Getting a KeyPOST Digital Certificate - Part 1 - Applying
Thu, 20 Aug 1998 17:57:07 +1000 (EST)
> The thing that has to be realised is that a CA is merely verifying the binding
> between an identity and a public key. They are not making representations
> about how the key has been generated. This buys them out of any liability for
> badly generated keys, for which the burden of responsibility falls on the
> user. If the certificate policy requires certain key qualities or secure
> random number generators, the CA can require that the user use accreditated hw/
> sw to generate it.
In GPKA an accredited CA must has ITSEC E3 security classification and that
includes the system which generates the keys.
Incidentally the German legislation requires CAs with higher ITSEC E4
security classification so how will the international PKI mutual legal
recognation be handled?
David Chia, RMIT University