Public Key Infrastructure and Certification Policy for Inter - domain Management

This document describes the certification policy and PKI (Public Key Infrastructure) proposed by the ACTS project TRUMPET for inter-domain management between telecommunications providers, and for customer access to management functionality offered by providers. The PKI consists of one Certification Authority (CA) per provider, and one Inter-domain Management CA which certifies these CAs. At present, the Inter-domain Management CA is a root-CA for the TRUMPET project, but it is envisaged that this may be placed under the umbrella of an existing (or forthcoming) PKI, for example the ICE-TEL infrastructure. Security requirements for CAs and subjects are outlined, as well as procedures for certification of CAs and subjects. Subjects in this context are not human users, but either management applications or organisational / role identities.