[cabfcert_policy] What is meant by "initial certificate issuance"?
Ben Wilson
Ben.Wilson at digicert.com
Thu Jul 24 13:36:26 MST 2014
The NISTIR document (and other PKI documents) refer to steps taken as part of "initial certificate issuance" and contrast those with steps taken during "certificate renewal". This comes up first in section 3.2.3.1 of the NISTIR 7924.
There are lifecycle states such as re-key, re-issue, etc., which we have debated but have not fully defined. If we recommend that "initial certificate issuance" be defined by NISTIR 7924, what is the definition? "Initial registration" is also used. What does that mean, or how is that different from the former?
These terms are used in sections 3.2.3.1, 3.3.1, 3.3.2, 4.6.3, 4.7.3, and 4.8.1, and Section 3.2 of RFC 3647 is titled "Initial Identity Validation". "Initial identity proofing" is also mentioned in section 4.8.3.
This question is also related to draft ballot 123 dealing with re-validation of information because in section 11.13 of the EVG we talk about "existing subscribers" and "the age of validated data ... before revalidation is required."
Several CABF documents make a distinction between initial proofing and information that is subsequently used for renewal. I think we need to improve our understanding of these things.
Thoughts? Are there any broadly accepted industry definitions we could use?
Meanwhile, I'll also take a look to see what I can find.
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20140724/2a0445ef/attachment.html
More information about the Policyreview
mailing list