SafeScrypt Certification Practice Statement

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SafeScrypt Certification Practice Statement"

Transcription

1 SafeScrypt Certification Practice Statement Version 2.1 Effective Date: August 08 th, 2004 SafeScrypt Ltd 2 nd Floor, Tidel Park, #4, Canal Bank Road Taramani, Chennai Tel: Fax:

2 SafeScrypt Certification Practice Statement This Certificate Practice Statement has been prepared based on the Certification Practice Statement of VeriSign Inc, USA Trademark Notices SafeScrypt is the trade name, trademark & service mark of SafeScrypt Ltd. VeriSign and Managed PKI are registered marks of VeriSign, Inc. The VeriSign logo, VeriSign Trust Network, and Go Secure! are trade names, trademarks and service marks of VeriSign, Inc. Other trademarks and service marks in this document are the property of their respective owners. Without limiting the rights reserved above, and except as licensed below, no part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without prior written permission of SafeScrypt, VeriSign, Inc or respective owners of the intellectual property rights (hereinafter referred to as owners ). Notwithstanding the above, permission is granted to reproduce and distribute this SafeScrypt Certification Practice Statement on a nonexclusive, royalty-free basis, provided that (i) the foregoing copyright notice and the beginning paragraphs are prominently displayed at the beginning of each copy, and (ii) this document is accurately reproduced in full, complete with attribution of the document to the owners. Requests for any other permission to reproduce this SafeScrypt Certification Practice Statement (as well as requests for copies from SafeScrypt) must be addressed to SafeScrypt Ltd 2nd Floor, Tidel Park, #4, Canal Bank Road Taramani, Chennai Tel: Fax: Acknowledgement SafeScrypt acknowledges the assistance of many reviewers of the document specializing in diverse areas of business, law, policy, and technology.

3 TABLE OF CONTENTS 1. Introduction Services offered by SafeScrypt: Certifying Authority (CA) Components of the SafeScrypt Public Hierarchy The Certificate Policy or CP Overview Policy Overview SafeScrypt s Service Offerings Identification Community and Applicability Certifying Authority and Hierarchy Registration Authorities End Entities Applicability Contact Details Specification Administration Organization Contact Person Person Determining CPS Suitability for the Policy General Provisions Obligations CA Obligations RA Obligations Subscriber Obligations Relying Party Obligations Repository Obligations Liability Certifying Authority Liability Registration Authority Liability Subscriber Liability Relying Party Liability Financial Responsibility Indemnification by Subscribers and Relying Parties Fiduciary Relationships Administrative Processes Interpretation and Enforcement Governing Law Severability, Survival, Merger, Notice Dispute Resolution Procedures Fees Certificate Issuance or Renewal Fees Certificate Access Fees Revocation or Status Information Access Fees Fees for Other Services Such as Policy Information ii -

4 2.5.5 Refund Policy Publication and Repository Publication of CA Information Frequency of Publication Access Controls Repositories Compliance Audit Frequency of Entity Compliance Audit Identity/ Qualifications of Auditor Auditor s Relationship to Audited Party Topics Covered by Audit Actions Taken as a Result of Deficiency Communications of Results Confidentiality and Privacy Types of Information to be Kept Confidential and Private Types of Information Not Considered Confidential or Private Disclosure of Certificate Revocation/Suspension Information Release to Law Enforcement Officials Release as Part of Civil Discovery Disclosure Upon Owner s Request Other Information Release Circumstances Intellectual Property Rights Property Rights in Certificates and Revocation Information Property Rights in the CPS Property Rights in Names Property Rights in Keys and Key Material Identification and Authentication Initial Registration Types of Names Need for Names to be Meaningful Rules for Interpreting Various Name Forms Uniqueness of Names Name Claim Dispute Resolution Procedure Recognition, Authentication, and Role of Trademarks Method to Prove Possession of Private Key Authentication of Organization Identity Authentication of Individual Identity Routine Rekey and Renewal Routine Rekey and Renewal for End-User Subscriber Certificates Routine Rekey and Renewal for technical & sub CA Certificates Rekey After Revocation Revocation Request Operational Requirements Certificate Application Certificate Applications for End-User Subscriber Certificates iii -

5 4.1.2 Certificate Applications for technical & sub CA, RA, Infrastructure and Employee Certificates Certificate Issuance Issuance of End-User Subscriber Certificates Issuance of sub CA, RA and Infrastructure Certificates Certificate Acceptance Certificate Suspension and Revocation Circumstances for Revocation Who Can Request Revocation Procedure for Revocation Request Revocation Request Grace Period Circumstances for Suspension Who Can Request Suspension Procedure for Suspension Request Limits on Suspension Period CRL Issuance Frequency Certificate Revocation List Checking Requirements On-Line Revocation/Status Checking Availability On-Line Revocation Checking Requirements Other Forms of Revocation Advertisements Available Checking Requirements for Other Forms of Revocation Advertisements Special Requirements Regarding Key Compromise Security Audit Procedures Types of Events Recorded Frequency of Processing Log Retention Period for Audit Log Protection of Audit Log Audit Log Backup Procedures Audit Collection System Notification to Event-Causing Subject Vulnerability Assessments Records Archival Types of Events Recorded Retention Period for Archive Protection of Archive Archive Backup Procedures Requirements for Time-Stamping of Records Procedures to Obtain and Verify Archive Information Key Changeover Disaster Recovery and Key Compromise Corruption of Computing Resources, Software, and/or Data Disaster Recovery Key Compromise CA Termination Physical, Procedural, and Personnel Security Controls Physical Controls iv -

6 5.1.1 Site Location and Construction Physical Access Power and Air Conditioning Water Exposures Fire Prevention and Protection Media Storage Waste Disposal Off-Site Backup Procedural Controls Trusted Roles Number of Persons Required Per Task Identification and Authentication for Each Role Personnel Controls Background, Qualifications, Experience, and Clearance Requirements Background Check Procedures Training Requirements Retraining Frequency and Requirements Job Rotation Frequency and Sequence Sanctions for Unauthorized Actions Contracting Personnel Requirements Documentation Supplied to Personnel Technical Security Controls Key Pair Generation and Installation Key Pair Generation Private Key Delivery to Entity Public Key Delivery to Certificate Issuer CA Public Key Delivery to Users Key Sizes Public Key Parameters Generation Parameter Quality Checking Hardware/Software Key Generation Key Usage Purposes Standards for Cryptographic Modules Private Key (n out of m) Multi-Person Control Private Key Escrow Private Key Backup Private Key Archival Private Key Entry into Cryptographic Module Method of Activating Private Key Method of Deactivating Private Key Method of Destroying Private Key Other Aspects of Key Pair Management Public Key Archival Usage Periods for the Public and Private Keys Activation Data Activation Data Generation and Installation v -

7 6.3.2 Activation Data Protection Other Aspects of Activation Data Computer Security Controls Specific Computer Security Technical Requirements Life Cycle Technical Controls System Development Controls Security Management Controls Life Cycle Security Ratings Network Security Controls Cryptographic Module Engineering Controls Certificate and CRL Profile Certificate Profile Version Number(s) Certificate Extensions Algorithm Object Identifiers Name Forms Name Constraints Certificate Policy Object Identifier Usage of Policy Constraints Extension Policy Qualifiers Syntax and Semantics Processing Semantics for the Critical Certificate Policy Extension CRL Profile Version Number(s) CRL and CRL Entry Extensions Specification Administration Specification Change Procedures Items that Can Change Without Notification Items that Can Change with Notification Changes Requiring Changes in the Certificate Policy OID or CPS Pointer Publication and Notification Policies Items Not Published in the CPS Distribution of the CPS CPS Approval Procedures Acronyms and Definitions 86 Table of Acronyms Definitions vi -

8 1. Introduction This document is the SafeScrypt Certification Practice Statement ( CPS ). 1 It states the practices that SafeScrypt employs in providing certification services that include, but are not limited to, issuing, managing, revoking, and renewing certificates in accordance with the specific requirements of the Indian Information Technology Act 2000 (IT Act 2000) and rules and regulations framed therein. Please Note: The capitalized terms in this CPS are defined terms with specific meanings. Please see Section 9 for a list of definitions. SafeScrypt Ltd (SafeScrypt), a subsidiary of Sify Limited (SIFY), is an organisation promoted to focus exclusively on Internet Trust and Security Services and Solutions (see As part of these services, SafeScrypt offers Managed PKI and Certifying Authority (CA) Services. In India, SafeScrypt has been awarded a CA license by the Controller of Certifying Authorities (CCA) (see appointed under the IT Act Under this CA license, SafeScrypt offers a range of Managed CA Services that enable individuals and organizations to obtain Digital Certificates that qualify as Digital Signature Certificates under the IT Act SafeScrypt services and solutions offer individuals and organizations the choices of becoming sub CA s, Registration Authorities (RA s) or Subscribers thus catering to varied market requirements. SafeScrypt has entered into a strategic alliance with VeriSign Inc (VeriSign), a leading global provider of trusted infrastructure services to web sites, enterprises, electronic commerce service providers, and individuals. SafeScrypt is therefore an Affiliate of VeriSign for India and the surrounding countries. As a VeriSign Affiliate, SafeScrypt uses VeriSign s technology, best practices and expertise in this field to offer Best of Breed solutions to its customers. SafeScrypt is also an integral part of the VeriSign Trust Network SM ( VTN ), which is a global Public Key Infrastructure ( PKI ) that provides Digital Certificates ( Certificates ) for both wired and wireless applications. The VTN accommodates a large, public, and widely distributed community of users with diverse needs for communications and information security. VeriSign is one of the service providers within the VTN, together with SafeScrypt and a global network of affiliates ( Affiliates ) throughout the world. 1.0 Services offered by SafeScrypt: SafeScrypt operates a complex PKI hierarchy to offer a wide range of Trust services. Depending on the Trust requirements of its customers, parts of this hierarchy may be Cross Certified with other Certifying Authorities operating in India and / or outside India Certifying Authority (CA) The term Certifying Authority is used in several contexts globally. This section clarifies its use in this CPS. 1 Internal cross-references to CPS sections (i.e., in the form of CPS ) are references to sections of this document. Other references to the term CPS refer to a certification practice statement, which may include this document or the CPS' of other Certifying Authorities,. See CPS 9 (Definitions). 1

9 When the term Certifying Authority or CA is used in a standalone manner in this CPS, it refers to SafeScrypt as the entity that holds the CA license from the Controller of Certifying Authorities (CCA), Govt. of India. In the PKI world, organizations that provide CA services and issue digital certificates usually issue several classes of certificates. Each class is usually associated with a different level of trust. In order to differentiate between certificates corresponding to each of these classes, the organisation usually creates different standalone key pairs from which a digital certificate of a particular class is issued. For these key pairs to be able to function as originators of trust and issue digital certificates, the public keys of these key pairs need to be digitally signed by their own private keys (called self signed ) or by the private key of any other entity whom they wish to derive their trust from. As per globally adopted and accepted PKI terminology, these key pairs are also thus called Certifying Authorities or CA s. In order to differentiate these key pairs from the legal entity SafeScrypt as the licensed Certifying Authority, this CPS uses the term technical CA s to describe these key pairs. Further, there can be several technical CA s issuing the same classes of certificates also this being usually done when further distinctions for technical or operational reasons are required by users, especially organizational users and their applications. These technical CA s can further create a hierarchy under them, containing sub CA s, to meet with varying technical and operational requirements of user organizations and subscribers. It is to be noted that: 1. All technical CA s come under the single SafeScrypt ambit and under one single CA license. Therefore, each of these technical CA s and the sub CA s under them in their hierarchy derive their legal licensed status in India from the SafeScrypt CA license. 2. The CCA digitally signs the public keys of all the technical CA s thereby ensuring the authenticity of each of the technical CA s that can be verified by any entity. 3. All responsibilities, including liabilities associated with any certificate under any class or any sub CA under any class of any SafeScrypt hierarchy ultimately rests with SafeScrypt. SafeScrypt may, in turn, pass on this responsibility, entirely on in parts, via various contractual agreements to other entities such as sub CA s, RA s, customers, partners, etc Components of the SafeScrypt Public Hierarchy SafeScrypt India Public Hierarchy: The SafeScrypt India Public Hierarchy refers to that part of the SafeScrypt CA hierarchy that uses SafeScrypt self-signed technical CA s as the trust anchors. This gives users flexibility in implementation of customer-specific design requirements. Under this hierarchy, the following Classes of Certificates are available: India Class A India Class B India Class C 2

10 SafeScrypt India-RCAI Public Hierarchy: The SafeScrypt India-RCAI Public Hierarchy refers to that CA hierarchy from SafeScrypt that is cross certified with the Root CA Authority of India (RCAI). This root is envisaged to serve as the basis for cross-certification amongst various licensed CA s in India for consumer applications. Under this hierarchy, the following Classes of Certificates are available: India-RCAI Class 1 India-RCAI Class 2 India-RCAI Class SafeScrypt VeriSign Trust Network Public Hierarchy: The VTN or the VeriSign Trust Network hierarchy refers to that CA hierarchy from SafeScrypt that is cross certified with the VeriSign Trust Network. This means that certificates issued by the sub CA s under this hierarchy enjoy instant global interoperability because the VTN roots are embedded in most of the major applications deployed worldwide. Under this hierarchy, the following Classes of Certificates are available: VTN Class 1 VTN Class 2 VTN Class 3 The user can avail of certificates from one or more of the above hierarchy and classes depending on requirements. The SafeScrypt Public Hierarchy components and roots are explained in detail in the rest of the CPS. Each component hierarchy is governed by the SafeScrypt CPS and its own unique policies and requirements hence each of these are outlined separately in each section /subsection of this CPS. The individual Subscribers and Relying Parties are required to take cognizance of the sections / subsections relevant to them Under each component hierarchy, SafeScrypt also offers the following arrangements: sub CA: Under this scheme, a technical CA with its own set of root keys is specially created for the customer (usually an organization, community or a Closed User Group (CUG)). This technical CA is signed by one of the SafeScrypt technical CA s from the specific hierarchy and class chosen by the customer, thus making it a sub CA under that specific SafeScrypt hierarchy and class. The customer can create several such sub CA s under different hierarchy and classes, depending on usage requirements. To further add flexibility to its offerings, SafeScrypt also enables the customer to further create sub CA s under its sub CA, as long as the same are used by and for its own affiliated entities. RA (Registration Authority) 2 : Under this scheme, a customer can choose to be an RA under the appropriate SafeScrypt sub CA. Once again, the choice of hierarchy and class is available to the customer. Refer CPS for further details on the above. 2 See Definitions 3

11 IMPORTANT NOTE: (1). This CPS (as amended from time to time) is intended to be an allencompassing CPS that covers all the hierarchy components, classes, certificate types etc. However, not all services and products may be commercially available at all points in time. SafeScrypt reserves the sole right to decide when and to whom to offer which type of service. (2). Some of the certificates offered may not be Digital Signature Certificates recognised under the Indian IT Act These certificates include, among others, those digital certificates used for encryption, IPSec certificates and those certificates issued to devices. Please note that while some of these certificates may belong to an existing class by virtue of the level of validation done prior to issue of the certificate, these would not qualify under the Act. (3). SafeScrypt reserves the right and discretion not to accept the request for issue of any Certificate or the class of the Certificates requested for. The verification and validation processes for different hierarchy and classes will be at the discretion of SafeScrypt. For example such processes for SafeScrypt VeriSign Trust Network Public Hierarchy may be more extensive and detailed. (4). In the eventuality of any dispute arising with respect to the CA operations of SafeScrypt VTN Class 2 CA where the CCA is also made a party to, SafeScrypt has agreed to indemnify and hold harmless the CCA and the Government of India against any claim, losses or other prejudice to which CCA or the Government of India may be subjected and CCA and Government of India shall not have any exposure financial or otherwise The Certificate Policy or CP The Certificate Policy or CP is the principal statement of policy governing a PKI hierarchy. It establishes the business, legal, and technical requirements for approving, issuing, managing, using, revoking, and renewing Digital Certificates within the PKI hierarchy and providing associated trust services The India Public Hierarchy and the India CP The SafeScrypt India Public Hierarchy is based on the India Certificate Policy ( India CP ). The requirements established via this CP protect the security and integrity of the India Public Hierarchy and apply to all India Public Hierarchy Participants. More information concerning the India CP is available at The India-RCAI Public Hierarchy and the RCAI CP The SafeScrypt India-RCAI Public Hierarchy is based on the RCAI Certificate Policy ( RCAI CP ). More information concerning the RCAI CP is available at The VTN Public Hierarchy & the VTN CP The SafeScrypt VTN hierarchy being cross certified with the Global VeriSign Trust Network, it follows the operating norms and policies prescribed by the VTN Certificate Policy ( CP ). These requirements established via this CP, called the VTN Standards, protect the security and integrity of the VTN, apply to all VTN Participants, and thereby provide assurances of 4

12 uniform trust throughout the VTN. More information concerning the VTN and VTN Standards is available in the VTN CP. 3 VeriSign and each Affiliate have authority over a portion of the VTN. The portion of the VTN controlled by VeriSign or SafeScrypt or another Affiliate is called its Subdomain of the VTN. An Affiliate s Subdomain consists of the portion of the VTN under its control. SafeScrypt s Subdomain includes entities subordinate to it such as its Customers, Subscribers, and Relying Parties. SafeScrypt, VeriSign and each of the Affiliates have a CPS that governs its Subdomain within the VTN. While the CP sets forth requirements that VTN Participants must meet, this CPS describes how SafeScrypt meets these requirements within SafeScrypt s Subdomain of the VTN, which is primarily located in India. More specifically, this CPS describes the practices that SafeScrypt employs for: securely managing the core infrastructure that supports the VTN, and issuing, managing, revoking, and renewing VTN Certificates within SafeScrypt s Subdomain of the VTN, in accordance with the requirements of the CP and its VTN Standards Overview This CPS is specifically applicable to: SafeScrypt s technical CA s and the sub CA s of Managed PKI Customers 5 which issues Certificates within the SafeScrypt Public Hierarchy comprising of the: o SafeScrypt India Public Hierarchy o SafeScrypt India-RCAI Public Hierarchy o SafeScrypt VTN Public Hierarchy With reference to the VTN hierarchy, the CPS, more generally, also governs the use of VTN services within SafeScrypt s Subdomain of the VTN by all individuals and entities within SafeScrypt s Subdomain (collectively, SafeScrypt Subdomain Participants ). This CPS describes how SafeScrypt meets the CP requirements for each VTN Class within its Subdomain. Thus, the CPS, as a single document, covers practices and procedures concerning the issuance and management of all Certificate Classes within each hierarchy of SafeScrypt. As mentioned at the relevant parts, some of the certificates offered are outside the purview of the 3 The CP is published in electronic form within the VeriSign Repository at VeriSign also makes the CP available in Adobe Acrobat PDF or Word format upon request sent to The CP is available in paper form from the VeriSign Trust Network Policy Management Authority ( PMA ) upon requests sent to: VeriSign, Inc., 487 East Middlefield Road, Mountain View, CA USA, Attn: Practices Development CP. 4 Although VeriSign CAs certify the CAs of Affiliates, the practices relating to an Affiliate are covered in the Affiliate s CPS, rather than this CPS. 5 The Managed PKI Service was formerly known as OnSite. All references to OnSite in this CPS have been changed to Managed PKI. Server OnSite has been changed to Managed PKI for SSL and Global Server OnSite have been changed to Managed PKI for SSL Premium Edition. Customers may still see references to OnSite in other Managed PKI documentation or URLs. The OnSite Service itself has not changed other than the name 5

13 IT Act As discussed in Section 1.0.2, these certificates include those digital certificates performing the encryption function, IPSec certificates and those certificates issued to devices. (a) Role of the SafeScrypt CPS and Other Practices Documents This CPS applies to sub CAs within the SafeScrypt Public Hierarchy comprising of SafeScrypt India Public Hierarchy, SafeScrypt India-RCAI Public Hierarchy, and SafeScrypt Subdomain of the VTN Hierarchy. The CPS describes, among other things: Obligations of Certification Authorities, Registration Authorities, Subscribers, and Relying Parties within the SafeScrypt Public Hierarchy, Legal matters that are covered in Subscriber Agreements and Relying Party Agreements within the SafeScrypt Public Hierarchy, Audit and related security and practices reviews that SafeScrypt and SafeScrypt Participants within the SafeScrypt Public Hierarchy, Methods used within the SafeScrypt Public Hierarchy to confirm the identity of Certificate Applicants for each Class of Certificate, Operational procedures for Certificate lifecycle services undertaken in the SafeScrypt Public Hierarchy: Certificate Applications, issuance, acceptance, revocation, and renewal, Operational security procedures for audit logging, records retention, and disaster recovery used within the SafeScrypt Public Hierarchy, Physical, personnel, key management, and logical security practices of the SafeScrypt Public Hierarchy, Certificate and Certificate Revocation List content within the SafeScrypt Public Hierarchy, and Administration of the CPS, including methods of amending it. The CPS, however, is only one of a set of documents relevant to the SafeScrypt Public Hierarchy. These other documents include: Ancillary security and operational documents that supplement the CPS by providing more detailed requirements, such as: - The SafeScrypt Security Policy which sets forth the Security Principles governing the SafeScrypt Public Key Infrastructure - The Security and Audit Requirements Guide, which describes detailed requirements for SafeScrypt concerning personnel, physical, telecommunications, logical, and cryptographic key management security, - The Enterprise Security Guide, which describes detailed requirements for Managed PKI Customers concerning personnel, physical, telecommunications, logical, and cryptographic key management security, and - Key Ceremony Reference Guide, which presents detailed key management operational requirements. Ancillary agreements imposed by SafeScrypt. These agreements would bind Customers, Subscribers, and Relying Parties of SafeScrypt. Among other things, the agreement(s) flow down the specific standards of each component hierarchy to the hierarchy participants and, in some cases, state specific practices for how they must meet the particular hierarchy s Standards. 6

14 In many instances, the CPS refers to these ancillary documents for specific, detailed practices implementing specific standards where including the specifics in the CPS could compromise the security of the SafeScrypt Public Hierarchy Table 1 is a matrix showing various practices documents, whether they are publicly available, and their locations. The list in Table 1 is not intended to be exhaustive. Note that documents not expressly made public are confidential to preserve the security of the SafeScrypt Public Hierarchy. Documents Status Where Available to the Public Ancillary Security and Operational Documents SafeScrypt Security Policy Confidential N/A Security and Audit Confidential N/A Requirements Guide Key Ceremony Reference Confidential N/A Guide Managed PKI Public Administrator s Handbook Managed PKI Key Public Management Service Administrator s Guide Enterprise Security Guide Confidential N/A Public hierarchy-specific Documents SafeScrypt Certification Practice Statement Public SafeScrypt Repository per CPS See SafeScrypt s ancillary agreements (Managed PKI Agreements, Subscriber Agreements, and Relying Party Agreements) Public, including Managed PKI Lite agreements, but not Managed PKI agreements, which are SafeScrypt Repository per CPS See confidential Public VeriSign Trust Network Certificate Policies Table 1 Availability of Practices Documents VeriSign Repository per CP See (b) Background Concerning Digital Certificates and the various SafeScrypt Public Hierarchy This CPS assumes that the reader is generally familiar with Digital, Signature, PKI, and the SafeScrypt Public Hierarchy. If not, SafeScrypt advises that the reader obtain some training in the use of public key cryptography and public key infrastructure as implemented in the SafeScrypt Public Certifying Authority Services. General educational and training information is accessible from SafeScrypt at Also, specifically in case of the VTN, a brief summary of the roles of the different VTN Participants is set forth in Section 1.1(b) of the VeriSign CP. (c) Compliance with Applicable Standards The practices specified in this CPS have been designed to meet the requirements of the Indian IT Act 2000, its associated Rules and Regulations as well as generally accepted and developing industry standards related to the operation of CAs. 7

15 The structure of this CPS generally corresponds to the Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, known as RFC 2527 of the Internet Engineering Task Force, an Internet standards body. The RFC 2527 framework has become a standard in the PKI industry. This CPS conforms to the RFC 2527 framework in order to make policy mapping and comparisons, assessment, and interoperation easier for persons using or considering using SafeScrypt services Policy Overview As discussed in CPS 1.0.1, SafeScrypt operates a complex PKI Hierarchy with distinct classes for both the wired and wireless Internet and other networks. Each level, or class, of Certificate provides specific functionality, cross certification and security features and corresponds to a specific level and nature of trust. Customers choose which Classes of Certificates they need. The relevant CP describes the various classes of certificates under each component of the SafeScrypt hierarchy in detail. This section summarizes the Certificate Classes offered under the various components of the SafeScrypt Public Hierarchy. a. The SafeScrypt India Public Hierarchy: India Class A Certificates: They offer the lowest level of assurances within the India hierarchy. They are individual Certificates, whose validation procedures are based on assurances that the Subscriber s distinguished name is unique and unambiguous within the CA s Subdomain and that a certain address is associated with a public key. They are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is unnecessary. India Class A certificates do not validate the identity of the subscriber and therefore are not Persona-verified Digital Signature Certificates India Class B Certificates: They offer a medium level of assurances in comparison with the other two Classes in this hierarchy. Again, they are individual Certificates. In addition to the India Class A validation procedures, India Class B validation procedures add procedures based on a comparison of information submitted by the Certificate applicant against information in business records or databases or the database of a SafeScrypt -approved identity proofing service. SafeScrypt reserves the sole right to approve the database or record being used for this validation. They can be used for digital signatures, encryption, and access control, including as proof of identity in transactions. This class is suitable for most business-grade transactions India Class C Certificates: This class of certificates provides the highest level of assurances within the India hierarchy. India Class C Certificates are issued to individuals, organizations, and Administrators for CAs and RAs. India Class C individual Certificates may be used for digital signatures, encryption, and access control, including as proof of identity, in high-value transactions. India Class C individual Certificates provide assurances of the identity of the Subscriber based on the personal (physical) presence of the Subscriber before a person (approved by 8

16 SafeScrypt) that confirms the identity of the Subscriber using, at a minimum, a wellrecognized form of government-issued identification and one other identification credential. SafeScrypt reserves the right to decide which specific forms of identification would be acceptable for validation. In the absence of a government-issued identification, SafeScrypt may prescribe alternate methods of validation. Other India Class C organizational Certificates are issued to devices to provide authentication; message, software, and content integrity; and confidentiality encryption. India Class C organizational Certificates provide assurances of the identity of the Subscriber based on a confirmation that the Subscriber organization does in fact exist, that the organization has authorized the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorized to do so. b. The SafeScrypt India-RCAI Public Hierarchy: India-RCAI Class 1 Certificates: They offer the lowest level of assurances within the SafeScrypt India--RCAI Public hierarchy. They are individual Certificates, whose validation procedures are based on assurances that the Subscriber s distinguished name is unique and unambiguous within the sub CA s Subdomain and that a certain address is associated with a public key. They are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is unnecessary. SafeScrypt India-RCAI Class1 certificates do not validate the identity of the subscriber and therefore are not Persona-verified Digital Signature Certificates India-RCAI Class2 Certificates: They offer a medium level of assurances in comparison with the other two Classes in this hierarchy. Again, they are individual Certificates. In addition to the India-RCAI Class 1 validation procedures, India--RCAI Class 2 validation procedures add procedures based on a comparison of information submitted by the Certificate applicant against information in business records or databases or the database of a SafeScrypt-approved identity proofing service. SafeScrypt reserves the sole right to approve the database or record being used for this validation. They can be used for digital signatures, encryption, and access control, including as proof of identity in transactions. This class is suitable for most business-grade transactions India-RCAI Class 3 Certificates: This class of certificates provides the highest level of assurances within the India-RCAI hierarchy. India-RCAI Class 3 Certificates are issued to individuals, organizations, and Administrators for CAs and RAs. India-RCAI Class 3 individual Certificates may be used for digital signatures, encryption, and access control, including as proof of identity, in high-value transactions. India-RCAI Class 3 individual Certificates provide assurances of the identity of the Subscriber based on the personal (physical) presence of the Subscriber before a person (approved by SafeScrypt) that confirms the identity of the Subscriber using, at a minimum, a well-recognized form of government-issued identification and one other identification credential. SafeScrypt reserves the right to decide which specific forms of identification would be acceptable for validation. In the absence of a government-issued identification, SafeScrypt may prescribe alternate methods of validation. 9

17 Other India-RCAI Class 3 organizational Certificates are issued to devices to provide authentication; message, software, and content integrity; and confidentiality encryption. India-RCAI Class 3 organizational Certificates provide assurances of the identity of the Subscriber based on a confirmation that the Subscriber organization does in fact exist, that the organization has authorized the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorized to do so. c. The SafeScrypt VTN Public Hierarchy: VTN Class 1 Certificates: VTN Class 1 Certificates offer the lowest level of assurances within SafeScrypt s VTN Subdomain. They are individual Certificates, whose validation procedures are based on assurances that the Subscriber s distinguished name is unique and unambiguous within the sub CA s Subdomain and that a certain address is associated with a public key. They are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is unnecessary. VTN Class1 certificates do not validate the identity of the subscriber and therefore are not Persona-verified Digital Signature Certificates. VTN Class 2 Certificates: VTN Class 2 Certificates offer a medium level of assurances in comparison with the other two Classes. Again, they are individual Certificates. In addition to the VTN Class 1 validation procedures, VTN Class 2 validation procedures add procedures based on a comparison of information submitted by the Certificate applicant against information in business records or databases or the database of a SafeScrypt -approved identity proofing service. They can be used for digital signatures, encryption, and access control, including as proof of identity in medium-value transactions. VTN Class 3 Certificates: VTN Class 3 Certificates provide the highest level of assurances within SafeScrypt s VTN Subdomain. VTN Class 3 Certificates are issued to individuals, organizations, and Administrators for CAs and RAs. VTN Class 3 individual Certificates may be used for digital signatures, encryption, and access control, including as proof of identity, in high-value transactions. VTN Class 3 individual Certificates provide assurances of the identity of the Subscriber based on the personal (physical) presence of the Subscriber before a person duly approved by SafeScrypt that confirms the identity of the Subscriber using, at a minimum, a well-recognized form of government-issued identification and one other identification credential. Other VTN Class 3 organizational Certificates are issued to devices to provide authentication; message, software, and content integrity; and confidentiality encryption. VTN Class 3 organizational Certificates provide assurances of the identity of the Subscriber based on a confirmation that the Subscriber organization does in fact exist, that the organization has authorized the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorized to do so. Class 3 organizational Certificates for servers (Secure Server IDs and Global Server IDs) also provide assurances that the Subscriber is entitled to use the domain name listed in the Certificate Application. 10

18 Note: In the eventuality of any dispute arising with respect to the CA operations of SafeScrypt VTN Class 2 CA where the CCA is also made a party to, SafeScrypt has agreed to indemnify and hold harmless the CCA and the Government of India against any claim, losses or other prejudice to which CCA or the Government of India may be subjected and CCA and Government of India shall not have any exposure financial or otherwise. Summary of Certificate Classes offered: Table 2 below summarizes the Certificate Classes offered by SafeScrypt. It sets forth the properties of each Certificate class, based on whether they are issued to individuals or organizations, and whether they are offered on a Retail or Managed PKI basis, or issued to Administrators. The specifications for Classes of Certificates set forth the minimum level of assurances provided for each Class. For example, any India-RCAI Class 2 Certificate may be used for digital signatures, encryption, and access control for applications with medium level of assurance. Nonetheless, by contract or within specific environments (such as an intracompany environment), customers are permitted to use validation procedures stronger than the ones prescribed, or use Certificates for higher security applications than the ones described in CPS 1.1.1, Any such usage, however, shall be limited to such entities and subject to CPS , , and these entities shall be solely responsible for any harm or liability caused by such usage. Class Issued to Services Under Which Certificates are Available 6 SafeScrypt India Public Hierarchy: India Class A India Class B Confirmation of Certificate Applicants Identity (CPS , 3.1.9) Individuals Retail Name and address search to ensure that the distinguished name is unique and unambiguous within the sub CA s Subdomain. Individuals Retail Same as India Class A Retail, plus automated or Administratorinitiated enrolment information check with one or more third-party databases or comparable sources. Applications implemented or contemplated by Users (CPS ) Modestly enhancing the security of through confidentiality encryption, digital signatures, and web-based access control, where proof of identity is unnecessary. Applications requiring a low level of assurances in comparison with the other Classes, such as noncommercial web browsing and e- mail. Enhancing the security of through confidentiality encryption, digital signatures for authentication, and web based access control. Applications 6 Retail Certificates are issued by SafeScrypt, to individuals or organizations applying one by one to SafeScrypt on its web site. Managed PKI Certificates are based on a Certificate Application approved by a Managed PKI Customer that enters into a Managed PKI Agreement with SafeScrypt for the issuance of a certain quantity of Certificates (see CP ). In addition to Retail and Managed PKI Certificates, VTN Certificates are issued, for Administrators of sub CAs and RAs. Administrator Certificates are issued to sub CA or RA Administrators to allow them to perform administrative functions on behalf of the sub CA or RA. 11

19 Class Issued to Services Under Which Certificates are Available 6 India Class C Managed PKI Confirmation of Certificate Applicants Identity (CPS , 3.1.9) Same as India Class A Managed PKI plus checking internal documentation or databases to confirm identity of the Certificate Applicant (e.g., human resources documentation). Individuals Retail Same as India Class A Retail, plus personal presence and check of two or more ID credentials. Organizations Retail Check of third-party database or other documentation showing proof of right to use the organizational name. Validation check by telephone (or comparable procedure) to confirm information in, and authorization of, the Certificate Application. SafeScrypt India-RCAI Public Hierarchy: India- RCAI Class 1 India- RCAI Class 2 Individuals Retail Name and address search to ensure that the distinguished name is unique and unambiguous within the CA s Subdomain. Individuals Retail Same as India-RCAI Class 1 Retail, plus automated or Administrator-initiated enrolment information check with one or more third-party databases or comparable sources. Applications implemented or contemplated by Users (CPS ) requiring a medium level of assurances in comparison with the other Classes, such as some individual and intra- and intercompany , on-line subscriptions, online banking or stock trading, supply chain management & account applications, and password replacement, including as proof of identity for medium-value transactions. Generally used for most Business Grade transactions Enhancing the security of through confidentiality encryption, digital signatures for authentication, and web based access control. Applications requiring a high level of assurances in comparison with the other Classes, such as some online banking, corporate database access, and exchanging confidential information, including as proof of identity for high-value transactions. Server authentication, confidentiality encryption, and (when communicating with other servers) client authentication; authentication, message integrity; and authentication and integrity of software and other content. Modestly enhancing the security of through confidentiality encryption, digital signatures, and web-based access control, where proof of identity is unnecessary. Applications requiring a low level of assurances in comparison with the other Classes, such as noncommercial web browsing and e- mail. Enhancing the security of through confidentiality encryption, digital signatures for authentication, and web based access control. Applications requiring a medium level of 12

20 Class Issued to Services Under Which Certificates are Available 6 India- RCAI Class 3 Confirmation of Certificate Applicants Identity (CPS , 3.1.9) Managed PKI Same as India-RCAI Class 1 Managed PKI plus checking internal documentation or databases to confirm identity of the Certificate Applicant (e.g., human resources documentation). Individuals Retail Same as India-RCAI Class 1 Retail, plus personal presence and check of two or more ID credentials. Organizations Retail Check of third-party database or other documentation showing proof of right to use the organizational name. Validation check by telephone (or comparable procedure) to confirm information in, and authorization of, the Certificate Application SafeScrypt VTN Hierarchy: VTN Class 1 VTN Class 2 Individuals Retail Name and address search to ensure that the distinguished name is unique and unambiguous within the sub CA s Subdomain. Individuals Retail Same as VTN Class 1 Retail, plus automated or Administratorinitiated enrolment information check with one or more third-party databases or comparable sources. Applications implemented or contemplated by Users (CPS ) assurances in comparison with the other Classes, such as some individual and intra- and intercompany , on-line subscriptions, online banking or stock trading, supply chain management & account applications, and password replacement, including as proof of identity for medium-value transactions.. Generally used for most Business Grade transactions Enhancing the security of through confidentiality encryption, digital signatures for authentication, and web based access control. Applications requiring a high level of assurances in comparison with the other Classes, such as some online banking, corporate database access, and exchanging confidential information, including as proof of identity for high-value transactions. Server authentication, confidentiality encryption, and (when communicating with other servers) client authentication, message integrity; and authentication and integrity of software and other content. Modestly enhancing the security of through confidentiality encryption, digital signatures, and web-based access control, where proof of identity is unnecessary. Applications requiring a low level of assurances in comparison with the other Classes, such as noncommercial web browsing and e- mail. Enhancing the security of through confidentiality encryption, digital signatures for authentication, and web based access control. Applications 13

21 Class Issued to Services Under Which Certificates are Available 6 VTN Class 3 Individuals Organizations Managed PKI Retail Administrators Retail Confirmation of Certificate Applicants Identity (CPS , 3.1.9) Same as VTN Class 1 Managed PKI plus checking internal documentation or databases to confirm identity of the Certificate Applicant (e.g., human resources documentation). Same as VTN Class 1 Retail, plus personal presence and check of two or more ID credentials. Specialized confirmation procedures depending upon the type of Administrator. The identity of the Administrator and the organization utilizing the Administrator are confirmed. See also CPS Check of third-party database or other documentation showing proof of right to use the organizational name. Validation check by telephone (or comparable procedure) to confirm information in, and authorization of, the Certificate Application. In the case of web server Certificates, confirmation that the Certificate Applicant has the right to use the domain name to be placed in the Certificate. Managed PKI Validation of Managed PKI for SSL Customer or Managed PKI for SSL Premium Edition Customer as in Class 3 organizational Retail, plus validation of Managed PKI Administrator. Table 2 - Certificate Properties Affecting Trust Applications implemented or contemplated by Users (CPS ) requiring a medium level of assurances in comparison with the other Classes, such as some individual and intra- and intercompany , on-line subscriptions, account applications, and password replacement, including as proof of identity for medium-value transactions. Enhancing the security of through confidentiality encryption, digital signatures for authentication, and web based access control. Applications requiring a high level of assurances in comparison with the other Classes, such as some online banking, corporate database access, and exchanging confidential information, including as proof of identity for high-value transactions. Administrator functions. Server authentication, confidentiality encryption, and (when communicating with other servers) client authentication (Secure Server ID, Global Server ID Certificates); authentication, message integrity; and authentication and integrity of software and other content. Server authentication, confidentiality encryption, and (when communicating with other properly enabled servers) client authentication (Secure Server ID and Global Server ID). 14

VeriSign Trust Network Certificate Policies

VeriSign Trust Network Certificate Policies VeriSign Trust Network Certificate Policies Version 1.3 Effective Date: March 31, 2004 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com VeriSign

More information

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage...

1.1.1 Additional requirements for Trusted Root Issuer CAs Appropriate Certificate Usage Prohibited Certificate Usage... 1.1.1 Additional requirements for Trusted Root Issuer CAs... 10 1.3.1 Certification Authorities ( Issuer CAs )... 11 1.3.2 Registration Authorities... 11 1.3.3 Subscribers... 12 1.3.4 Relying Parties...

More information

VeriSign Trust Network Certificate Policies

VeriSign Trust Network Certificate Policies VeriSign Trust Network Certificate Policies Version 2.8.1 Effective Date: February 1, 2009 VeriSign, Inc. 487 E. Middlefield Road Mountain View, CA 94043 USA +1 650.961.7500 http//:www.verisign.com - 1-

More information

thawte Certification Practice Statement Version 2.3

thawte Certification Practice Statement Version 2.3 thawte Certification Practice Statement Version 2.3 Effective Date: July, 2006 thawte Certification Practice Statement 2006 thawte, Inc. All rights reserved. Printed in the United States of America. Revision

More information

KIBS Certification Practice Statement for non-qualified Certificates

KIBS Certification Practice Statement for non-qualified Certificates KIBS Certification Practice Statement for non-qualified Certificates Version 1.0 Effective Date: September, 2012 KIBS AD Skopje Kuzman Josifovski Pitu 1 1000, Skopje, Republic of Macedonia Phone number:

More information

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement

Polish Grid Certification Authority Certificate Policy and Certification Practice Statement Polish Grid Certification Authority Certificate Policy and Certification Practice Statement version 0.4 (DRAFT ) September 2, 2002 1 1 Introduction 1.1 Overview This document is written according to the

More information

thawte Certification Practice Statement

thawte Certification Practice Statement thawte Certification Practice Statement Version 3.7.5 Effective Date: 4 June, 2012 (All CA/Browser Forum-specific requirements are effective on July 1, 2012) thawte Certification Practice Statement 2012

More information

Version 3.0. Effective Date: 15 october, 2008

Version 3.0. Effective Date: 15 october, 2008 Getronics Version 3.0 Effective Date: 15 october, 2008 Getronics Nederland B.V. Fauststraat 1 P.O. Box 9105 7300 HN Apeldoorn The Netherlands Phone: +31 (0)20 570 4511 http://www.pki.getronicspinkroccade.nl

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.5 Effective Date: September 8, 2011 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 http//:www.symantec.com

More information

Certificate Policy for the Government Public Key Infrastructure

Certificate Policy for the Government Public Key Infrastructure Certificate Policy for the Government Public Key Infrastructure Version 1.7 Administrative Organization: National Development Council Executive Organization: ChungHwa Telecom Co., Ltd. January 31, 2013

More information

Advantage Security Certification Practice Statement

Advantage Security Certification Practice Statement Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro

More information

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY

The Boeing Company. Boeing Commercial Airline PKI. Basic Assurance CERTIFICATE POLICY The Boeing Company Boeing Commercial Airline PKI Basic Assurance CERTIFICATE POLICY Version 1.4 PA Board Approved: 7-19-2013 via e-mal PKI-233 BCA PKI Basic Assurance Certificate Policy Page 1 of 69 Signature

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc.

THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Published By: RSA Security Inc. THE RSA ROOT SIGNING SERVICE Certification Practice Statement For RSA Certificate Authorities (CAs) Last Revision Date: June 28, 2007 Version: 3.0 Published By: RSA Security Inc. Copyright 2002-2007 by

More information

CMS Illinois Department of Central Management Services

CMS Illinois Department of Central Management Services CMS Illinois Department of Central Management Services State of Illinois Public Key Infrastructure Certification Practices Statement For Digital Signature And Encryption Applications Version 3.3 (IETF

More information

Dexia Root CA Certification Practice Statement. Version 1.0

Dexia Root CA Certification Practice Statement. Version 1.0 Dexia Root CA Certification Practice Statement Version 1.0 Version History Version Description Date Author 0.1 Initial Draft 17 September 2001 Jan Raes 0.2 Minor adaptation after review PA 16 October 2001

More information

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Apple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc. Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.

More information

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Version 1.8 May 30, 2006 i Starfield CP-CPS V1.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None

CERTIFICATION PRACTICE STATEMENT. Document version: 1.2 Date: 15 September OID for this CPS: None CERTIFICATION PRACTICE STATEMENT Document version: 1.2 Date: 15 September 2007 OID for this CPS: None Information in this document is subject to change without notice. No part of this document may be copied,

More information

Vodafone Group CA Web Server Certificate Policy

Vodafone Group CA Web Server Certificate Policy Vodafone Group CA Web Server Certificate Policy Publication Date: 06/09/10 Copyright 2010 Vodafone Group Table of Contents Acknowledgments... 1 1. INTRODUCTION... 2 1.1 Overview... 3 1.2 Document Name

More information

Certification Practice Statement

Certification Practice Statement Certification Practice Statement Version 2.0 Effective Date: October 1, 2006 Continovation Services Inc. (CSI) Certification Practice Statement 2006 Continovation Services Inc. All rights reserved. Trademark

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0)

TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0) TAIWAN-CA INC. Public Key Infrastructure Certificate Policy (Version 2.0) Effective Date: 23 November 2012 1 Revision Record Rev Effective Date Issuer Note 1.0 1 Apr 2001 TaiCA PMA CP first issue 1.1 1

More information

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc.

apple WWDR Certification Practice Statement Version 1.8 June 11, 2012 Apple Inc. Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.8 Effective Date: June 11, 2012 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2.

More information

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, Inc. Certificate Policy and Certification Practice Statement (CP/CPS) Version 2.4 June 15, 2009 i Starfield CP-CPS V2.4 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

Subscriber Agreement with from SafeScrypt CA SAFESCRYPT CA RCAI HIERARCHY

Subscriber Agreement with from SafeScrypt CA SAFESCRYPT CA RCAI HIERARCHY Subscriber Agreement with from SAFESCRYPT CA RCAI HIERARCHY YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A DIGITAL CERTIFICATE OR DIGITAL ID

More information

X.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA)

X.509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA) .509 Certification Practices Statement for the U.S. Government Printing Office Principal Certification Authority (GPO-PCA) June 11, 2007 FINAL Version 1.6.1 FOR OFFICIAL USE ONLY SIGNATURE PAGE U.S. Government

More information

epki Root Certification Authority Certification Practice Statement Version 1.2

epki Root Certification Authority Certification Practice Statement Version 1.2 epki Root Certification Authority Certification Practice Statement Version 1.2 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1 1.1.1 Certification Practice Statement...

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

L@Wtrust Class 3 Registration Authority Charter

L@Wtrust Class 3 Registration Authority Charter Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.1 January, 2009 Table of Contents: TABLE OF CONTENTS:...2 1. INTRODUCTION...7 1.1 OVERVIEW...7 1.2 DOCUMENT

More information

[COMPANY CA] Certification Practice Statement

[COMPANY CA] Certification Practice Statement Certification Practice Statement Date: [PUBLICATION DATE] Version: v. X.X Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...3 1.2

More information

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...

More information

Gandi CA Certification Practice Statement

Gandi CA Certification Practice Statement Gandi CA Certification Practice Statement Gandi SAS 15 Place de la Nation Paris 75011 France Version 1.0 TABLE OF CONTENTS 1.INTRODUCTION...10 1.1.Overview...10 1.2.Document Name and Identification...10

More information

Symantec Trust Network (STN) Certificate Policy

Symantec Trust Network (STN) Certificate Policy Symantec Trust Network (STN) Certificate Policy Version 2.8.20 May 20, 2016 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA +1 650.527.8000 www.symantec.com - i - Symantec Trust Network

More information

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions

Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions Federal Reserve Certification Authority (FR-CA) Certification Practice Statement for United States Treasury Auctions 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Bank of New York ( FRBNY ) acts as

More information

phicert Direct Certificate Policy and Certification Practices Statement

phicert Direct Certificate Policy and Certification Practices Statement phicert Direct Certificate Policy and Certification Practices Statement Version 1. 1 Effective Date: March 31, 2014 Copyright 2013-2014 EMR Direct. All rights reserved. [Trademark Notices] phicert is a

More information

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY

SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY SAUDI NATIONAL ROOT-CA CERTIFICATE POLICY Document Classification: Public Version Number: 2.5 Issue Date: June 25, 2015 National Center for Digital Certification Policies and Regulations Department Digitally

More information

Equens Certificate Policy

Equens Certificate Policy Equens Certificate Policy WebServices and Connectivity Final H.C. van der Wijck 11 March 2015 Classification: Open Version 3.0 Version history Version no. Version date Status Edited by Most important edit(s)

More information

e-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013

e-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013 e-mudhra CPS e-mudhra CERTIFICATION PRACTICE STATEMENT VERSION 2.1 (emcsl/e-mudhra/doc/cps/2.1) Date of Publication: 11 February 2013 e-mudhra emudhra Consumer Services Ltd., 3rd Floor, Sai Arcade, Outer

More information

Vodafone Group CA Automated Code- Signing Certificate Policy

Vodafone Group CA Automated Code- Signing Certificate Policy Vodafone Group CA Automated Code- Signing Certificate Policy Publication Date: 05/05/09 Copyright 2009 Vodafone Group Table of Contents Acknowledgments...1 1. INTRODUCTION...2 1.1 Overview...3 1.2 Document

More information

CERTIFICATION PRACTICE STATEMENT (CPS)

CERTIFICATION PRACTICE STATEMENT (CPS) CERTIFICATION PRACTICE STATEMENT (CPS) Published by emudhra Limited 3rd Floor, Sai Arcade, Outer Ring Road, Devarabeesanahalli Bengaluru - 560103, Karnataka, India Phone: +91 80 43360000 Fax: +91 80 42275306

More information

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. July 2011 Version 2.0. Copyright 2006-2011, The Walt Disney Company THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY July 2011 Version 2.0 Copyright 2006-2011, The Walt Disney Company Version Control Version Revision Date Revision Description Revised

More information

Public Key Certification Infrastructure

Public Key Certification Infrastructure Public Key Certification Infrastructure Petr Hanácek hanacek@dcse.fee.vutbr.cz Faculty of Electrical Engineering and Computer Science Brno University of Technology Abstract Jan Staudek staudek@fi.muni.cz

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement Version: 2.13 February 12, 2016 2016 Entrust Limited. All rights reserved. Revision History Issue Date Changes in this Revision 1.0 May 26,

More information

Adobe Systems Incorporated. Adobe Root CA Certification Practice Statement. Revision #5. Revision History

Adobe Systems Incorporated. Adobe Root CA Certification Practice Statement. Revision #5. Revision History Adobe Systems Incorporated Adobe Root CA Revision #5 Revision History Rev # Date Author Description of Change(s) 1 4/1/03 Deloitte & Touche First draft 2 4/7/03 Deloitte & Touche Further refinements 3

More information

TR-GRID CERTIFICATION AUTHORITY

TR-GRID CERTIFICATION AUTHORITY TR-GRID CERTIFICATION AUTHORITY CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT Version 2.3 May 15, 2014 Table of Contents TABLE OF CONTENTS:... 2 1. INTRODUCTION... 7 1.1 OVERVIEW... 7 1.2 DOCUMENT

More information

Trusted Certificate Service

Trusted Certificate Service TCS Server and Code Signing Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service TCS Server CAs, escience Server CA, and Code Signing CA Certificate Practice Statement Version 2.0

More information

Ford Motor Company CA Certification Practice Statement

Ford Motor Company CA Certification Practice Statement Certification Practice Statement Date: February 21, 2008 Version: 1.0.1 Table of Contents Document History... 1 Acknowledgments... 1 1. Introduction... 2 1.1 Overview... 3 1.2 Ford Motor Company Certificate

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP)

Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP) Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP) Version 8.10 April 2016 Copyright, Lockheed Martin, 2016 Questions or comments regarding the Lockheed Martin epki Certification

More information

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States

Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States Globe Hosting Certification Authority Globe Hosting, Inc. 501 Silverside Road, Suite 105, Wilmington, DE 19809, County of New Castle, United States www.globessl.com TABLE OF CONTENTS 1. INTRODUCTION...

More information

Certificate Policy. SWIFT Qualified Certificates SWIFT

Certificate Policy. SWIFT Qualified Certificates SWIFT SWIFT SWIFT Qualified Certificates Certificate Policy This Certificate Policy applies to Qualified Certificates issued by SWIFT. It indicates the requirements and procedures to be followed, and the responsibilities

More information

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1.

REVENUE ON-LINE SERVICE CERTIFICATE POLICY. Document Version 1.2 Date: 15 September 2007. OID for this CP: 1.2.372.980003.1.1.1.1. REVENUE ON-LINE SERVICE CERTIFICATE POLICY Document Version 1.2 Date: 15 September 2007 OID for this CP: 1.2.372.980003.1.1.1.1.1 No part of this document may be copied, reproduced, translated, or reduced

More information

EuropeanSSL Secure Certification Practice Statement

EuropeanSSL Secure Certification Practice Statement EuropeanSSL Secure Certification Practice Statement Eunetic GmbH Version 1.0 14 July 2008 Wagnerstrasse 25 76448 Durmersheim Tel: +49 (0) 180 / 386 384 2 Fax: +49 (0) 180 / 329 329 329 www.eunetic.eu TABLE

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

InCommon Certification Practices Statement. Client Certificates

InCommon Certification Practices Statement. Client Certificates InCommon Certification Practices Statement for Client Certificates 14 February 2011 Version 1.0 Latest version: 14 February 2011 This version: 14 February 2011 Table of Contents 1 INTRODUCTION... 4 1.1

More information

Fraunhofer Corporate PKI. Certification Practice Statement

Fraunhofer Corporate PKI. Certification Practice Statement Fraunhofer Corporate PKI Certification Practice Statement Version 1.1 Published in June 2012 Object Identifier of this Document: 1.3.6.1.4.1.778.80.3.2.1 Contact: Fraunhofer Competence Center PKI Fraunhofer

More information

Northrop Grumman Enterprise Public Key Infrastructure Certificate Policy

Northrop Grumman Enterprise Public Key Infrastructure Certificate Policy Northrop Grumman Enterprise Public Key Infrastructure Certificate Policy Version 1.8 Copyright, Northrop Grumman, 2006 1-1 Document Change History NG PKI Certificate Policy VER DATE INFORMATION AFFECTED

More information

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS)

Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Symantec External Certificate Authority Key Recovery Practice Statement (KRPS) Version 2 24 April 2013 (Portions of this document have been redacted.) Symantec Corporation 350 Ellis Street Mountain View,

More information

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement

Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Malaysian Identity Federation and Access Management Certification Authority Certificate Policy and Certification Practice Statement Version 2.2 Document OID: 1.3.6.1.4.1.36355.2.1.2.2 February 2012 Contents

More information

X.509 Certificate Policy for India PKI

X.509 Certificate Policy for India PKI X.509 Certificate Policy for India PKI Version 1.4 May 2015 Controller of Certifying Authorities Department of Information Technology Ministry of Communications and Information Technology Document Control

More information

Symantec Managed PKI (MPKI) for Adobe Approved Trust List (AATL)

Symantec Managed PKI (MPKI) for Adobe Approved Trust List (AATL) Symantec Managed PKI (MPKI) for Adobe Approved Trust List (AATL) Certification Practice Statement Version 1.0 9 Feb 2015 Symantec Corporation 350 Ellis Street Mountain View, CA 94043 +1 650.527.8000 http://www.symantec.com

More information

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00

Registration Practices Statement. Grid Registration Authority Approved December, 2011 Version 1.00 Registration Practices Statement Grid Registration Authority Approved December, 2011 Version 1.00 i TABLE OF CONTENTS 1. Introduction... 1 1.1. Overview... 1 1.2. Document name and Identification... 1

More information

Trustwave Holdings, Inc

Trustwave Holdings, Inc Trustwave Holdings, Inc Certificate Policy and Certification Practices Statement Version 2.9 Effective Date: July 13, 2010 This document contains Certification Practices and Certificate Policies applicable

More information

InCommon Certification Practices Statement. Server Certificates

InCommon Certification Practices Statement. Server Certificates InCommon Certification Practices Statement for Server Certificates 16 August 2010 Version 1.0 Latest version: https://www.incommon.org/cert/repository/cps_ssl.pdf This version: https://www.incommon.org/cert/repository/cps_ssl_20100816.pdf

More information

INFN CA Certificate Policy and Certification Practice Statement. Version 2.3

INFN CA Certificate Policy and Certification Practice Statement. Version 2.3 INFN CA Certificate Policy and Certification Practice Statement Version 2.3 February, 12 2008 The PDF version of this document has been signed with following PGP key pub 1024R/5BA9D271 1997-11-25 Roberto

More information

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS)

Starfield Technologies, LLC. Certificate Policy and Certification Practice Statement (CP/CPS) Starfield Technologies, LLC Certificate Policy and Certification Practice Statement (CP/CPS) Version 3.8 April 15, 2016 i Starfield CP-CPS V3.8 Table of Contents 1 Introduction... 1 1.1 Overview... 1 1.2

More information

ENTRUST CERTIFICATE SERVICES

ENTRUST CERTIFICATE SERVICES ENTRUST CERTIFICATE SERVICES Certification Practice Statement Version: 2.12 April 6, 2015 2015 Entrust Limited. All rights reserved. Revision History Issue Date Changes in this Revision 1.0 May 26, 1999

More information

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3.

California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority. Version 3. California Independent System Operator Certification Practice Statement for Basic Assurance Certification Authority Version 3.4 April 2015 Table of Contents 1.0 INTRODUCTION... 8 1.1 OVERVIEW... 8 1.2

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT

CA Certificate Policy. SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT CA Certificate Policy SCHEDULE 1 to the SERVICE PROVIDER AGREEMENT This page is intentionally left blank. 2 ODETTE CA Certificate Policy Version Number Issue Date Changed By 1.0 1 st April 2009 Original

More information

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: 2006-11-17. Version: Rev A. Published by: TeliaSonera Sverige AB Document no 1/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev A TeliaSonera Public Root CA Certification Practice Statement Revision Date: 2006-11-17 Version: Rev A Published

More information

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0

TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT. Version 2.0 TREND MICRO SSL CERTIFICATION PRACTICE STATEMENT Version 2.0 Effective Date: 14 April 2015 TABLE OF CONTENTS 1. INTRODUCTION 1.1 Overview 1.2 Document name and identification 1.3 PKI participants 1.3.1

More information

Trusted Certificate Service (TCS)

Trusted Certificate Service (TCS) TCS Personal and escience Personal CA CPS Version 2.0 (rev 15) Page 1/40 Trusted Certificate Service (TCS) TCS Personal CA, escience Personal CA, and Document Signing CA Certificate Practice Statement

More information

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015

ING Public Key Infrastructure Certificate Practice Statement. Version 5.3 - June 2015 ING Public Key Infrastructure Certificate Practice Statement Version 5.3 - June 2015 Colophon Commissioned by Additional copies ING Corporate PKI Policy Approval Authority Additional copies of this document

More information

ING Public Key Infrastructure Technical Certificate Policy

ING Public Key Infrastructure Technical Certificate Policy ING Public Key Infrastructure Technical Certificate Policy Version 5.1 - May 2010 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Of this document can be obtained via the ING

More information

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2 American International Group, Inc. DNS Practice Statement for the AIG Zone Version 0.2 1 Table of contents 1 INTRODUCTION... 6 1.1 Overview...6 1.2 Document Name and Identification...6 1.3 Community and

More information

SSL.com Certification Practice Statement

SSL.com Certification Practice Statement SSL.com Certification Practice Statement SSL.com Version 1.0 February 15, 2012 2260 W Holcombe Blvd Ste 700 Houston, Texas, 77019 US Tel: +1 SSL-CERTIFICATE (+1-775-237-8434) Fax: +1 832-201-7706 www.ssl.com

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June 2009. Version: 1.0

Telia hardware based e-legitimation v2. Certification Practice Statement. Revision Date: 10 th June 2009. Version: 1.0 Document no 4/011 01-AZDA 102 213 TeliaSonera Sverige AB Certification Practice Statement Rev. 1.0 Telia hardware based e-legitimation v2 Certification Practice Statement Revision Date: 10 th June 2009

More information

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS)

Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) [Draft] Bangladesh Bank Certification Authority (BBCA) Certification Practice Statement (CPS) Version: 1.00 August, 2015 Bangladesh Bank Page 2 of 42 Document Reference Title Document Type Bangladesh Bank

More information

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1

TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 TrustAssured Service Policy (PKI) Disclosure Statement Version 1.1 1. Contact Information Enquiries or other communications about this statement should be addressed to: The Royal Bank of Scotland TrustAssured

More information

PostSignum CA Certification Policy applicable to qualified certificates for electronic signature

PostSignum CA Certification Policy applicable to qualified certificates for electronic signature PostSignum CA Certification Policy applicable to qualified certificates for electronic signature Version 1.0 7565 Page 1/67 TABLE OF CONTENTS 1 Introduction... 10 1.1 Overview... 10 1.2 Document Name and

More information

Committee on National Security Systems

Committee on National Security Systems Committee on National Security Systems CNSS Instruction No. 1300 October 2009 INSTRUCTION FOR NATIONAL SECURITY SYSTEMS PUBLIC KEY INFRASTRUCTURE X.509 CERTIFICATE POLICY Under CNSS Policy No. 25 National

More information

TeliaSonera Server Certificate Policy and Certification Practice Statement

TeliaSonera Server Certificate Policy and Certification Practice Statement TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA

More information

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT

NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT NCDC GOVERNMENT-CA PKI DISCLOSURE STATEMENT Document Classification: Public Version Number: 1.5 Issue Date: June 11, 2015 Copyright 2015 National Center for Digital Certification, Kingdom of Saudi Arabia.

More information

Metropolitan Police Service Enterprise PKI. Root Certificate Authority, Certificate Policy. Version 6.1 10 th February 2012 NOT PROTECTIVELY MARKED

Metropolitan Police Service Enterprise PKI. Root Certificate Authority, Certificate Policy. Version 6.1 10 th February 2012 NOT PROTECTIVELY MARKED Metropolitan Police Service Enterprise PKI Root Certificate Authority, Certificate Policy Version 6.1 10 th February 2012 Version Control Issue Release Date Comments A 02/11/07 First draft release of CP

More information

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates

SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates SwissSign Certificate Policy and Certification Practice Statement for Gold Certificates Version March 2004 Version 2004-03 SwissSign Gold CP/CPS Page 1 of 66 Table of Contents 1. INTRODUCTION...9 1.1 Overview...

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1

- X.509 PKI EMAIL SECURITY GATEWAY. Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 - X.509 PKI EMAIL SECURITY GATEWAY Certificate Policy (CP) & Certification Practice Statement (CPS) Edition 1.1 Commerzbank AG - Page 1 Document control: Title: Description : RFC Schema: Authors: Commerzbank

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

StartCom Certification Authority

StartCom Certification Authority StartCom Certification Authority Intermediate Certification Authority Policy Appendix Version: 1.5 Status: Final Updated: 05/04/11 Copyright: Start Commercial (StartCom) Ltd. Author: Eddy Nigg Introduction

More information

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5

Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Public Certification Authority Certification Practice Statement of Chunghwa Telecom (PublicCA CPS) Version 1.5 Chunghwa Telecom Co., Ltd. August 21, 2015 Contents 1. INTRODUCTION... 1 1.1 OVERVIEW... 1

More information

ACXIOM. PUBLIC KEY INFRASTRUCTURE Certificate Policy Version 5.5

ACXIOM. PUBLIC KEY INFRASTRUCTURE Certificate Policy Version 5.5 ACXIOM PUBLIC KEY INFRASTRUCTURE Certificate Policy Version 5.5 Date: 19 Mar 2007 Certificate Policy Version 5.5 LEGAL DISCLAIMIER acknowledges that no portion of this document is intended or shall be

More information

GlobalSign CA Certificate Policy

GlobalSign CA Certificate Policy GlobalSign CA Certificate Policy Date: December 17 th 2007 Version: v.3.0 Table of Contents Document History...1 Acknowledgments...2 1. Introduction...3 1.1 Overview...4 1.1.1 GlobalSign Rootsign...5 1.1.2

More information