Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » Draft Interim Guidelines for the use of Public Key Technology in Government » 13 Future migration to a formal PKI

13 Future migration to a formal PKI

  1. Digital certificates usually have a limited validity period, e.g. 12 months. This may be an opportune time to move staff from an Interim solution to a formal PKI once this is available. Alternatively, the solution adopted may be readily moulded for audit or accreditation under the formal PKI.

  2. A CA might tighten a certificate practice statement to reach compliance 12 months after the tightening has been actioned - 12 months being the validity period after which all user certificates will have been replaced. This is probably acceptable except for finer points like the fact that archived signed material, e.g. digitally signed documents may be trusted to a higher level than was originally intended. Apparently, this can be mitigated through the use of version-controlled Certificate Policies mapped to the Policy OID.

  3. Agencies should retain copies of individuals' applications and paper work so that these can be re-used with another certification authority if required.

  4. The user needs to retain old certificates/keys for decryption of old material. Authentication or signing only keys can be disposed.


[ Previous | Next ]