To be understandable to the ultimate users—the subscriber and relying party—the following principles have been developed with the relying party in mind, and, as a result, are intended to be practical and non-technical in nature.
Principle 1: CA Business Practices Disclosure
The first principle is—The certification authority discloses its key and certificate life cycle management business and information privacy practices and provides its services in accordance with its disclosed practices.
The CA must disclose its key and certificate life cycle management business and information privacy practices. Information regarding the CA’s business practices should be made available to all subscribers and all potential relying parties, typically by posting on its Web site. Such disclosure may be contained in a certificate policy [CP], certification practice statement [CPS], or other informative materials that are available to users (subscribers and relying parties).