EXPLORATION STUDY OF CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT DESIGN FOR CERTIFICATION AUTHORITIES IN INDONESIA

摘要

Certification Authority (CA) must unveil its Certificate Policy (CP) and Certification Practice Statement (CPS) as obligatory and fundamental documents to describe its technical information security, business processes, and legal compliance. Although had been initiated since 2014, Indonesia National Public Key Infrastructure (INPKI) still cannot be operated completely by Root CA, Sub-CA?s, and other involved participants. This situation affected by CA?s inability to produce adequate CP and CPS that cover necessary information required above. As Root CA in INPKI, Ministry of Communication and Information Technology (MCIT) shall propose CP and CPS for itself and also provide CP and CPS framework for its Sub-CAs. Previously, Sub-CAs confronts difficulties to propose CP and CPS due to their low proficiency. Using the concept of knowledge management, MCIT needs to regulate and educate Sub-CAs and itself as Root CA by proposing CP and CPS as knowledge transfer and guidelines. Proposed CP and CPS become empirical externalization and internalization so that each CA can compose its own CP and CPS with decent content to cover the required issues. This research explores how CAs in INPKI formulates their CP and CPS based on Request for Comment (RFC) 3647 with larger point of view. This exploration aims to extend and criticize whether the proposed CP and CPS are qualified to encourage the CA?s readiness and the preparation of INPKI. This exploration contributes significant impact through preparation of CP and CPS. Produced CP and CPS will be more qualified and enhanced in unveiling necessary information to obtain trustworthiness in three aspects: governance; technical; and human resource requirements.