Policy CAs:

Giganews Newsgroups
Subject: Policy CAs:
Posted by:  Kristin L. Griffin (KristinLGriff…@discussions.microsoft.com)
Date: Tue, 29 Jan 2008

I am still not completely sure as to the functions of a Policy CA.  I
understand that it is an intermediate CA.

And I understand the definition found on Technet (below).  What I am not
clear on is HOW it describes these policies and how it forces other CAs below
it to abide by the rules.

I have added specific questions in line below:

Thanks!  Kristin

Policy CA definition on Technet:

The role of a policy CA is to describe the policies and procedures that an
organization implements to secure its PKI, the processes that validate the
identity of certificate holders, and the processes that enforce the
procedures that manage certificates.

---> how does it decribe the procedures?  I know about the website URL for
policy statements, but how does it describe the processes and procedures?
What form do they take?  A website with text?  A template?

A policy CA issues certificates only to
other CAs. The CAs that receive these certificates must uphold and enforce
the policies that the policy CA defined.

----> How are the chiild CAs forced to uphold and enforce the policies?

It is not mandatory to use policy CAs unless different divisions, sectors,
or locations of your organization require different issuance policies and
procedures. However, if your organization requires different issuance
policies and procedures, you must add policy CAs to the hierarchy to define
each unique policy.

---> How are the policies defined?  Are they done in the .inf files?  What
makes up the policy exactly?

For example, an organization can implement one policy CA
for all certificates that it issues internally to employees and another
policy CA for all certificates that it issues to non-employees.