A Registration Authority shall validate requests for certification. The authentication of the identity of the subject shall be in accordance with chapter 3 of this CP/CPS. An RA should validate the connection between the public key contained in the request and the identity of the requester, or ensure that the connection between the public key and the identity vetting trail is verifiable by the CA.
An RA shall verify to a reasonable extent that the private key pertaining to the certification request is in the possession of the requesting entity. This verification may be out-of-band and may rely on non-technical means.
An RA shall confirm any such validation versus the CA via a reliable and trusted mechanism. This may be either via personal contact between the RA and the CA (by phone or in person), by sending legally valid evidence on paper carrying the RAs signature, or via cryptographically non-repudiatable and integrity protected electronic means.
An RA must forward requests for revocation by subscribers to the CA with priority, as soon as a request is recognised as such. The RA should give an assessment on the validity of the revocation request.
Entities that act as RA for the DutchGrid medium-security Certification Authority have no notification obligations when certificates have been issued, revoked or suspended.