As the Policy Authority of the Dutch Governmental PKI program (PKIoverheid) I would like to add our view to this discussion. We operate a program that is similar in character to the Federal Common Policy CA. We operate one trust anchor (the Staat der Nederlanden Root CA) for use with and within Dutch Government. This trust anchor is already included in the major browser products such as Mozilla, Microsoft and Apple.
We enable parties - both governmental and commercial - to operate as Certificate Service Providers under our Root CA. In doing so we have created an infrastructure that can be used for communication within and with Dutch government. Our Certificate Service Providers must adhere to our Certificate Policies, that are based on ETSI TS 101456 and 102042 with a number of additional PKIoverheid requirements such as the adherence to the CABforum Baseline Requirements. The CSPs annualy undergo an external audit. This certification is an ETSI certification with the addional PKIoverheid requirements taken into account. This thread started with the fact that "several national certification authorities are actually acting as super CAs without complete accountability for the operations of their subsidiary CAs". This clearly is a problematic practice, as this does not create the required transparency needed for a trust system to operate correctly. A so-called super CA must at all times be completely accountable for their sub-CAs. It is then the responsibility of these sub-CAs to meet the publicly stated requirements of the Certificate Policies of the super CAs, and undergo an external audit to that effect. The Policy Authority PKIoverheid is completely accountable for the CSPs within the PKIoverheid/Staat der Nederlanden hierarchy. Looking at the proposed requirements as posted by Kathleen we see the need for all, bar the requirement for the Root CA organization to issue end-entity certificates. In our opinion the fact that a trust anchor organization is able, or does, issue end entity certificates does not add to the trustworthiness of the system as a whole. The trust anchor organization must ensure that all sub-CAs demonstrably adhere to the requirements that are applicable to a trust anchor, by means of an external audit and publically verifiable documentation and proof. Regards, Mark Janssen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
