This document is consistent with RFC 2527. Therefore there are some sections that are maintained for compatibility, although they do not apply exactly to the services offered by CESNET CA. Glossary provides a glossary of terms used in this document.
Within this document the words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", "OPTIONAL" are to be interpreted as in RFC 2119. (See Appendix A).
This CPS describes the practices employed by the CESNET CA in issuing the digital certificates.
This CPS MAY be used by a relying party to determine the level of trust associated with a given policy.
CESNETCACertificatePracticeStatementv1:2
This certificate practice statement is identified by the following unique registered Object Identifier (OID):
1.3.6.1.4.1.8057.1.1.1.2
CESNET CA provides PKI services for the Czech academic community.
The specific applicability of the certificates issued by the CESNET CA is stated in the relevant CP.
The CESNET CA digital certificates MUST be issued only by persons formally assigned by the CESNET a.l.e. director.
The CESNET CA manages the functions of its Registration Authority.
Other RAs MAY be operated by sites within the Czech academic community, e.g. by universities or faculties. In that case the RAs MUST sign an agreement with the CESNET CA stating the obligation to adhere to this CPS and the relevant CPs.
The targeted end entities are employees and students of Czech universities, Czech Academy of Sciences, and any organizations cooperating with these entities in the practice of research, educational and administrative functions as well as computers and application services operated by these organizations.
In accordance with the corresponding CP, subscribers that are the subject of the issued certificates may be:
Any natural person which can be uniquely identified.
Any legal person or entity which can be uniquely identified (e.g. university of faculty).
Any other object (e.g. server or hardware/software component) that can be uniquely identified.
Certificates issued by the CESNET CA MUST NOT be used for financial transactions.
Certificates issued by the CESNET CA can facilitate:
Authentication
Authorization
Confidentiality
Integrity
Non-repudiation
Applicable key usage is indicated in the "Key Usage" extension of the certificate. Any usage other than the one(s) indicated in this extension is at the risk of the relying party.
The specific applicability requirements MAY be stated in the relevant CP.
This CPS is maintained by CESNET a.l.e. (http://www.cesnet.cz/).
All questions and comments concerning this CPS must be addressed to:
CESNET CA
CESNET a.l.e.
Zikova 4
Prague
160 00
Czech Republic
Email: <ca@cesnet.cz>
URI: http://www.cesnet.cz/pki/
Not applicable.