Participants of the European Bridge CA (EBCA) should meet a common minimum security standard. In sum, following requirements are fulfilled:
Each participant in the PKI of an EBCA member
- will be clearly and unequivocally identified before starting the certification/creating certificates and
- will be registered in a data base which is protected against identity manipulation for all subsequent process steps.
Based on these data, within a secure environment,
- a key pairs will be generated
- a X.509 certificate will be issued in a manipulation-proof and publicly verifiable manner via the public key and
- this certificate will be securely delivered to the new certificate holder so that the private key always stays in his possession.
A binding policy pertaining to labor law obliges the certificate holder
- to exclusively utilize and
- to cautiously handle cryptographic key material.
The EBCA member shall guarantee by his good name that
- these security requirements will be fulfilled and
- all amendments, blocking or compromising will be available to other members in a timely manner.
The standards are recorded in the EBCA Certificate Policy. The document is structured in the RFC-3647 format and functions as guidance for the Certificate Policy or the Certificate Practice Statement, which participants of the EBCA must possess. Furthermore, it includes technical and organizational regulations to which participants must comply and to which they are bound in the Declaration of conformity.