[cabfcert_policy] CA Components
Peter Bowen
pzb at amzn.com
Thu Jun 2 10:42:00 MST 2016
On the policy WG call today, there was a discussion of diagramming the components in a CA. I’ve seen a number of components defined in various Certificate Policies, The items below are pulled from several docs, including a NIST model CP and several commercial CA CPs. Are there other components worth mentioning? Does anyone who does Subscriber Key Escrow have additional components relevant to that functionality?
Thanks,
Peter
Certificate Service Provider components:
Certification Authority (probably the top level component?)
CA Management Authority
Registration Authority
Local Registration Authority
Certificate Manufacturing Authority (I think this is the same as a Certificate Management System) with subcomponents:
- Cryptographic module
- CA Key Storage
- Audit Log persistence
- <thing that talks to cryptographic module> (needs name)
Certificate Status Authority with subcomponents:
- OCSP Response Signers
- OCSP Responders
Repository Service Provider (distributes CRLs and Issuer certificates)
Policy Authority
End Entity roles:
Subscribers
Relying Parties
Others:
Trust Anchor List maintainer (usually an Application Software Supplier that operates a Root Certificate Program)
More information about the Policyreview
mailing list