Certificate policy

From Wikipedia, the free encyclopedia

This article is orphaned as few or no other articles link to it. Please help introduce links in articles on related topics. (July 2006)

Certificate policies are, in the X.509 version 3 digital certificate standard, the applications which a certifying CA declares a specific public/private key fit for. Typical certificate policies include:

• digital signature of e-mail, aka S/MIME
• encryption of data
• verification of Web site identity
• further issuance of certificates (delegation of authority)

The framework and intention of certificate policies are described in RFC 3647 , where Certification Practice Statements (CPS) are also described.

[edit] Critical vs. non-critical policies

According to the RFC, policies may be marked as critical or non-critical. This distinction is largely to limit the liability of the CA. Policies which are marked as critical should be the only ones a digital certificate is used for. That is, if a critical certificate policy designates a certificate for use in digitally signing electronic communication, it should not be used for encryption. If it is in fact used for encryption and the confidentiality of the encrypted data is compromised, the CA has limited liability.

[edit] References

• RFC 3647