next up previous contents
Next: Authentication of organisation identity Up: Initial Registration Previous: Recognition, authentication and role   Contents

Method to prove possession of private key

The DutchGrid medium-security Certification Authority proves possession of the private key that is the companion to the DutchGrid medium-security Certification Authority root certificate by issuing certificates and signing CRL's.

The DutchGrid medium-security Certification Authority verifies the possession of the private relating to certificates requests by out-of-band, non-technical means at the time of authentication. Such verification may take the form of a directly posed question to requester. A cryptographic challenge- response exchange may be used to prove possession of the private key at any point in time before certification of subscriber.

The DutchGrid medium-security Certification Authority will not generate the key pair for subscribers and will not accept or retain private keys generated by subscribers.



David Groep
2001-11-05