mtnlTrustLine Certificate Policy

mtnlTrustLine Certificate Policy

Document Version:	1.0
Date:	September 15, 2003
Owner:	Ms. Vandana Gupta, DGM CA
Document ID:	MTNL-TL/POL/1.0/104
File Name:	MTNL-CP.doc

Custodian:	Mr. Bharat Kumar, AGM (S&A)
Prepared by:	Ms. Vandana Gupta, DGM CA
Reviewed by:	Mr. Sanjay Padmane, DGM CA
Approved by:	Mr. A. K. Bhargava, GM IT
Effective Date:	28^th January, 2004

Legal Notice

Unauthorized access to and use of this document is prohibited by law. Any individual attempting unauthorized access, copying, distributing, or exploiting information within this document will be subjected to legal prosecution. The mtnlTrustLine operations, including the policies and procedures, the terms and conditions, shall be governed by relevant Indian Laws in force.

Document Control Matrix

Sr. No.	Version	Date	Prepared by	Reviewed by	Approved by
1	1.0	15/09/2003	Ms.Vandana Gupta DGM CA	Mr. Sanjay Padmane DGM CA	Mr. A K Bhargava GM IT

mtnlTrustLine Certificate Policy (CP)

Version -1.0

Effective Date: August 15, 2003

Mahanagar Telephone Nigam Limited

Jeevan Bharati, 124 Connaught Circus, New Delhi – 110 001

Status Of This Document

Document Status: þDraft þReviewed þApproved (MTNL) oApproved by CCA
Lifecycle stage	Approved By	Date	Signature
Draft submitted to mtnlTrustLine Policy and Procedures Steering Committee for Review	GM (IT) MTNL
CP Reviewed by mtnlTrustLine Policy and Procedures Steering Committee	Policy Coordinator mtnlTrustLine Policy and Procedures Steering Committee, MTNL
Approved and Authorized by MTNL CMD	CMD MTNL
Approved by CCA
Effective Date: August 15, 2003.

Note

The Capitalized and Underlined terms in this CP are defined terms with specific meanings. Please see ‘List of Terms’ (CP § 9) for a list of definitions.

This Certificate Policy document assumes that the reader is generally familiar with Public Key Infrastructure (PKI), Digital Certificates, Digital Signatures, Indian IT-Act 2000, Encryption, and the mtnlTrustLine PKI. If not, mtnlTrustLine advises that the reader obtain some training in the use of Public Key Cryptography and Public Key Infrastructure as implemented in the mtnlTrustLine PKI. General educational and training information is accessible from mtnlTrustLine at http://www.mtnltrustline.com/faq. Also, a brief summary of the roles of the different mtnlTrustLine PKI participants is set forth in CP § 1.3.

This latest version of this CP is available for viewing in electronic form within the mtnlTrustLine Repository at https://www.mtnltrustline.com/repository/cp.

Updates to the CP are posted in the updates section of the mtnlTrustLine Repository, at https://www.mtnltrustline.com/repository/updates.

Table Of Contents

1 Introduction.......................................................................................... 1

1.1 Overview........................................................................................... 2

1.1.1 Compliance with IT-Act................................................................... 2

1.1.2 Role of the CP and Other Documents................................................. 2

1.1.3 Relationship with Controller of Certifying Authority............................... 4

1.1.4 Policy Overview............................................................................. 4

1.1.4.1 Class 1 Certificates....................................................................................... 4

1.1.4.2 Class 2 Certificates....................................................................................... 5

1.1.4.3 Class 3 Certificates....................................................................................... 5

1.1.4.4 Test Certificates........................................................................................... 6

1.2 Identification.................................................................................... 6

1.3 Community and Applicability................................................................. 7

1.3.1 Certifying Authorities (CAs).............................................................. 7

1.3.2 Registration Authorities (RAs)........................................................... 8

1.3.3 End Entities................................................................................... 8

1.3.3.1 Subscribers................................................................................................... 8

1.3.3.2 Relying Parties.............................................................................................. 8

1.3.4 Applicability................................................................................... 9

1.3.4.1 Suitable Applications.................................................................................... 9

1.3.4.1.1 Suitable Applications for Class 1 Certificates......................................... 9

1.3.4.1.2 Suitable Applications for Class 2 Certificates....................................... 10

1.3.4.1.3 Suitable Applications for Class 3 Certificates....................................... 11

1.3.4.2 Restricted Applications............................................................................... 11

1.3.4.3 Prohibited Applications............................................................................... 12

1.4 Contact Details................................................................................ 12

2 General Provisions............................................................................... 13

2.1 Obligations...................................................................................... 13

2.1.1 CA Obligations.............................................................................. 13

2.1.2 RA Obligations.............................................................................. 14

2.1.3 Subscriber Obligations................................................................... 14

2.1.4 Relying Party Obligations................................................................ 15

2.1.5 Repository Obligations................................................................... 16

2.2 Liability........................................................................................... 16

2.2.1 CA Liability.................................................................................. 16

2.2.1.1 Warranties to Subscribers and Relying Parties........................................... 16

2.2.1.2 Disclaimers of Warranties........................................................................... 17

2.2.1.3 Limitations of Liability................................................................................. 17

2.2.1.4 Force Majeure............................................................................................. 18

2.2.2 RA Liability................................................................................... 18

2.2.3 Subscriber Liability........................................................................ 18

2.2.3.1 Subscriber Warranties................................................................................ 18

2.2.3.2 Private Key Compromise............................................................................. 19

2.2.4 Relying Party Liability..................................................................... 19

2.3 Financial Responsibility..................................................................... 19

2.3.1 Indemnification by Subscribers and Relying Parties.............................. 19

2.3.1.1 Indemnification by Subscribers................................................................... 19

2.3.1.2 Indemnification by Relying Parties.............................................................. 20

2.3.2 Fiduciary Relationships................................................................... 20

2.3.3 Administrative Processes............................................................... 20

2.4 Interpretation and Enforcement.......................................................... 21

2.4.1 Governing Law............................................................................. 21

2.4.2 Severability, Survival, Merger, Notice............................................... 21

2.4.3 Dispute Resolution Procedures......................................................... 21

2.4.3.1 Role of the CCA.......................................................................................... 21

2.5 Fees................................................................................................ 21

2.5.1 Certificate Issuance or Renewal Fees............................................... 21

2.5.2 Certificate Access Fees................................................................. 22

2.5.3 Revocation or Status Information Access Fees................................... 22

2.5.4 Fees for Other Services Such as Policy Information............................ 22

2.5.5 Refund Policy............................................................................... 22

2.6 Publication and Repositories.............................................................. 22

2.6.1 Publication of CA Information.......................................................... 22

2.6.2 Frequency of Publication................................................................ 23

2.6.3 Access Controls........................................................................... 23

2.6.4 Repositories................................................................................. 23

2.7 Compliance Audit............................................................................... 23

2.7.1 Frequency of Compliance Audit....................................................... 23

2.7.2 Identity/ Qualifications of Auditor.................................................... 24

2.7.2.1 Self-Audits................................................................................ 24

2.7.3 Auditor’s Relationship to Audited Party.............................................. 24

2.7.4 Topics covered by audit................................................................ 24

2.7.5 Actions Taken as a Result of Deficiency............................................ 25

2.7.6 Communications of Results............................................................. 25

2.8 Confidentiality Policy........................................................................ 25

2.8.1 Types of Information to be Kept Confidential..................................... 26

2.8.2 Types of Information Not Considered Confidential............................... 26

2.8.3 Disclosure of Certificate Revocation/Suspension Information................. 26

2.8.4 Release to Law Enforcement Officials............................................... 26

2.8.5 Release as part of Civil Discovery.................................................... 27

2.8.6 Disclosure Upon Owner’s Request.................................................... 27

2.8.7 Other Information Release Circumstances......................................... 27

2.9 Intellectual Property Rights............................................................... 27

2.9.1 Rights in Certificates..................................................................... 27

2.9.2 Rights in the CP & CPS................................................................... 27

2.9.3 Rights in Names........................................................................... 28

2.9.4 Rights in Keys and Key Material....................................................... 28

3 Identification And Authentication........................................................ 29

3.1 Initial Registration........................................................................... 29

3.1.1 Types of Names........................................................................... 29

3.1.2 Meaning of Names........................................................................ 29

3.1.3 Rules for Interpreting Various Name Forms....................................... 30

3.1.4 Uniqueness of Names.................................................................... 30

3.1.5 Name Claim Dispute Resolution........................................................ 30