5.1.5 Name Binding

A CA has the responsibility to bind a name to a key within an ID certificate and to do so with a proper level of care. In commercial CAs, this is called "certification practices". The actual certification practices required in any deployment of a CA depend on the security requirements of the various RPs that will use these certificates. However, each deployment of a CA should establish the security requirements of its RPs and the appropriate certification practices. The trust root on an RP should list only those CA root keys (root certificates) that meet the RP's security requirements.