1. INTRODUCTION - 1.3 PKI participants - 《Let's Encrypt 中文文档 - 202012》

1.3 PKI participants

1.3 PKI participants

1.3.1 Certification authorities

ISRG is a CA that provides services including, but not limited to, issuing, managing, validating, revoking, and renewing publicly-trusted Certificates. These services are performed in accordance with the requirements of this Certificate Policy (CP) and the ISRG Certification Practice Statement (CPS). These services are provided to the general public with exceptions as deemed appropriate by ISRG management or in accordance with relevant law.

ISRG PKI services are most commonly, but not necessarily exclusively, provided under the brand/trademark “Let’s Encrypt”.

1.3.2 Registration authorities

ISRG does not delegate any validation tasks to third party registration authorities.

1.3.3 Subscribers

See definition of “Subscriber” in Section 1.6.1 Definitions.

1.3.4 Relying parties

See definition of “Relying Party” in Section 1.6.1 Definitions.

Relying Parties must verify the validity of certificates via CRL or OCSP prior to relying on certificates. CRL and OCSP location information is provided within certificates.

1.3.5 Other participants

Other participants include CAs that cross-sign or issue subordinates to the ISRG PKI.

ISRG PKI vendors and service providers with access to confidential information or privileged systems are required to operate in compliance with this CP.