Secure CA operation

BSI TR-03145 Secure Certification Authority operation

文档结构: - Introduction, scope - Abbreviation - Concept and approach: 图~ - Aims of the CA - Processes of the CA - General security requirements

abbr

certificate policy (CP): 一些命名规则,标识common security requirement, RFC3647

certification practice statement (CPS): CA对签发、管理、撤销、续期的实际操作策略

Certification Authority as trustee in PKI

目标(security objectives): - Trustworthy CA certificate: (Depends on)

  • Private key of the CA

  • Certificate generation process

  • Provision of trust services to relying parties: (Depends on) - dissemination of trustable certificates

Certificate Management Processes

Private key of the CA

Maintaining: (process) - Certificate generation process - Trustworthy CA certificate

Trustworthy Manner: (Depends on) - General security requirements

Objectives -> Treats -> Requirements

Rationale: - Objective -> Requirements -> Rationale - Treat -> Requirements -> Rationale