7 Issuing versus reliance

7.1.1 This document is about deciding which CAs may be used to issue certificates to public servants.

7.1.2 Systems that need to involve individuals from other jurisdictions may be configured to rely on other CAs in addition to New Zealand government approved CAs, for example a shared workspace system involving both Australian and New Zealand officials may trust both our own CAs, and Australian CAs.

7.1.3 There is currently work on cross-recognition of PKIs through Europe, APEC, and between individual countries, for example UK and Australia. This is mainly about reliance rather than issuing.

7.1.4 The decision on what CAs a system will rely on will be a matter for individual systems to determine, and the resulting level of trust in the system will need to be understood by the system's user base.

7.1.5 People involved with government but not in the public service, such as consultants, may also be required to use a S.E.E. PKI. The cost of these certificates would most likely be borne by a government agency. Note that this document is not about systems that require broad government-business interaction.