| (I) "A statement of the practices which a certification authority
employs in issuing certificates." [ABA96, R2527] (See: certificate
policy.)
(C) A CPS is a published security policy that can help a
certificate user to decide whether a certificate issued by a
particular CA can be trusted enough to use in a particular
application. A CPS may be (a) a declaration by a CA of the details
of the system and practices it employs in its certificate
management operations, (b) part of a contract between the CA and
an entity to whom a certificate is issued, (c) a statute or
regulation applicable to the CA, or (d) a combination of these
types involving multiple documents. [ABA]
(C) A CPS is usually more detailed and procedurally oriented than
a certificate policy. A CPS applies to a particular CA or CA
community, while a certificate policy applies across CAs or
communities. A CA with a single CPS may support multiple
certificate policies, which may be used for different application
purposes or by different user communities. Multiple CAs, each with
a different CPS, may support the same certificate policy. [R2527]
|
