Subscribers to the DutchGrid medium-security Certification Authority have the obligation to ensure that the data represented in the certification request is accurate. The subscriber will generate a key pair in a trustworthy manner, and has the obligation to protect the private key against disclosure or unintended usage. Specifically, it should be stored only in encrypted form. The pass phrase protecting the private key should be strong and at least 8 characters in length. This requirement is waived for subscribers that are automated entities, in which case their private key should be accessible only by those applications, services or systems. Such certificates will be distinguishable by subject name, as detailed in section 3.1.1.
Storage of the encrypted private key on a publicly accessible medium is strongly discouraged. Storage on a medium that is normally deemed secure and which is properly administrated is admissible. The certificate must only be used for purposes consistent with this policy.
The subscriber must instruct the CA to revoke the certificate promptly upon any actual or suspected loss, disclosure or other compromise of the subscribers private key.
By making a certificate request to the DutchGrid medium-security Certification Authority, the subscriber or potential subscriber accepts the registration of such data in all the repositories described in section 2.1.1. The subscriber is allowed to correct or complete the data retained in these repositories by contacting the CA operator stated in section 1.4, in accordance with the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens) 2000. Request to remove data from this repository will result in immediate and irreversible revocation of the certificate(s) pertaining to the subscriber. In case of removal of subscriber data from the repository, an audit trail pertaining to this removal will be retained by the CA.