN, across all interfaces, as well as in support of nonrepudiation service over the X interface.