Simple Certificate Enrollment Protocol

Last updated April 18, 2024

Simple Certificate Enrollment Protocol (SCEP) is described by the informational RFC 8894. Older versions of this protocol became a de facto industrial standard for pragmatic provisioning of digital certificates mostly for network equipment.

Popularity

The Simple Certificate Enrollment Protocol still is the most popular and widely available certificate enrollment protocol, being used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users.^{[ citation needed ]} It is used, for example, by the Cisco Internetworking Operating System (IOS), though Cisco promotes the Enrollment over Secure Transport (EST), with additional features, and iPhones (iOS) to enroll in enterprise public key infrastructure (PKI).^[1] Most PKI software (specifically RA implementations) supports it, including the Network Device Enrollment Service (NDES) of Active Directory Certificate Service and Intune.^[2]

Criticism

Legacy versions of SCEP, which still are employed in the vast majority of implementations, are limited to enrolling certificates for RSA keys only.
Due to the use of the self-signed PKCS#10 format for Certificate Signing Requests (CSR), certificates can be enrolled only for keys that support (some form of) signing. A limitation shared by other enrollment protocols based on PKCS#10 CSRs, e.g., EST and ACME, or even the web-based enrollment workflow of most PKI software where the requester starts by generating a key pair and a CSR in PKCS#10 format. For example ACME, which also uses PKCS#10, issues TLS certificates which by definition must be capable of signing for the TLS handshake. However this distinction is so far mostly theoretical since in practice all algorithms commonly used with certificates support signing. This may change with post-quantum cryptography where some keys only support KEM. The CRMF format, as used by CMP and CMS, is more flexible here, supporting also keys that are usable for encryption only.
Although proof-of-origin of certificate enrollment requests, i.e., authentication of the certificate requester, is the most critical security requirement, for pragmatic reasons its support is not strictly required within SCEP. Signature-based client authentication using an already existing certificate would be the preferred mechanism but in many use cases is not possible or not supported by the given deployments. As an alternative, SCEP just provides the use of a shared secret, which should be client-specific and used only once.
The confidentiality of the shared secret optionally used for source authentication is fragile because it must be included in the 'challengePassword' field of the CSR, which is then protected by an outer encryption. It would have been more secure to use a password-based MAC algorithm such as HMAC.
Encrypting the whole PKCS#10 structure in order to protect the 'challengePassword' field (which is used for self-contained source authentication) has a further drawback: the whole CSR becomes unreadable for all parties except the intended ultimate receiver (the CA), although most of its content is not confidential. So the PKCS#10 structure cannot be checked by intermediate agents such as an RA.

History

SCEP was designed by Verisign for Cisco^[3] as a lean alternative to Certificate Management over CMS (CMC) and the very powerful but also rather bulky Certificate Management Protocol (CMP). It had support from Microsoft early with its continuous inclusion in Windows starting with Windows 2000.^[4] In around 2010, Cisco suspended work on SCEP and developed EST instead. In 2015, Peter Gutmann revived the Internet Draft due to SCEP widespread use in industry and in other standards.^[5] He updated the draft with more modern algorithms corrected numerous issues in the original specification. In September 2020, the draft was published as informational RFC 8894, more than twenty years after the beginning of the standardization effort.^[6] The new version also supports enrollment of non-RSA certificates (e.g., for ECC public keys).

External links

Slide deck describing SCEP: pkix-3.pdf

Related Research Articles

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

<span class="mw-page-title-main">Public key infrastructure</span> System that can issue, distribute and verify digital certificates

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

Articles related to cryptography include:

In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures.

Key exchange is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

In public key infrastructure (PKI) systems, a certificate signing request is a message sent from an applicant to a certificate authority of the public key infrastructure (PKI) in order to apply for a digital identity certificate. The CSR usually contains the public key for which the certificate should be issued, identifying information and a proof of authenticity including integrity protection. The most common format for CSRs is the PKCS #10 specification; others include the more capable Certificate Request Message Format (CRMF) and the SPKAC format generated by some web browsers.

The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. The purpose was to correct deficiencies in EAP; EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not provided.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

cryptlib is an open-source cross-platform software security toolkit library. It is distributed under the Sleepycat License, a free software license compatible with the GNU General Public License. Alternatively, cryptlib is available under a proprietary license for those preferring to use it under proprietary terms.

PERMIS is a sophisticated policy-based authorization system that implements an enhanced version of the U.S. National Institute of Standards and Technology (NIST) standard Role-Based Access Control (RBAC) model. PERMIS supports the distributed assignment of both roles and attributes to users by multiple distributed attribute authorities, unlike the NIST model which assumes the centralised assignment of roles to users. PERMIS provides a cryptographically secure privilege management infrastructure (PMI) using public key encryption technologies and X.509 Attribute certificates to maintain users' attributes. PERMIS does not provide any authentication mechanism, but leaves it up to the application to determine what to use. PERMIS's strength comes from its ability to be integrated into virtually any application and any authentication scheme like Shibboleth (Internet2), Kerberos, username/passwords, Grid proxy certificates and Public Key Infrastructure (PKI).

The Certificate Management Protocol (CMP) is an Internet protocol standardized by the IETF used for obtaining X.509 digital certificates in a public key infrastructure (PKI).

The Certificate Management over CMS (CMC) is an Internet Standard published by the IETF, defining transport mechanisms for the Cryptographic Message Syntax (CMS). It is defined in RFC 5272, its transport mechanisms in RFC 5273.

IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870-5 series, IEC 60870-6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection.

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

The Enrollment over Secure Transport, or EST is a cryptographic protocol that describes an X.509 certificate management protocol targeting public key infrastructure (PKI) clients that need to acquire client certificates and associated certificate authority (CA) certificates. EST is described in RFC 7030. EST has been put forward as a replacement for SCEP, being easier to implement on devices already having an HTTPS stack. EST uses HTTPS as transport and leverages TLS for many of its security attributes. EST has described standardized URLs and uses the well-known Uniform Resource Identifiers (URIs) definition codified in RFC 5785.

Credential Management, also referred to as a Credential Management System (CMS), is an established form of software that is used for issuing and managing credentials as part of public key infrastructure (PKI).

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Apple MDM SCEP settings

[2] Configure infrastructure to support SCEP with Intune

[3] SCEP: The Simple Certificate Enrollment Protocol (first draft, January 2000)

[4] SCEP and NDES, A Brief History

[5] raft-gutmann-scep-00 - Simple Certificate Enrollment Protocol

[6] IETF Datatracker : Simple Certificate Enrollment Protocol

[1]

[2]

[3]

[4]

[5]

[6]