Interface Code of Connection and PKI Certificate Policy


Interface Code of Connection (CoCo) and Public Key Infrastructure (PKI) Certificate Policy

The  Interface Code of Connection (CoCo)  document for the DIP Service Interface defines the interface usage requirements and responsibilities for participants to securely exchange information. It also identifies configurable parameters that will be periodically reviewed to cater for changing demand and capacity forecasts.   

The Public Key Infrastructure (PKI) Certificate Policy  sets out the requirements for the DIP PKI environment and the operational rule framework for the PKI services provided.   The PKI can be viewed below:

PKI Certificate Policy

abstract_design.jpg

Group_692.jpg

Interface Code of Connection v1.5 

Following the approval of version 1.4 in July 2023, the Programme uplifted the CoCo with edits to the following sections and issued the document for two more industry consultations:

  • Section 6.1.3 – Certificate revocation
  • Section 8.4 – Signing Messages
  • Section 8.5 – Verifying Signatures
  • Section 8.6 – Signature Key Generation and Certificate Signing Requests (CSRs)
  • Section 8.8 - Application Programming Interface (API) Keys

Thank you to all participants who provided input and feedback on these consultations. You can view the Consolidated Comments Log below, for information on the consultation comments and responses.

CoCo & PKI Consolidated Comments Log

The CoCo was approved by correspondence at the Security Design Working Group (SDWG) on Wednesday 17 July 2024 and version 1.5 was approved.

You can view the approved version 1.5 of the CoCo below:

Interface Code of Connection v1.5

If you have any questions, please email the DIP Team at [email protected] 


DIP PKI Certificate Profiles

The Programme also published an updated version of the DIP PKI Certificate Profiles v1.1 which contains the definitive profile for the DIP PKI Certificates.

DIP PKI Certificate Profiles v1.1

DIP Service Users must ensure that they adhere to this profile when creating Certificate Signing Requests (CSRs). The Certificates must be built or configured as indicated in the profile to ensure they work correctly, and CSRs are not rejected.

If you have any questions, please email the DIP team at [email protected] 

online.jpg