D-TRUST-Root PKI Certification Practice Statement
D-TRUST-Root PKI Certification Practice Statement
D-TRUST-Root PKI Certification Practice Statement
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
D-<strong>TRUST</strong>-<strong>Root</strong>-<strong>PKI</strong> <strong>Certification</strong> <strong>Practice</strong> <strong>Statement</strong><br />
Table of contents<br />
1. Introduction ..............................................................................................................................5<br />
1.1 Overview..................................................................................................................................5<br />
1.2 Document name and identification..........................................................................................7<br />
1.3 <strong>PKI</strong>-participants .......................................................................................................................7<br />
1.4 Certificate Usage .....................................................................................................................8<br />
1.5 CP/CPS maintenance .............................................................................................................9<br />
1.6 Definition of terms, Abbreviations and Acronyms ...................................................................9<br />
2. Responsibility for Directories and Publications .................................................................... 13<br />
2.1 Directories............................................................................................................................. 13<br />
2.2 Publication of Certificate Information.................................................................................... 13<br />
2.3 Publication Frequency.......................................................................................................... 13<br />
2.4 Directory Access Control...................................................................................................... 14<br />
3. Identification and Authentication .......................................................................................... 15<br />
3.1 Naming Conventions ............................................................................................................ 15<br />
3.2 Initial Identity Inspection ....................................................................................................... 17<br />
3.3 Identification and Authentication of Re-Keying Applications ............................................... 20<br />
3.4 Identification and Authentication of Revocation Applications .............................................. 20<br />
4. Operating requirements........................................................................................................ 21<br />
4.1 Certificate Application and Registration ............................................................................... 21<br />
4.2 Processing the Certificate Application.................................................................................. 21<br />
4.3 Certificate Issuing ................................................................................................................. 24<br />
4.4 Certificate Transfer ............................................................................................................... 24<br />
4.5 Certificate and Key-Pair Usage............................................................................................ 25<br />
4.6 Certificate Renewal............................................................................................................... 26<br />
4.7 Certificate Renewal with Key-Renewal ................................................................................ 27<br />
4.8 Certificate Changes .............................................................................................................. 28<br />
4.9 Revocation and Suspension of Certificates ......................................................................... 29<br />
4.10 Status Monitoring Service for Certificates ............................................................................ 32<br />
4.11 Withdrawal from the <strong>Certification</strong> Service ............................................................................ 32<br />
4.12 Key-Escrow and Key-Recovery ........................................................................................... 32<br />
5. Non-Technical Security Provisions ...................................................................................... 34<br />
5.1 Structural Security Provisions............................................................................................... 34<br />
5.2 <strong>Practice</strong> Regulations............................................................................................................. 34<br />
5.3 Employees ............................................................................................................................ 35<br />
5.4 Monitoring ............................................................................................................................. 36<br />
5.5 Archiving of Records ............................................................................................................ 36<br />
5.6 CSP Key-Change ................................................................................................................. 37<br />
5.7 Compromise and CSP Business Takeover ......................................................................... 38<br />
5.8 CSP Discontinuation............................................................................................................. 38<br />
6. Technical Security Provision ................................................................................................ 40<br />
6.1 Creation and Installation of Key-Pairs.................................................................................. 40<br />
6.2 Securing the Private-Key and Cryptographic-Module Requirements ................................. 41<br />
6.3 Other Aspects of Key-Pair Management ............................................................................. 43<br />
6.4 Activation-Data ..................................................................................................................... 44<br />
6.5 IT- Infrastructure Security-Provisions................................................................................... 44<br />
6.6 Technical Provisions throughout the Life Cycle................................................................... 45<br />
6.7 Network Security Provisions.................................................................................................45<br />
6.8 Time-Stamps ........................................................................................................................ 46<br />
7. Profiles of Certificates, CRLs and OCSP............................................................................. 47<br />
7.1 Certificate Profiles................................................................................................................. 47<br />
7.2 CRL Profiles.......................................................................................................................... 49<br />
7.3 Status Monitoring Service (OCSP) Profile ........................................................................... 50<br />
Page 3 of 53