|
Posted by Brian Komar on January 29, 2008, 7:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Kristen,
Two resources you need to keep in mind:
1) For a description of a CPS, please see RFC 3647. This gives you an idea
of what is involved in the policy side of a PKI. You have been focusing on
the technical side, and are omitting the policy side (personally, I feel
that a PKI is 90 % policy and only 10% technical). Another good resource is
the FBCA CP (http://www.cio.gov/fpkipa/documents/FBCA_CP_RFC3647.pdf).
2) Policy is enforced by written policy and people following these policies.
If you do not follow the policy, an audit can result in a tear down and
rebuild scenario.
Brian
>I am still not completely sure as to the functions of a Policy CA. I
> understand that it is an intermediate CA.
>
> And I understand the definition found on Technet (below). What I am not
> clear on is HOW it describes these policies and how it forces other CAs
> below
> it to abide by the rules.
>
> I have added specific questions in line below:
>
> Thanks! Kristin
>
> Policy CA definition on Technet:
>
> The role of a policy CA is to describe the policies and procedures that an
> organization implements to secure its PKI, the processes that validate the
> identity of certificate holders, and the processes that enforce the
> procedures that manage certificates.
>
> ---> how does it decribe the procedures? I know about the website URL for
> policy statements, but how does it describe the processes and procedures?
> What form do they take? A website with text? A template?
>
> A policy CA issues certificates only to
> other CAs. The CAs that receive these certificates must uphold and enforce
> the policies that the policy CA defined.
>
> ----> How are the chiild CAs forced to uphold and enforce the policies?
>
> It is not mandatory to use policy CAs unless different divisions, sectors,
> or locations of your organization require different issuance policies and
> procedures. However, if your organization requires different issuance
> policies and procedures, you must add policy CAs to the hierarchy to
> define
> each unique policy.
>
> ---> How are the policies defined? Are they done in the .inf files? What
> makes up the policy exactly?
>
> For example, an organization can implement one policy CA
> for all certificates that it issues internally to employees and another
> policy CA for all certificates that it issues to non-employees.
>
>
> Thanks,
>
> Kristin
>
| 
XML site map