ACP 185
ACP 185
ACP 185
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
• Compose and sign the certificate.<br />
• Provide the certificate to the Subscriber.<br />
• Publish the certificate, as applicable.<br />
An auditable record of this process shall be kept containing at a minimum:<br />
• Details of the certificate request.<br />
• The success, or rejection (with reason), of the certificate request.<br />
• The identity of the Registration Authority (RA).<br />
The CA is not bound to issue keys and certificates to any entity despite receipt of an application.<br />
1.18.2 Notification to Subscriber of Certificate Issuance<br />
A process shall be in place that shall notify the Subscriber that a certificate has been issued and<br />
their responsibilities upon acceptance.<br />
1.19 Certificate Acceptance<br />
1.19.1 Conduct constituting certificate acceptance<br />
Use of the certificate constitutes acceptance.<br />
1.19.2 Publication of the Certificate by the CA<br />
CA certificates and Subscriber encryption certificates shall be published to appropriate<br />
repositories, including those needed to support cross-certification with the NDPKI of another<br />
CCEB nation. A NDPKI may also elect to publish other certificates (e.g. for authentication or<br />
non-repudiation) to its repository.<br />
1.19.3 Notification of Certificate Issuance by the CA to other entities<br />
NDPKI shall notify other affected NDPKIs when issuing a cross-certificate.<br />
1.20 Key Pair and Certificate Usage<br />
1.20.1 Subscriber Private Key and Certificate Usage<br />
Subscribers shall protect their private keys from access by other parties.<br />
Subscribers shall use keys and certificates in accordance with the NDPKI policies.<br />
Uncontrolled copy when printed<br />
The Subscriber shall not use the signature private key after the associated certificate has been<br />
suspended, revoked or has expired. The Subscriber may continue to use the decryption private<br />
key solely to decrypt previously encrypted information after the associated certificate has been<br />
revoked or has expired.<br />
A-11<br />
UNCLASSIFIED