next up previous contents
Next: RA obligations Up: Obligations Previous: Obligations   Contents

CA obligations

The DutchGrid medium-security Certification Authority will develop and maintain this document to reflect in detail the practices and procedures by which the CA will operate. The DutchGrid medium-security Certification Authority ensures that all aspects of the CA services, operations and infrastructure related to the certificates issued under this policy are performed in accordance with the requirements of this policy. The DutchGrid medium-security Certification Authority will generate and suitably protect the private key used for signing certificates under this policy.

The DutchGrid medium-security Certification Authority will accept requests for certification by all entities eligible for certification under this policy, as detailed in section 1.1.3. The CA will authenticate these entities according to the procedures outlined in this document and issue signed certificates based on these requests if and only if the requirements detailed in this document are satisfied. The subscriber will be notified of the issuing of the certificate by electronic mail, sent to the address where the request originated or the address contained in the certificate request.

In special cases, an alternate e-mail address communicated to the CA operator by out-of-band means can be used. Such a case will be explicitly noted in the audit trail associated with the request.

The certificates issued by the DutchGrid medium-security Certification Authority under this policy will contain a reference to the policy object identifier as part of the "certificatePolicies" certificate extension. A reference to an on-line repository containing the CP/CPS will be part of the comments-extension of the certificate.

All certificates issued by the DutchGrid medium-security Certification Authority will be published in a publicly-accessible on-line repository.

The DutchGrid medium-security Certification Authority will accept revocation requests according to the procedures outlined in this document. Entities requesting revocation will be authenticated by the CA or its assigned RA.

The DutchGrid medium-security Certification Authority will issue a Certificate Revocation List. This CRL will be published in a publicly-available on-line repository.

By issuing a certificate that references this policy, the certifies to the subscriber and to all qualified relying parties who reasonably and in good faith rely on the information contained in the certificate during its operational period, that the CA has issued and will manage the certificate in accordance with this policy, as stated in the certificate extensions. Also, the CA certifies that there are no misrepresentations of fact in the certificate known to the CA, and the CA has taken reasonable steps to verify any additional information in the certificate. Also, the certificate meets all material requirements of this CP/CPS. No other liability, either expressed or implied, is accepted with regard to the certificates issued by the DutchGrid medium-security Certification Authority.

The DutchGrid medium-security Certification Authority will retain a repository of the information pertaining to the certificates issued. This repository is intended to:

This repository is not available externally in an automated way. Access to this repository is restricted to CA operational staff and to assigned internal or external auditors of the CA. The repository will not hold more information than: The information contained in this repository will not be made available to any party but the CA operations staff and the internal or external auditors as part of their assigned duty.

The DutchGrid medium-security Certification Authority also operates an on-line public repository of all certificates issued. This repository will contain no data about the subscriber, except for such data as contained within the certificate. In particular, no sensitive private data, no data concerning the identification procedure and no specific address information will be maintained in this repository. Professional affiliation is not to be considered sensitive private data.


next up previous contents
Next: RA obligations Up: Obligations Previous: Obligations   Contents
David Groep
2001-10-12