ACP 185
ACP 185
ACP 185
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNCLASSIFIED<br />
ANNEX A TO<br />
<strong>ACP</strong> <strong>185</strong><br />
1.25 Certificate Status Services<br />
Certificate Status Services are provided by CSAs. CSAs are not a required component of the<br />
NDPKI. If supported as part of the NDPKI, the CSA is considered an integral part of the CAS<br />
and, except where expressly noted, all requirements imposed on CAS apply.<br />
1.25.1 Operational Characteristics<br />
A CSA shall meet the following requirements:<br />
• The CSA shall be operated in compliance with this CP and any applicable Internet<br />
standards.<br />
• Information exchanged between the CA and the CSA shall be authenticated and<br />
protected from modification using mechanisms commensurate with the requirements<br />
of the data to be protected by the certificates being issued.<br />
• Accurate and up-to-date information from the associated CA shall be used to provide<br />
the revocation status.<br />
• Revocation status responses shall provide authentication and integrity services<br />
commensurate with the requirements of the data to be protected by the certificates<br />
being issued, to include the status of the certificate and the time the status indication<br />
was generated.<br />
• Latency of certificate status information shall meet or exceed the requirements for<br />
CRL issuance stated in Section 4.9.7.<br />
1.25.2 Service Availability<br />
No stipulation.<br />
1.25.3 Optional Features<br />
No stipulation.<br />
1.26 End of Subscription<br />
As defined in the NDPKI CP.<br />
1.27 Key Escrow & Recovery<br />
The NDPKI may support key escrow and recovery for private keys associated with encryption<br />
certificates.<br />
Uncontrolled copy when printed<br />
A-19<br />
UNCLASSIFIED