CP - Certificate Policy Flashcards
What is a MOA?
A memorandum of agreement is used for entering in to a contractual relationship with PMAs of other PKI domains.
What is the difference between the CP and the CPS?
The CP states what assurance can be placed in a Certificate issued under this policy. The Carillon Certification Practice Statements (Carillon CPSs) state how the Carillon CAs establish that assurance.
CP = What CPS = How
What is the PMA?
The Policy Management Authority is responsible for the f
What are the 6 main participants in the Carillon PKI environment.
1) Carillon PKI authorities
- Carillon Policy Management Authority (Carillon PMA)
- Carillon PKI Operational Authority (OA)
- Carillon PKI Operational Authority Administrator
- Carillon Principal Certification Authority (PCA)
- Carillon Root CAs
- Carillon Subordinate CAs
- Certificate Status Authority (CSA)
- Time-Stamp Authority (TSA)
- Card Management System (CMS)
- Administration Workstation
2) Registration authorities
3) Subscribers
4) Relying Parties
5) Other participants
6) Applicability
What are the 10 Carillon PKI authorities
Responsible for the administration and operation of the Carillon CAs.
1) Carillon Policy Maintenance Authority (PMA)
2) Carillon PKI Operational Authority (OA)
3) Carillon PKI Operational Authority Administrator
4) Carillon Principal Certification Authority (PCA)
5) Carillon Root CAs
6) Carillon Subordinate CAs
7) Certificate Status Authority (CSA)
8) Time-Stamp Authority (TSA)
9) Card Management System (CMS)
10) Administration Workstations
What is a certificate and what are the four pieces of information that it must contain?
A certificate is a data structure that is digitally signed by a certification authority, and contains the following
- The identity of the certification authority issuing it
- The identity of the certified End-Entity
- A public key that corresponds to a Private Key under the control of the certified End-Entity
- The operational period
- A serial number
What is CertiPath?
Certipath is a cooperation whose purpose is to design, implement, maintain, and market a secure Public Key infrastructure communications bridge.
What is the Local Registration Authority (LRA)?
An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates.
What is UPN?
In the Windows operating system’s Active Directory, a User Principal Name (UPN) is the name of a system user in an e-mail address format. ddavies@corp.local.
What is UUID?
A UUID (Universal Unique Identifier) is a 128-bit number used to uniquely identify some object or entity on the Internet.
What is the difference between the cn and the DN
A cn or common name represents the subscriber in a way that is understandable by humans. The DN or distinguished name will generally be the UUID, or UPN.
What encryption is used for public key encryption
3072 or 2048 bit RSA per PKCS 1.
What is PKCS?
In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography.
What hashing algorithm is used?
SHA-256
What is FIPS 186-4?
The Federal Information Processing Standard defines a suite of algorithms that can be used to create digital signatures established by the National Institue of Science and Technology (NIST).
