4. OPERATIONAL REQUIREMENTS

4.1. Certificate Application

An entity generates its own key pair and submit public key and other required data to the CA. After that the request MUST carefully follow the procedures detailed in this policy and in the CPS for identification and authentication.

4.2. Certificate Issuance

The CA and RA MUST carefully check the compliance and validity of documents presented by the subscribers. After the authentication accomplished by methods specified in Section 3.1, the CA SHOULD issue the certificate. In the case of issuance the CA MUST notify the requester. If for any reasons the CA decides not to issue the certificate (even if the checks and the authentication were correct) it SHOULD notify the reason for this choice to the requester.

4.3. Certificate Acceptance

No stipulation.

4.4. Certificate Suspension and Revocation

4.5. Security Audit Procedures

This policy recognizes the importance of security audit procedures suggesting that a conforming CA specifies all this kind of provisions in the CPS.

4.6. Records Archival

This section specifies the type of events that are recorded for archival purposes from CA and RA and how this collected data are maintained. For further details not explicitly stipulated here the reference is the CPS.

4.7. Key changeover

No stipulation.

4.8. Compromise and Disaster Recovery

If a CA s private key is compromised or suspected to be compromised, the CA SHALL at least:

If a RA s private key is compromised or suspected to be compromised, the RA SHALL at least inform the CA and request the revocation of the RA's certificate

If an entity s private key is compromised or suspected to be compromised, the entity SHALL at least inform the relying parties and request the revocation of the entity's certificate.

4.9. CA Termination

Termination of a CA is regarded as the situation where all service associated with a logical CA is terminated permanently.

Before the CA terminates its services the following procedures MUST be completed as a minimum:

A subordinate CA MAY terminate or continue operation as a self-standing CA.