VeriSign External Certification Authority Certification .
2y ago
80 Views
1 Downloads
326.28 KB
89 Pages
Report/dmca
Download PDF

Transcription

VeriSignExternal Certification AuthorityCertification Practice StatementVersion 1.2(Portions of this document have been redacted in accordance with the ECA Certificate Policy)21 December 2007COPYRIGHT 2007 VERISIGN, INC. ALL RIGHTS RESERVED1

VeriSign ECA Certification Practice Statement 2007 VeriSign, Inc. All rights reserved.Printed in the United States of America.Revision Date: December 2007Trademark NoticesVeriSign is a registered trademark of VeriSign, Inc. The VeriSign logo is a service markof VeriSign, Inc. Other trademarks and service marks in this document are the propertyof their respective owners.Without limiting the rights reserved above, and except as licensed below, no part of thispublication may be reproduced, stored in or introduced into a retrieval system, ortransmitted, in any form or by any means (electronic, mechanical, photocopying,recording, or otherwise), without prior written permission of VeriSign, Inc.Notwithstanding the above, permission is granted to reproduce and distribute thisVeriSign ECA Certificate Practice Statement on a nonexclusive, royalty-free basis,provided that (i) the foregoing copyright notice and the beginning paragraphs areprominently displayed at the beginning of each copy, and (ii) this document is accuratelyreproduced in full, complete with attribution of the document to VeriSign, Inc.Requests for any other permission to reproduce this ECA Certificate Practice Statement(as well as requests for copies from VeriSign) must be addressed to:VeriSign, Inc.487 East Middlefield RoadMountain View, CA 94043 USAAttn: Practices Development.Tel: 1 650.961.7500Fax: 1-650-335-1077eca-practices@verisign.com.COPYRIGHT 2007 VERISIGN, INC. ALL RIGHTS RESERVED2

TABLE OF CONTENTS1. INTRODUCTION .71.1 OVERVIEW .71.2 POLICY IDENTIFICATION .81.3 COMMUNITY AND APPLICABILITY .81.3.1 PKI Authorities .91.3.2. Trusted Entities .121.3.3 Related Authorities.131.3.4 End Entities .141.3.5 Applicability .141.4 CONTACT DETAILS .161.4.1 Specification Administration Organization.161.4.2 Contact Persons .161.4.3 Person Determining CPS Suitability for the Policy .172.GENERAL PROVISIONS .182.1 OBLIGATIONS.182.1.1 CA Obligations.182.1.2 RA Obligations.202.1.3 Trusted Agent Obligations .202.1.4 Subscriber Obligations.202.1.5 Relying Party Obligations.212.1.6 Repository Obligations.212.1.7 Certificate Status Authority Obligations .222.2 LIABILITY .222.2.1 Warranties and Limitations on Warranties.222.2.2 Disclaimers of Warranty and Liability.232.2.3 Limitations of Liability.242.2.4 Other Exclusions .242.2.5 US Federal Government Liability .252.3 FINANCIAL RESPONSIBILITY .252.3.1 Subscriber’s Liability and Indemnity .252.3.2 Fiduciary Relationships .252.3.3 Administrative Processes .252.4 INTERPRETATION AND ENFORCEMENT .262.4.1 Interpretation .262.4.2 Severability, Survival, Merger, and Notice .272.4.3 Dispute Resolution Procedures and Choice of Forum.282.4.4 Successors and Assigns .292.4.5 No Waiver .292.4.6 Compliance with Export Laws and Regulations .292.4.7 Choice of Cryptographic Methods .292.4.8 Force Majeure.292.5 FEES.292.5.1 Certificate Issuance or Renewal Fees .292.5.2 Certificate Access Fees .302.5.3 Revocation or Status Information Access Fees .302.5.4 Fees for Other Services.302.5.5 Refund Policy .302.6 PUBLICATION AND REPOSITORIES .302.6.1 Publication of CA Information.302.6.2 Frequency of Publication .312.6.3 Access Controls.312.6.4 Repositories.312.7 COMPLIANCE AUDIT .32COPYRIGHT 2007 VERISIGN, INC. ALL RIGHTS RESERVED3

2.7.1 Frequency of Compliance Audit.322.7.2 Identity/Qualifications of Reviewer.322.7.3 Auditor's Relationship to Audited Party.322.7.4 Topics Covered by Compliance Audit .322.7.5 Actions Taken as a Result of Deficiency .332.7.6 Communication of Results.332.8 CONFIDENTIALITY .332.8.1 Types of Information to Be Kept Confidential.332.8.2 Information Release Circumstances.332.9 INTELLECTUAL PROPERTY RIGHTS .333. IDENTIFICATION AND AUTHENTICATION .353.1 INITIAL REGISTRATION .353.1.1 Types of Names .353.1.2 Need for Names to be Meaningful.353.1.3 Rules for Interpreting Various Name Forms.353.1.4 Uniqueness of Names .353.1.5 Name Claim Dispute Procedure .353.1.6 Recognition, authentication, and role of trademarks .353.1.7 Method to prove possession of private key.363.1.8 Authentication of Organization Identity.363.1.9 Authentication of Individual Identity and Citizenship.363.1.10 Authentication of Component Identities .393.2 CERTIFICATE RENEWAL, UPDATE, AND ROUTINE RE-KEY .403.2.1 Certificate Re-key.403.2.2 Certificate Renewal.413.2.3 Certificate update.413.3 RE-KEY AFTER REVOCATION.413.4 REVOCATION REQUEST .414. OPERATIONAL REQUIREMENTS.434.1 CERTIFICATE APPLICATION .434.1.1 Delivery of Subscriber’s Public Key to Certificate Issuer .444.2 CERTIFICATE ISSUANCE .444.2.1 Delivery of Subscriber’s Private Key to Subscriber.454.2.2 CA Public Key Delivery to Users.464.3 Certificate Acceptance .464.4 Certificate Suspension and Revocation.474.4.1 Revocation.474.4.2 Suspension.484.4.3 Certificate Revocation Lists .494.4.4 Online Status Checking .494.4.5 Other Forms of Revocation Advertisements Available.494.4.6 Special Requirements Related to Key Compromise .494.5 SECURITY AUDIT PROCEDURES .494.5.1 Types of Events Recorded .494.6 RECORDS ARCHIVAL .504.6.1 Types of Data Archived.504.6.2 Retention Period for Archive.504.7 KEY CHANGEOVER .504.8 COMPROMISE AND DISASTER RECOVERY .504.8.1 Compromise recovery .504.8.2 Disaster Recovery .514.9 CA TERMINATION.515. PHYSICAL, PROCEDURAL AND PERSONNEL SECURITY CONTROLS.525.1 PHYSICAL CONTROLS .52COPYRIGHT 2007 VERISIGN, INC. ALL RIGHTS RESERVED4

5.2 PROCEDURAL CONTROLS .525.2.1 Trusted Roles.525.2.1.5 Trusted Agent .525.2.1.6 PKI Sponsor .525.2.2 Separation of Roles .535.3 PERSONNEL SECURITY CONTROLS .535.3.1 Background, Qualifications, Experience and Clearance Requirements .535.3.2 Background Check Procedures.535.3.3 Training Requirements.535.3.4 Retraining Frequency and Requirements.545.3.5 Job Rotation Frequency and Sequence .545.3.6 Sanctions for Unauthorized Actions.

Agreement (MOA) and the Certificate Policy (CP) for External Certificate Authorities (version 3.1, 30 August 2006) defines the practices that VeriSign will employ in issuing and managing certificates and in maintaining a certificate-based public key infrastructure (PKI) for the ECA. This

Related Books

Symantec External Certificate Authority Key Recovery .

Symantec External Certificate Authority Key Recovery .

VeriSign Certified Document Service (CDS) for Adobe PKI .

VeriSign Certified Document Service (CDS) for Adobe PKI .

VeriSign Managed PKI for SSL - MSC Trustgate

VeriSign Managed PKI for SSL - MSC Trustgate

Collaboration Device Product Matrix - External - Cisco

Collaboration Device Product Matrix - External - Cisco

UniVerse External Database Access User Guide

UniVerse External Database Access User Guide

ANALYSIS OF LEBANON’S EXTERNAL SECTOR

ANALYSIS OF LEBANON’S EXTERNAL SECTOR

A CRITICAL ANALYSIS OF INTERNAL AND EXTERNAL

A CRITICAL ANALYSIS OF INTERNAL AND EXTERNAL

Code of Business Conduct and Ethics 11 Feb. 2021 (external .

Code of Business Conduct and Ethics 11 Feb. 2021 (external .

API 650 EXTERNAL PRESSURE DESIGN APPENDIX

API 650 EXTERNAL PRESSURE DESIGN APPENDIX

External (Outside) Scholarship Opportunities

External (Outside) Scholarship Opportunities

REQUEST FOR PROPOSAL EXTERNAL AND INTERNAL

REQUEST FOR PROPOSAL EXTERNAL AND INTERNAL

External Research Funding Awarded in 2013-14

External Research Funding Awarded in 2013-14

PopularTags

Recent Views