1. INTRODUCTION

This document is consistent with RFC 2527. Therefore there are some sections that are maintained for compatibility, although they do not apply exactly to the services offered by CESNET CA. Glossary provides a glossary of terms used in this document.

Within this document the words ‘MUST’, ‘MUST NOT’, ‘REQUIRED’, ‘SHALL’, ‘SHALL NOT’, ‘SHOULD’, ‘SHOULD NOT’, ‘RECOMMENDED’, ‘MAY’, ‘OPTIONAL’ are to be interpreted as in RFC 2119. (See Appendix A).

1.1. Overview

This CPS describes the practices employed by the CESNET CA in issuing the digital certificates.

This CPS MAY be used by a relying party to determine the level of trust associated with a given policy.

1.2. Identification

1.2.1. Certificate Practice Statement Name

CESNETCACertificatePracticeStatementv2:0

1.2.2. Object Identifiers

This certificate practice statement is identified by the following unique registered Object Identifier (OID):

1.3.6.1.4.1.8057.1.1.2.0

ISO assigned1
Organization acknowledged by ISO3
US Department of Defense6
Internet1
IANA registered private enterprises1
CESNET8057
PKI1
Certificate Practice Statement1
Major version2
Minor version0

1.3. Community and Applicability

CESNET CA provides PKI services for the Czech academic community.

The specific applicability of the certificates issued by the CESNET CA MAY be stated in the relevant CP.

1.3.1. Certification authorities

The CESNET CA digital certificates MUST be issued only by persons formally assigned by the CESNET a. l. e. director.

1.3.2. Registration authorities

The CESNET CA manages the functions of its Registration Authority.

Other RAs MAY be operated by sites within the Czech academic community, e. g. by universities or faculties. In that case the RAs MUST sign an agreement with the CESNET CA stating the obligation to adhere to this CPS and the relevant CPs.

1.3.3. End entities

The targeted end entities are employees and students of Czech universities, Czech Academy of Sciences, and any organizations cooperating with these entities in the practice of research, educational and administrative functions as well as computers and application services operated by these organizations.

In accordance with the corresponding CP, subscribers that are the subject of the issued certificates may be:

  1. Any natural person which can be uniquely identified.

  2. Any legal person or entity which can be uniquely identified (e. g. university of faculty).

  3. Any other object (e. g. server or hardware/software component) that can be uniquely identified.

1.3.4. Applicability

Certificates issued by the CESNET CA MUST NOT be used for financial transactions.

Certificates issued by the CESNET CA can facilitate:

  • Authentication
  • Authorization
  • Confidentiality
  • Integrity
  • Non-repudiation

Applicable key usage is indicated in the ‘Key Usage’ extension of the certificate. Any usage other than the one(s) indicated in this extension is at the risk of the relying party.

The specific applicability requirements MAY be stated in the relevant CP.

1.4. Contact Details

1.4.1. Specification administration organization

This CPS is maintained by CESNET a. l. e. (http://www.cesnet.cz/).

1.4.2. Contact person

All questions and comments concerning this CPS must be addressed to:


       CESNET CA 
       CESNET a. l. e.
       Zikova 4
       Prague
       160 00
       Czech Republic
      
       Email: 
       URI: http://www.cesnet.cz/pki/
      

1.4.3. Person determining CPS suitability for the policy

Not applicable.