1.1 Overview: ...CP/CPS as of January 15, 2009, 09:00 UTC > ...CP/CPS as of October 15, 2009, 09:00 UTC 1.2 Document Name and Identification Document Version: 2.1 > Document Version: 2.2 Document Date: January 15, 2009, 2008 > Document Date: October 9, 2009 ...(OID): 1.3.6.1.4.1.23658.10.1.2.1 > ...(OID): 1.3.6.1.4.1.23658.10.1.2.2 3.2.1 Method to Prove Possession of a Key ...SSL ptotected HTTP... > ...SSL protected HTTP... 5.6 Key Changeover Lifetime of TR-GRID CA is 5 years and ... > Lifetime of TR-GRID CA is 20 years and ... 6.3.2 Certificate Operational Periods and Key Pair Usage Periods TR-GRID CA root certificate has a validity of five years. > TR-GRID CA root certificate has a validity of twenty years. 7.1.2 Certificate Extensions TR-GRID CA supports and uses the following X.509 v3 Certificate extensions: CA root certificate extensions: Basic Constraints: critical, CA:TRUE Key Usage: critical, CRL Sign, Key Cert Sign Subject Key Identifier Authority Key Identifier Netscape Cert Type Netscape Comment Netscape CA Revocation Url Netscape CA Policy Url End entity certificate extensions: Basic Constraints: critical, CA:FALSE Key Usage: critical, Digital Signature, Key Encipherment, Data Encipherment Extended Key Usage: Client Authentication for users, Client Authentication and Web Authentication for hosts Subject Key Identifier Authority Key Identifier Subject Alternative Name: DNS Name=FQDN for hosts CRL Distribution Points Certificate Policies > TR-GRID CA supports and uses the following X.509 v3 Certificate extensions: CA root certificate extensions: Basic Constraints: critical, CA:TRUE Key Usage: critical, CRL Sign, Key Cert Sign Subject Key Identifier Authority Key Identifier CRL Distribution Points End entity certificate extensions for users: Basic Constraints: critical, CA:FALSE Key Usage: critical, Digital Signature, Key Encipherment, Data Encipherment Extended Key Usage: TLS Web Client Authentication, E-mail Protection CRL Distribution Points Authority Key Identifier Subject Key Identifier Certificate Policies Subject Alternative Name: Email=e-mail address of user, optional End entity certificate extensions for hosts: Basic Constraints: critical, CA:FALSE Key Usage: critical, Digital Signature, Key Encipherment, Data Encipherment Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication CRL Distribution Points Authority Key Identifier Subject Key Identifier Certificate Policies Subject Alternative Name: DNS Name=FQDN for hosts 7.2.2 CRL and CRL Entry Extensions The CRL extension Authority Key Identifier will be used in CRLs. > The CRL extension Authority Key Identifier and CRL Number will be used in CRLs.