1. Executive Summary

This document describes three types of service in support of Internet Privacy-Enhanced Mail (PEM) [1-3]: key certification, certificate- revocation list (CRL) storage, and CRL retrieval. Such services are among those required of an RFC 1422 [2] certification authority. Other services such as certificate revocation and certificate retrieval are left to the certification authority to define, although they may be based on the services described in this document.

Each service involves an electronic-mail request and an electronic- mail reply. The request is either an RFC 1421 [1] privacy-enhanced message or a message with a new syntax defined in this document. The new syntax follows the general RFC 1421 syntax but has a different process type, thereby distinguishing it from ordinary privacy- enhanced messages. The reply is either an RFC 1421 privacy-enhanced message, or an ordinary unstructured message.

Replies that are privacy-enhanced messages can be processed like any other privacy-enhanced message, so that the new certificate or the retrieved CRLs can be inserted into the requestor's database during normal privacy-enhanced mail processing.

Certification authorities may also require non-electronic forms of request and may return non-electronic replies. It is expected that descriptions of such forms, which are outside the scope of this document, will be available through a certification authority's "information" service.