DutchGrid worthless DEMO CA, Policies

• 1.2 (Identification) - the DEMO CA has no OID
• 1.3.1 (Cert authorities) - the DEMO CA may issue certs automatically
• 1.4.1.1 (Online repositories) - URLs may be different or non-existant
• 2.4.2 (Severability...) - the DEMO CA has NO severability etc.
• 2.7 (Compliance audit) - their shall be no auditing
• 3.1.4 (Uniqueness of names) - certificates issued by the DEMO CA may be re-certified under the medium-security policy, but not the other way round
• 3.1.7 (Possession of private key ) - no stipulations
• 3.1.8 (Authentication of organisation identity) - no stipulation
• 3.1.9 (Authentication of individual identity) - no stipulations
• 4.1 (Certificate Application) - the maximum life time shall be 180 days
• 4.5 (Security Audit Procedures) - no stipulation for entire section
• 4.6 (Records Archival) - no stipulation for entire section
• 4.8.1 (Computing resources ...) - no stipulations
• 5.1.1 (Site location ...) - The CA machine can be any desktop at NIKHEF that is capable of reading the ZIP disk with the CA archive and CA private key
• 5.1.2 (Physical access) - the medium with the CA private data will be in a locked room accessible only by NIKHEF personnel
• 6.1.1 (Key pair generation) - the system is not disconnected
• 6.1.5 (Key sizes) - the DEMO CA key is 1024 bits
• 6.2.4 (Private key backup) - there is no securely controlled environment
• 6.2.6 (Private key entry...) - the pass phrase is more than 8 characters
• 6.3.2 (The root certificate will expire on Mar 2, 2011
• 6.4.1 (Activation data) - no stipulation
• 6.5.1 (Specific computer security...) - the CA machine is connected to a network, the key pair is kept on removable media only