Certification Practice Statement
A Certification Practice Statement (CPS) is a document from a certificate authority or a member of a web of trust which describes their practice for issuing and managing public key certificates.[1]
Some elements of a CPS include documenting practices of:
- issuance
- publication
- archiving
- revocation
- renewal
By detailing the practice of issuance, revocation and renewal, a CPS aids entities in judging the relative reliability of a given certificate authority.[2]
Certificate authorities
[edit | edit source]In a certificate authority, the CPS should derive from the organization's certificate policy and may be referenced in issued certificates.[3]
Web of trust
[edit | edit source]Because individuals act as certifiers in a web of trust, individual CPS documents are sometimes used. For example, in a PGP WoT, the CPS might state that the certifying entity checked two forms of legal government ID before signing the person's public key.
Digital signatures
[edit | edit source]When verifying digital signatures, it's necessary to review the CPS so as to determine the meaning of the issuance of the certificate by the certifying entity.[4]
References
[edit | edit source]- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). Informational. p. 15. Obsoletes RFC 2527.
- ^ American Bar Association Digital Signature Guidelines 1996, Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value). (section 1.8.1)
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ American Bar Association Digital Signature Guidelines 1996, Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
External links
[edit | edit source]- Microsoft.com "Creating Certificate Policies and Certificate Practice Statements"
- Security policy
- Example of a CPS for a Web of Trust: http://www.grep.be/gpg/cert-policy-v2