Note: My Web pages are best viewed with style sheets enabled.
|
Note: My Web pages are best viewed with style sheets enabled. |
Unrated |
Version 2Jul07-1.0.3
Verification of the requirements in §B.1 will generally be done through interviews of the certificate authority's subscribers or becoming a subscriber. Verification of the requirements §B.2 may involve examination of the certificate authority's Web site and other public materials; it may also involve visiting or communicating with the certificate authority's physical site to request public information.
| Req. # | WT | Requirement | Verified | Comments |
|---|---|---|---|---|
| B.1.a | 8 | The privacy policy is available to subscribers. | ||
| B.1.b | 8 | The configuration-management policy is available to subscribers. |
| Req. # | WT | Requirement | Verified | Comments |
|---|---|---|---|---|
| B.2.a | 8, 39 | The CP is available to subscribers and the general public. | ||
| B.2.b | 8, 39 | The CPS is available to subscribers and the general public. | ||
| B.2.c | 8 | The statement of risks (cited in §A.6.a) is available to subscribers and the general public. | ||
| B.2.d | 8 | The statement of the CA's liability (cited in §A.6.b) is available to subscribers and the general public. | ||
| B.2.e | 8 | The statement of the subscribers' liability (cited in §A.6.c) is available to subscribers and the general public. | ||
| B.2.f | None | The statement of each subscriber's acceptance of liability (cited in §A.6.d) is available to those who present appropriate cause to request it. | ||
| B.2.g | 3 | Contact information is available to subscribers and the general public:
| ||
| B.2.h | 8, 11, 32 | A list of subscriber certificates is available to subscribers and the general public with the following information for each certificate:
| ||
| B.2.i | 11 | The information about a subscriber's certificate (see §B.2.h) that has expired is either
| ||
| B.2.j | 11, 33, 35 | A list of certificates revoked before their expiration dates is available to subscribers and the general public with the same identifying information as given in §B.2.h along with the reason for the revocation (see §A.2.o and §A.2.q). | ||
| B.2.k | 13, 32, 33, 35, 36 | Tools for verifying subscriber certificates are supported (e.g., certificate revocation list (CRL), online certificate status protocol (OCSP)) in a timely manner. | ||
| B.2.l | 7 | The fee schedule is available to subscribers and the general public. | ||
| B.2.m | None | The CA promptly notifies all current subscribers of any breach of security (see §C.2). | ||
| B.2.n | None | The CA makes available to the general public information about any breach of security (see §C.2). | ||
| B.2.o | None | The CA makes available to the general public configuration-control logs and records (see §A.1.k). | ||
| B.2.p | 9 | This checklist (as completed by the reviewer) and the reviewer's attestation are available to subscribers and the general public. |
Last updated 2 July 2007
 David Ross home |
 |
 CA Review home |
