https://chaoswelle.de/index.php?title=HAM-PKI/Policy&action=history Versionsgeschichte für diese Seite in Chaoswelle de MediaWiki 1.11.2 Sat, 18 Apr 2026 03:41:02 GMT https://chaoswelle.de/index.php?title=HAM-PKI/Policy&diff=10529&oldid=prev <p>HAM-PKI policy work in progress</p> <p><b>Neue Seite</b></p><div>= ChaosWelle PKI Certification And Revocation Policy =<br /> <br /> This document is a WIP draft policy listing the conditions required to issue HAM-PKI certificates by Chaoswelle CA, as well as the conditions for revocation of such certificates.<br /> <br /> == Certificate Issuance ==<br /> <br /> The Chaoswelle CA will issue HAM-PKI Certificates ('''Certs''') to '''Applicants''' that have been successfully '''Authorized'''.<br /> <br /> === Certs ===<br /> <br /> A HAM-PKI '''Cert''' created by Chaoswelle CA must contain the following information in its distinguished name (DN):<br /> <br /> * Full Name (&lt;code&gt;CN&lt;/code&gt;)<br /> * E-Mail (&lt;code&gt;OID.1.2.840.113549.1.9.1&lt;/code&gt;)<br /> * Callsign (&lt;code&gt;OID.1.3.6.1.4.1.12348.1.1&lt;/code&gt;)<br /> <br /> TODO: Are additional fields needed / allowed?<br /> <br /> An audit record is created for every issued '''Cert''' containing the following data:<br /> <br /> * Full Name<br /> * Postal Address<br /> * E-Mail<br /> * Callsign<br /> * HAM-PKI user who approved the request<br /> * Date and Time of approval<br /> * Certificate<br /> <br /> === Applicants ===<br /> <br /> '''Certs''' are issued to the following entities:<br /> <br /> * Natural persons (the Callsign must be assigned to that person and the assignment must be valid)<br /> * TODO: Training callsigns<br /> * TODO: Club stations (have a separate field in the DN for club vs. natural person assignee?)<br /> * TODO: Other Kinds Of Applicants?<br /> <br /> === Authorization ===<br /> <br /> ==== Natural Person ====<br /> <br /> A natural person needs to provide the following documents to be entitled for a '''Cert''':<br /> <br /> * Callsign assignment document scan(must show the person's full name and be valid)<br /> * A recent utility bill scan (not older than 31 days, must show the person's full name and address)<br /> <br /> == Certificate Revocation ==<br /> <br /> Chaoswelle CA will be operating a [http://en.wikipedia.org/wiki/Revocation_list CRL] and indicate that CRL in the issued '''Certs'''. To put a given '''Cert''' on the CRL, proof is needed that the '''Cert''' was issued to an incorrect '''Applicant''', i.e. the Callsign, Full Name or E-Mail Address values of the '''Cert''' do not belong to the person using the '''Cert'''.<br /> <br /> This proof must be presented by the actual owner of the Callsign or E-Mail Address, or by a third party that can believably show that the '''Cert''' was issued wrongly.<br /> <br /> '''Certs''' will only be revoked if they were issued to the wrong person, or used by a different person. Technical abuse of Internet services by the official owner of a '''Cert''' does not qualify for revocation. Instead, technical measures must be taken at the abused system.</div> Sat, 27 Dec 2014 18:27:35 GMT DO1GL https://chaoswelle.de/Diskussion:HAM-PKI/Policy