[cabf_validation] RA Functional Model

Moudrick M. Dadashov md at ssc.lt
Thu Apr 6 09:52:20 MST 2017


Hi Ben,

Also some references to ETSI Certification services defined in ETSI EN 
319 411-1:

Registration Authority (RA): entity that is responsible for 
identification and authentication of subjects of certificates mainly.
NOTE 1: An RA can assist in the certificate application process or 
revocation process or both.
NOTE 2: See IETF RFC 3647 [i.3].

registration officer: person responsible for verifying information that 
is necessary for certificate issuance and approval of certification requests
revocation officer: person responsible for operating certificate status 
changes

Registration service: verifies the identity and if applicable, any 
specific attributes of a subject. The results of this service are passed 
to the certificate generation service.
NOTE 2: This service includes proof of possession of non-CA generated 
subject private keys.

See RA specific provisions in the document: 
http://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.01.01_60/en_31941101v010101p.pdf

An update is in preparation (Nick is the right person to ask).

Thanks,
M.D.

On 4/6/2017 6:28 PM, Ben Wilson via Validation wrote:
>
> If we want to embark on an effort to develop a functional model of RA 
> systems, this might help.  It comes from the ABA’s PKI Assessment 
> Guidelines 
> (http://www.americanbar.org/content/dam/aba/events/science_technology/2013/pki_guidelines.authcheckdam.pdf):
>
> … registration authority functions are a subset of certification 
> authority functions. There are nine CA functions, of which five are 
> identical to RA functions in this section.  In many, if not most 
> contexts, RA functions are considered to be “front-end” functions 
> involving direct contact with certificate applicants and subscribers 
> that leverage the RA’s greater knowledge of the certificate applicants 
> and subscribers (compared to the CA) and its direct relationship with 
> them.  The five CA functions that are also RA functions are the following:
>
>   * Establish an environment and procedure for certificate applicants
>     to submit their certificate applications (e.g., creating a
>     web-based enrollment page);
>   * The identification and authentication of individuals or entities
>     who apply for a certificate;
>   * The approval or rejection of certificate applications;
>   * The initiation of certificate revocations, either at the
>     subscriber’s request or upon the entity’s own initiative; and
>   * The identification and authentication of individuals or entities
>     submitting requests to renew certificates or seeking a new
>     certificate following a re-keying process and processes set forth
>     above for certificates issued in response to approved renewal or
>     re-keying requests.
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170406/adc56d12/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 6100 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170406/adc56d12/attachment-0001.jpe>


More information about the Validation mailing list