Root Certificate Authorities
GPTKB entity
Statements (59)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Municipality
|
| gptkbp:awardedBy |
Can revoke certificates
|
| gptkbp:baseLocation |
gptkb:Certificate_Revocation_List_(CRL)
Must have a clear revocation process |
| gptkbp:cancellationReason |
Superseded
Key compromise Affiliation change Cease of operation |
| gptkbp:certifications |
Root certificates
Must have a certificate policy Must have a certificate practice statement Participate in certificate transparency logs |
| gptkbp:communityRole |
Establish trust in digital communications
|
| gptkbp:contraindication |
Online Certificate Status Protocol (OCSP)
|
| gptkbp:dataUsage |
Must be securely backed up
|
| gptkbp:emergencyServices |
Have disaster recovery plans
|
| gptkbp:examiner |
Regularly audited
|
| gptkbp:examples |
gptkb:DigiCert
Let's Encrypt Comodo Entrust GlobalSign |
| gptkbp:function |
Issue digital certificates
|
| gptkbp:hasHistory |
gptkb:RSA
ECDSA |
| https://www.w3.org/2000/01/rdf-schema#label |
Root Certificate Authorities
|
| gptkbp:industry |
Follow industry standards for operations
|
| gptkbp:interagencyCooperation |
Must be interoperable with browsers
Must be interoperable with operating systems |
| gptkbp:issueFeePaid |
Have an incident response plan
|
| gptkbp:isValuedFor |
Domain Validation
Extended Validation Organization Validation |
| gptkbp:keyIssues |
2048 bits
4096 bits Must manage keys securely Must protect private keys |
| gptkbp:level |
High
|
| gptkbp:lifespan |
1 to 3 years
Can be longer for some cases |
| gptkbp:loyaltyProgram |
Root certificates act as trust anchors
|
| gptkbp:mandates |
Intermediate_Certificate_Authorities
|
| gptkbp:operatedBy |
Trusted organizations
|
| gptkbp:operatingHours |
Linux
Windows macOS |
| gptkbp:provides_access_to |
Provide public trust for digital certificates
Users_trust_Root_Certificate_Authorities |
| gptkbp:publicAccess |
Educate users about trust and certificates
|
| gptkbp:regulatoryCompliance |
gptkb:WebTrust
ETSI CA/Browser Forum |
| gptkbp:rootSystem |
Included in root stores of browsers
Included in root stores of operating systems |
| gptkbp:security |
Protect sensitive data
Can be targeted by attackers Compromise can lead to widespread issues Implement strong security practices |
| gptkbp:usedIn |
gptkb:Public_Key_Infrastructure_(PKI)
|