Certification Practice Practice... · PDF file 7 een encryptie sleutel een CA sleutel...

Click here to load reader

  • date post

    24-Aug-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Certification Practice Practice... · PDF file 7 een encryptie sleutel een CA sleutel...

  • Certification Practice Statement

    Versie 6.5

    Hilde Oomen

  • 2

    1 Dit document _______________________________________________________________ 6

    1.1 Naam en identificatie ____________________________________________________________ 6

    1.2 Versiebeheer ___________________________________________________________________ 6

    1.3 Toegankelijkheid ________________________________________________________________ 6

    1.4 Beheer ________________________________________________________________________ 6 1.4.1 Contactgegevens _____________________________________________________________________ 6

    2 Publicatie en elektronische opslag ______________________________________________ 6

    2.1 Website _______________________________________________________________________ 6

    3 Achtergronden & Overzicht ____________________________________________________ 7

    3.1 PKI (Public Key Infrastructuur) _____________________________________________________ 7

    3.2 Dienstverlening van ESG __________________________________________________________ 7

    3.3 Kader van dienstverlening (PKIoverheid) ____________________________________________ 8 3.3.1 Toepassingsgebied certificaten __________________________________________________________ 8 3.3.2 Certificaat hiërarchie __________________________________________________________________ 9

    3.4 Betrokken Partijen ______________________________________________________________ 9 3.4.1 CSP (Certification Service Provider) _______________________________________________________ 9 3.4.2 CSO (Component Services Organisatie) ____________________________________________________ 9 3.4.3 LRA (Local Registration Authority) ________________________________________________________ 9 3.4.4 LRAO (LRA-Officer) ____________________________________________________________________ 9 3.4.5 Abonnee ___________________________________________________________________________ 10 3.4.6 Certificaathouder ____________________________________________________________________ 10 3.4.7 Certificaatbeheerder _________________________________________________________________ 10 3.4.8 Vertrouwende Partij __________________________________________________________________ 10

    3.5 Certificaat gebruik _____________________________________________________________ 11

    3.6 Certificate Policies _____________________________________________________________ 11

    4 Identificatie and Authenticatie (I&A) ___________________________________________ 12

    4.1 Namen _______________________________________________________________________ 12

    4.2 Vaststellen van de identiteit ______________________________________________________ 12

    4.3 I&A bij vernieuwing van een certificaat _____________________________________________ 12

    4.4 I&A bij intrekking van een certificaat_______________________________________________ 12

    5 Certificaat _________________________________________________________________ 12

    5.1 Aanvraag _____________________________________________________________________ 12

    5.2 Certificatieprocedure ___________________________________________________________ 12 5.2.1 Identificatie ________________________________________________________________________ 13 5.2.2 Vaststellen van de certificaatgegevens ___________________________________________________ 13 5.2.3 Vaststellen van de organisatie gegevens __________________________________________________ 13 5.2.4 Uitgifte keymateriaal _________________________________________________________________ 14 5.2.5 Indienen aanvraagdossier _____________________________________________________________ 14 5.2.6 Productie & uitgifte __________________________________________________________________ 14

  • 3

    5.3 Controle & acceptatie ___________________________________________________________ 14

    5.4 Sleutelpaar en Certificaat gebruik _________________________________________________ 14

    5.5 Vernieuwen ___________________________________________________________________ 15

    5.6 Rekey ________________________________________________________________________ 15

    5.7 Aanpassen ____________________________________________________________________ 15

    5.8 Intrekking en Opschorting _______________________________________________________ 15 5.8.1 Intrekking hotline +31 800 ESGKEYS (+31 800 3745397) ______________________________________ 15 5.8.2 Omstandigheden die leiden tot Intrekken _________________________________________________ 15 5.8.3 Intrekkingsbevoegdheid _______________________________________________________________ 16 5.8.4 Herroepen van een Intrekking __________________________________________________________ 16

    5.9 Online controleservices _________________________________________________________ 16 5.9.1 CRL (Blokkeringslijst) _________________________________________________________________ 16 5.9.2 Geldigheidscontrole via OCSP __________________________________________________________ 17

    5.10 Duur overeenkomst ____________________________________________________________ 17

    5.11 Sleutelbewaring en herstel _______________________________________________________ 17

    6 Veiligheid _________________________________________________________________ 17

    6.1 Fysieke veiligheid ______________________________________________________________ 17 6.1.1 Vestiging Nuth ______________________________________________________________________ 17 6.1.2 Vestiging CSO _______________________________________________________________________ 18

    6.2 Procedurele veiligheid __________________________________________________________ 19 6.2.1 Vestiging Nuth ______________________________________________________________________ 19 6.2.2 Vestiging CSO _______________________________________________________________________ 19

    6.3 Personele veiligheid ____________________________________________________________ 20 6.3.1 ESG _______________________________________________________________________________ 20 6.3.2 KPN_______________________________________________________________________________ 21

    6.4 Procedures ten behoeve van beveiliging ____________________________________________ 22 6.4.1 Geregistreerde gebeurtenissen _________________________________________________________ 22

    6.5 Archivering ___________________________________________________________________ 23 6.5.1 Toegang tot het archief _______________________________________________________________ 23

    6.6 Vernieuwing CA sleutel __________________________________________________________ 23

    6.7 Sleutel compromittatie & calamiteiten _____________________________________________ 23 6.7.1 Informatieverspreiding _______________________________________________________________ 23

    6.8 Beëindiging van de service _______________________________________________________ 23

    6.9 Technische veiligheid ___________________________________________________________ 24 6.9.1 Sleutelparen ________________________________________________________________________ 24 6.9.2 Veiligheid van privé sleutels ____________________________________________________________ 24 6.9.3 SSCD (Smartcard) ____________________________________________________________________ 24 6.9.3 Zero- of NULL-PIN procedure ___________________________________________________________ 24 6.9.5 Overige aspecten van sleutelbeheer _____________________________________________________ 25 6.9.6 PIN _______________________________________________________________________________ 25 6.9.7 Veiligheid van componenten ___________________________________________________________ 25 6.9.8 Life Cycle Security Controls ____________________________________________________________ 25 6.9.9 Netwerktechnische veiligheidsmaatregelen _______________________________________________ 25

  • 4

    6.9.10 Timestamping ____________________________________________________________________ 25

    7 Profielen __________________________________________________________________ 26

    7.1 Burgercertificaten ______________________________________________________________ 26 7.1.1 Authenticiteit _______________________________________________________________________ 26 7.1.2 Onweerlegbaarheid __________________________________________________________________ 27 7.1.3 Vertrouwelijkheid____________________________________________________________________ 28

    7.2 BeroepsCertificaten ____________________________________________________________ 30 7.2.1 Authenticiteit _______________________________________________________________________ 30 7.2.2 Onweerlegbaarheid __________________________________________________________________ 31 7.2.3 Vertrouwelijkheid____________________________________________________________________ 33

    7.3 Organisatie ___________________________________________________________________ 34 7.3.1 Authenticiteit _______________________________________________________________________ 34 7.3.2 Onweerlegbaarheid __________________________________________________________________ 36 7.3.3 Vertrouwelijkheid____________________________________________________________________ 37

    7.4 Services certificaten ____________________________________________________________ 39 7.4.1 Authenticiteit _______________________________________________________________________ 39 7.4.2 Vertrouwelijkheid____________________________________________________________________ 40 7.4.3 Server _____________________________________________________________________________ 42

    7.5 CRL ___________________________________________