TY - JOUR
T1 - Exploration study of certificate policy and certification practice statement design for certification authorities in Indonesia
AU - Ruldeviyani, Yova
AU - Gandhi, Arfive
AU - Sucahyo, Yudho Giri
N1 - Publisher Copyright:
© 2005 – ongoing JATIT & LLS.
PY - 2018/8/31
Y1 - 2018/8/31
N2 - Certification Authority (CA) must unveil its Certificate Policy (CP) and Certification Practice Statement (CPS) as obligatory and fundamental documents to describe its technical information security, business processes, and legal compliance. Although had been initiated since 2014, Indonesia National Public Key Infrastructure (INPKI) still cannot be operated completely by Root CA, Sub-CA’s, and other involved participants. This situation affected by CA’s inability to produce adequate CP and CPS that cover necessary information required above. As Root CA in INPKI, Ministry of Communication and Information Technology (MCIT) shall propose CP and CPS for itself and also provide CP and CPS framework for its Sub-CAs. Previously, Sub-CAs confronts difficulties to propose CP and CPS due to their low proficiency. Using the concept of knowledge management, MCIT needs to regulate and educate Sub-CAs and itself as Root CA by proposing CP and CPS as knowledge transfer and guidelines. Proposed CP and CPS become empirical externalization and internalization so that each CA can compose its own CP and CPS with decent content to cover the required issues. This research explores how CAs in INPKI formulates their CP and CPS based on Request for Comment (RFC) 3647 with larger point of view. This exploration aims to extend and criticize whether the proposed CP and CPS are qualified to encourage the CA’s readiness and the preparation of INPKI. This exploration contributes significant impact through preparation of CP and CPS. Produced CP and CPS will be more qualified and enhanced in unveiling necessary information to obtain trustworthiness in three aspects: governance; technical; and human resource requirements.
AB - Certification Authority (CA) must unveil its Certificate Policy (CP) and Certification Practice Statement (CPS) as obligatory and fundamental documents to describe its technical information security, business processes, and legal compliance. Although had been initiated since 2014, Indonesia National Public Key Infrastructure (INPKI) still cannot be operated completely by Root CA, Sub-CA’s, and other involved participants. This situation affected by CA’s inability to produce adequate CP and CPS that cover necessary information required above. As Root CA in INPKI, Ministry of Communication and Information Technology (MCIT) shall propose CP and CPS for itself and also provide CP and CPS framework for its Sub-CAs. Previously, Sub-CAs confronts difficulties to propose CP and CPS due to their low proficiency. Using the concept of knowledge management, MCIT needs to regulate and educate Sub-CAs and itself as Root CA by proposing CP and CPS as knowledge transfer and guidelines. Proposed CP and CPS become empirical externalization and internalization so that each CA can compose its own CP and CPS with decent content to cover the required issues. This research explores how CAs in INPKI formulates their CP and CPS based on Request for Comment (RFC) 3647 with larger point of view. This exploration aims to extend and criticize whether the proposed CP and CPS are qualified to encourage the CA’s readiness and the preparation of INPKI. This exploration contributes significant impact through preparation of CP and CPS. Produced CP and CPS will be more qualified and enhanced in unveiling necessary information to obtain trustworthiness in three aspects: governance; technical; and human resource requirements.
KW - CP
KW - CPS
KW - Certificate policy
KW - Certification authority
KW - Certification practice statement
KW - Information security
KW - Public key infrastructure
UR - http://www.scopus.com/inward/record.url?scp=85052936596&partnerID=8YFLogxK
M3 - Article
AN - SCOPUS:85052936596
SN - 1992-8645
VL - 96
SP - 5385
EP - 5397
JO - Journal of Theoretical and Applied Information Technology
JF - Journal of Theoretical and Applied Information Technology
IS - 16
ER -