CA Certificates Distribution
The following are adopted methods for securely delivering GRCA's self-signed certificate :
- The CCA signed by GRCA and interoperating CA could stipulate that the interoperating CA shall include GRCA's self-signed certificate in the IC card which also loads the interoperating CA's certificate. This IC card will then be delivered in a (prior agreed ) trustworthy way;
- With the agreement of a trusted third party, GRCA's self-signed certificate can be directly built in some software issued by this trusted third party. When users acquire this software through a secure channel ( such as purchasing the installation CDROM of this software from a trustworthy retailer), they will get the trusted self-signed certificate ;
- Attach GRCA's self-signed certificate to some CDROM issued in mass quantity. A trusted self-signed certificate can then be obtained along with a copy of this CDROM.
- During the Initiation of GRCA which shall be witnessed by the Steering Committee. A certifying statement signed by the Steering Committee containing GRCA's public key will be released to the media for announcement. When downloading GRCA's self-signed certificate, relying parties can examine its authenticity by comparing the public-key with the media-announced public-key.