1.0 INTRODUCTION
1.1 Purpose and Objectives
1.2 Scope
1.3 Document Organization
1.4 Related Documents
1.5 Regulatory Approval
1.6 Export Control Compliance
2.0 OVERVIEW
2.1 Public Key Cryptography
2.2 Overview of Public Key Infrastructure (PKI)
2.3 Key/Certificate Life Cycle Overview
3.0 INITIAL CONSIDERATIONS
3.1 CA Sourcing Options
3.2 Certificate Subject Naming and Key Usage
3.3 Crypto-Algorithm Considerations
3.4 Crypto-Period and Certificate Life-Time
3.5 Distribution of Trust Anchor Certificates
4.0 KEY GENERATION SCENARIOS AND GUIDANCE
4.1 On-Aircraft Device Key Generation
4.2 Centralized On-Aircraft Device Key Generation
4.3 Ground-based Key Generation for Aircraft Devices
4.4 Portable Device Key Generation
4.5 Key Pair Generation Guidance
5.0 PUBLIC KEY CERTIFICATE LIFE CYCLE
5.1 Initiation Phase
5.2 Maintenance Phase
5.3 Termination Phase
6.0 PUBLIC KEY CERTIFICATE USE AND OPERATION
6.1 Certificate Retrieval
6.2 Certificate Validation
6.3 Certificate Revocation Check
7.0 PRIVATE KEY HANDLING GUIDANCE
7.1 Key Storage
7.2 Key Operational Use
7.3 Key Replacement
7.4 Key Destruction
8.0 COMPROMISE MANAGEMENT
8.1 Types of Compromise
8.2 Monitoring and Detection of Compromise
8.3 Impact Assessment
8.4 Response
8.5 Reducing Risk
ATTACHMENTS
ATTACHMENT 1 - GLOSSARY
ATTACHMENT 2 - ACRONYM LIST
APPENDICES
APPENDIX A - PKI ROLES
APPENDIX B - ADDITIONAL CA SOURCING CONSIDERATIONS
APPENDIX C - CERTIFICATE NAMING CONSTRAINTS
APPENDIX D - OID TREE DEFINITION FOR REGISTERED
             AVIATION COMMUNICATION SERVICES
APPENDIX E - COMMON CERTIFICATE VALIDATION ISSUES