D-TRUST-Root PKI Certification Practice Statement

D-TRUST-Root-PKI Certification Practice Statement 

Table of contents 

1. Introduction ..............................................................................................................................5 

1.1 Overview..................................................................................................................................5 

1.2 Document name and identification..........................................................................................7 

1.3 PKI-participants .......................................................................................................................7 

1.4 Certificate Usage .....................................................................................................................8 

1.5 CP/CPS maintenance .............................................................................................................9 

1.6 Definition of terms, Abbreviations and Acronyms ...................................................................9 

2. Responsibility for Directories and Publications .................................................................... 13 

2.1 Directories............................................................................................................................. 13 

2.2 Publication of Certificate Information.................................................................................... 13 

2.3 Publication Frequency.......................................................................................................... 13 

2.4 Directory Access Control...................................................................................................... 14 

3. Identification and Authentication .......................................................................................... 15 

3.1 Naming Conventions ............................................................................................................ 15 

3.2 Initial Identity Inspection ....................................................................................................... 17 

3.3 Identification and Authentication of Re-Keying Applications ............................................... 20 

3.4 Identification and Authentication of Revocation Applications .............................................. 20 

4. Operating requirements........................................................................................................ 21 

4.1 Certificate Application and Registration ............................................................................... 21 

4.2 Processing the Certificate Application.................................................................................. 21 

4.3 Certificate Issuing ................................................................................................................. 24 

4.4 Certificate Transfer ............................................................................................................... 24 

4.5 Certificate and Key-Pair Usage............................................................................................ 25 

4.6 Certificate Renewal............................................................................................................... 26 

4.7 Certificate Renewal with Key-Renewal ................................................................................ 27 

4.8 Certificate Changes .............................................................................................................. 28 

4.9 Revocation and Suspension of Certificates ......................................................................... 29 

4.10 Status Monitoring Service for Certificates ............................................................................ 32 

4.11 Withdrawal from the Certification Service ............................................................................ 32 

4.12 Key-Escrow and Key-Recovery ........................................................................................... 32 

5. Non-Technical Security Provisions ...................................................................................... 34 

5.1 Structural Security Provisions............................................................................................... 34 

5.2 Practice Regulations............................................................................................................. 34 

5.3 Employees ............................................................................................................................ 35 

5.4 Monitoring ............................................................................................................................. 36 

5.5 Archiving of Records ............................................................................................................ 36 

5.6 CSP Key-Change ................................................................................................................. 37 

5.7 Compromise and CSP Business Takeover ......................................................................... 38 

5.8 CSP Discontinuation............................................................................................................. 38 

6. Technical Security Provision ................................................................................................ 40 

6.1 Creation and Installation of Key-Pairs.................................................................................. 40 

6.2 Securing the Private-Key and Cryptographic-Module Requirements ................................. 41 

6.3 Other Aspects of Key-Pair Management ............................................................................. 43 

6.4 Activation-Data ..................................................................................................................... 44 

6.5 IT- Infrastructure Security-Provisions................................................................................... 44 

6.6 Technical Provisions throughout the Life Cycle................................................................... 45 

6.7 Network Security Provisions.................................................................................................45 

6.8 Time-Stamps ........................................................................................................................ 46 

7. Profiles of Certificates, CRLs and OCSP............................................................................. 47 

7.1 Certificate Profiles................................................................................................................. 47 

7.2 CRL Profiles.......................................................................................................................... 49 

7.3 Status Monitoring Service (OCSP) Profile ........................................................................... 50 

Page 3 of 53

Previous page

Next page

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

D-TRUST-Root PKI Certification Practice Statement

Create successful ePaper yourself

Delete template?

Save as template?