Showing papers on "Certification Practice Statement published in 2018"
Journal Article•
TL;DR: This research explores how CAs in INPKI formulates their CP and CPS based on Request for Comment (RFC) 3647 with larger point of view and aims to extend and criticize whether the proposedCP and CPS are qualified to encourage the CA’s readiness and the preparation of InPKI.
Abstract: Certification Authority (CA) must unveil its Certificate Policy (CP) and Certification Practice Statement (CPS) as obligatory and fundamental documents to describe its technical information security, business processes, and legal compliance. Although had been initiated since 2014, Indonesia National Public Key Infrastructure (INPKI) still cannot be operated completely by Root CA, Sub-CA’s, and other involved participants. This situation affected by CA’s inability to produce adequate CP and CPS that cover necessary information required above. As Root CA in INPKI, Ministry of Communication and Information Technology (MCIT) shall propose CP and CPS for itself and also provide CP and CPS framework for its Sub-CAs. Previously, Sub-CAs confronts difficulties to propose CP and CPS due to their low proficiency. Using the concept of knowledge management, MCIT needs to regulate and educate Sub-CAs and itself as Root CA by proposing CP and CPS as knowledge transfer and guidelines. Proposed CP and CPS become empirical externalization and internalization so that each CA can compose its own CP and CPS with decent content to cover the required issues. This research explores how CAs in INPKI formulates their CP and CPS based on Request for Comment (RFC) 3647 with larger point of view. This exploration aims to extend and criticize whether the proposed CP and CPS are qualified to encourage the CA’s readiness and the preparation of INPKI. This exploration contributes significant impact through preparation of CP and CPS. Produced CP and CPS will be more qualified and enhanced in unveiling necessary information to obtain trustworthiness in three aspects: governance; technical; and human resource requirements.
1 citations
5 Mar 2018
TL;DR: This document specifies short-lived certificates as a means of guaranteeing certificate freshness for secure telephone identity (STIR), in particular relying on the Automated Certificate Management Environment (ACME) to allow signers to acquire certifcates as needed.
Abstract: When certificates are used as credentials to attest the assignment of
ownership of telephone numbers, some mechanism is required to provide
certificate freshness. This document specifies short-lived
certificates as a means of guaranteeing certificate freshness for
secure telephone identity (STIR), in particular relying on the
Automated Certificate Management Environment (ACME) to allow signers
to acquire certifcates as needed.
1 citations
1 Aug 2018
TL;DR: The quality assessment of this CP-CPS, including its compliance to the related reference/standard, namely: CP OSD Lemsaneg v.1.1; RFC 3647, is found to be poor.
Abstract: OSD PSE is the Indonesian Government's Certification Authority (CA) for National e-Procurement System and later named OSD PSE G2. It has a unique hierarchical structure under the OSD Lemsaneg. As an Issuing CA, the OSD PSE G2 publishes and guarantee the quality of Certificate Policy and Certification Practice Statement (CP-CPS) in order to gain the PKI user's trustworthy. In this article, we analyze the CP-CPS version 1.0 that published by OSD PSE G2. For this purpose, we apply the methodology of PKI Assessment Guidelines (PAG). The quality assessment of this CP-CPS, including its compliance to the related reference/standard, namely: CP OSD Lemsaneg v.1.1; RFC 3647; and CA Business Practice Disclosure Principle on Trust Service Principles and Criteria for Certification Authorities (BPDP-TSPCCA) version 2.0. We finally found that the CP-CPS version 1.0 does not comply with related standard and reference. Hence, the CP-CPS need to be updated following the current condition of OSD PSE G2.
1 citations
Posted Content•
TL;DR: In this article, the authors analyzed the CP-CPS version 10 that published by OSD PSE G2 for this purpose, they applied the methodology of PKI Assessment Guidelines (PAG) The quality assessment of this certificate policy and certification practice statement, including its compliance to the related reference/standard, namely: CP OSD Lemsaneg v11; RFC 3647; and CA Business Practice Disclosure Principle on Trust Service Principles and Criteria for Certification Authorities (BPDP-TSPCCA) version 20
Abstract: OSD PSE is the Indonesian Government Certification Authority (CA) for National e-Procurement System and later named OSD PSE G2 It has a unique hierarchical structure under the OSD Lemsaneg As an Issuing CA, the OSD PSE G2 publishes and guarantee the quality of the Certificate Policy and Certification Practice Statement (CP-CPS) in order to gain the PKI user trustworthy In this article, we analyze the CP-CPS version 10 that published by OSD PSE G2 For this purpose, we apply the methodology of PKI Assessment Guidelines (PAG) The quality assessment of this CP-CPS, including its compliance to the related reference/standard, namely: CP OSD Lemsaneg v11; RFC 3647; and CA Business Practice Disclosure Principle on Trust Service Principles and Criteria for Certification Authorities (BPDP-TSPCCA) version 20 We finally found that the CP-CPS version 10 does not comply with related standard and reference Hence, the CP-CPS need to be updated following the current condition of OSD PSE G2