Frequently Asked Questions (FAQ)

Q:  What is Public Key Cryptography?

A: Public Key Cryptography is the encryption technology where encryption and decryption is performed by separate but related keys, one which is kept private and one which is made public. This encryption technology is the base for Public Key Infrastructure (PKI).

Q:  What is Public Key Infrastructure?

A: Public Key Infrastructure (PKI) is a technology, together with the relevant operational, registration, revocation and other certificate management procedures, assuring the security and protection of electronic communications and of data stored electronically through the use of certificates and private/public key pairs.

Q:  What is a Certificate and a Qualified Certificate?

A: A Certificate is an electronic credential that is signed by a Certification Services Provider (CSP) certifying the relationship between a public key and the identity of the key holder.  It also includes technical information used by software for tasks such as checking its validity.

A Qualified Certificate is a special kind of Certificate that:

1. contains a minimum set of elements that are specified in the European Directive (99/93/EC); and
2. is produced by a Qualified CSP which meets the specific technical and procedural requirements that are also spelled out in the Directive.

Q:  What are a Certification Authority (CA) and Certificate Service Provider (CSP)?

A: Generally speaking, these terms are used interchangeably to denote an issuer of digital certificates.  Some commercial CSPs undergo audits (such as WebTrust) and have their root certificates enabled in software such as operating systems and browsers.  Some CSPs acheive "Qualified" status, providing certain benefits to users of their certificates.

Q:  What is an Advanced Electronic Signature?

A: An Advanced Electronic Signature is an electronic signature which meets the following requirements:

1. it is uniquely linked to the signatory;
2. it is capable of identifying the signatory;
3. it is created using means that the signatory can maintain under his sole control; and
4. it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

Q:  What is a Qualified Electronic Signature?

A: The European Directive (99/93/EC) regulates the implementation and recognition of electronic signatures within the European Union.  the Directive stipulates that a Qualified Electronic Signature (QES) shall:

1. Be an Advanced Electronic Signature as define in the Directive. Currently, only PKI digital signatures (using asymmetric cryptography) fulfil those requirements;
2. Be based on a Qualified Certificate (QC) issued by a suitably certified Certification Service Provider (CSP); and
3. Be created Secure Signature‐Creation Device (SSCD) that meets specific functional conditions which are also laid down in the Directive.

Q:  What is an Extended Validation (EV) SSL certificate and how does it differ from other forms of SSL?

A: An EV SSL certificate is issued according to the Extended Validation Guidelines produced by the CA/B Forum which aim to verify the identity of the website owner, its exclusive use of the domain, and the authority of its personnel. Only certification authorities who are audited for compliance to these Guidelines may issue EV.

Most current-generation browsers recognise the value of EV by providing specific indicators (such as the "green bar" in IE7) and enhanced security reports that highlight the name and address of the website owner, as well as the CA that issued the certificate.

Other forms of SSL are commonly known as "domain validation" (in which control of the domain in established) or "organisation validation" (in which the Subject is identified). However, each CA followed different practises in issuing these certificates, which were all displayed in the same way by browsers regardless of the quality of the validation.