ACP 185
ACP 185
ACP 185
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
components. In addition, the distribution of CA responsibilities between the CA itself and<br />
Registration Authorities (RA) may vary in the implementation of the PKI.<br />
If the NDPKI operates Certificate Status Authorities (CSA) or Key Escrow Servers (KES), all<br />
requirements that apply to a CA apply equally to these entities unless specifically excluded.<br />
Collectively the hardware, software, and operating personnel that create, sign, and issue public<br />
key certificates to Subscribers is a Certificate Authority System (CAS).<br />
1.3.3 Registration Authority<br />
An RA is an entity authorized by the CAS to collect, verify, and submit information provided by<br />
potential Subscribers which is to be entered into public key certificates. The term RA refers to<br />
hardware, software, and individuals that collectively perform this function. Unless expressly<br />
stated otherwise, RA requirements are imposed on all RA components of the NDPKI. RA<br />
operations shall be performed in accordance with a CPS approved by the NDPKI PMA. RA<br />
functions may be included in a single CPS, which also governs CAS operations, or may be<br />
defined in a separate CPS. The RA is responsible for the following:<br />
• Control over the registration process<br />
• Identification and authentication process<br />
1.3.4 Subscribers<br />
A Subscriber is the entity whose name appears in the Subject field of a certificate, and who<br />
asserts that the use of its public key and certificate is in accordance with the NDPKI CP. The<br />
Subscriber is sometimes also called an “applicant” after applying to a CAS for a certificate, but<br />
before the certificate issuance procedure is completed. Subscribers include entities that have<br />
been approved in the NDPKI CP, such as but not limited to:<br />
• Personnel<br />
• Devices (e.g. Workstations, Firewalls, Routers, Trusted Servers, applications, systems<br />
and other infrastructure components)<br />
• Organisational roles associated with individuals, groups of individuals or<br />
organisational entities<br />
A Subscriber with a certificate issued under a NDPKI does not automatically receive access,<br />
authority or privilege to the Defence assets or systems of the cross-certified NDPKI.<br />
Uncontrolled copy when printed<br />
1.3.5 Relying Parties<br />
A Relying Party is the entity that relies on the validity of the binding of the Subscriber’s name to<br />
a public key. A Relying Party is responsible for deciding whether or how to check the validity of<br />
the certificate by checking the appropriate certificate status information. A Relying Party may<br />
A-3<br />
UNCLASSIFIED