Abstract
The IETF [1], RFC2527 [2] describes and defines the contents of documentation that is at the heart of the process-driven elements of a PKI. These are captured in the certificate policy (CP), which defines what is delivered, and the certification practice statement (CPS), which defines how it is delivered. The RFC has formed the basis for the contents of both documents. However, with the move of PKI from employment via service providers to deployment directly by organisations, and the extension in the use of PKI to a much wider and less knowledgeable potential market, the difficulties of creating an appropriate set of documentation have become apparent. While I do not suggest that RFC2527 is wrong, I argue that it appears to pose as many questions as it answers when it comes to implementation. In this article I attempt to consider the factors that influence the implementation of a documented infrastructure and suggest a pragmatic approach, based on RFC2527, to delivering a document structure that will support the delivery of PKI services and the understanding of trust that can be placed in those services.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
