With the aim of simplifying the issuance of the digital certificate for society with even more security, the Brazilian Public Key Infrastructure Management Committee - CG ICP-Brasil took important decisions by unanimously approving the agenda discussed at the first meeting of the year, this Thursday Friday (30), at the headquarters of the National Institute of Information Technology, in Brasília. The GC ICP-Brasil is made up of representatives of the government and civil society in a liberal model and plays the role of managing authority for the sector's policies.
"Today's meeting has a fundamental role, as it brings with it the elements of a new government, which comes to break some barriers in the sense of an opening to the reduction of bureaucracy and access to digital services", declared the Committee's coordinator, the representative of the Civil House of the Presidency of the Republic, Fernando Wandscheer, at the start of the meeting.
The director-president of the ITI, Marcelo Buz, explained that the CG – ICP-Brasil creates environments to encourage the use of digital certificates in applications of various public services, which are in a “latent development” of debureaucratization and digitization. “Thus, ICP-Brasil assumes the leading role so that this adaptation can promote the reduction of the value in the issuance of the certificate so that every citizen can participate in this process intrinsic to the 21st century, maintaining all the security already recognized”, he stressed when commenting on profound changes to the modernization of the digital certification policy.
Approved updates
Approved unanimously, the agenda began with the possibility that the vote at the meetings of the GC ICP-Brasil can be cast by means of a specific power of attorney digitally signed in the ICP-Brasil standard to whom the entity chooses as its representative. Voting by proxy will take place in exceptional cases where the holder or alternate member of the institution cannot attend the meeting.
To avoid error messages when accessing sites with SSL and Codesign certificates, it was approved that the Certifying Authorities – CAs, including the CA – Root, and the Registration Authorities – AR, comply with the Webtrust requirements. In this case, audits must be carried out in accordance with the Webtrust program, established by Resolution No. 119, of 07/06/2017.
It was also approved by the committee that the updating of attribute certificates now includes the possibility of providing life cycle management services within the scope of Trusted Service Providers - PSC in the form of a subscription portal. Thus, the issuing entity may hire the services of an accredited PSC to provide the entire attribute management infrastructure.
Currently, a power of attorney for the purpose of issuing ICP-Brasil digital certificates of legal entities is allowed, provided that they have been drawn up up to 90 days before issuance. With the approved amendment, if this period is exceeded, it will suffice for the attorney to issue a second copy of the power of attorney at the notary where it was issued, and there is no longer any obligation to produce a new power of attorney. In the case of an individual, any type of power of attorney is prohibited.
Updates to ICP-Brasil regulations were also approved for the simplification and digitization of procedures aimed at increasing society's access to the digital certificate, reducing user service time and reducing bureaucracy in issuance procedures. Of note are the extinction of Provisional Posts, Technical Installations and Secondary Technical Installations; mandatory audit of the AR under the responsibility of the CA; End of the two-step identification requirement (validation and verification) at the time of certificate request in case of presentation of valid digital identification documents. In the last item, it should be noted that double verification will be maintained if the documents are presented on paper.
Other updates refer to the replacement of the paper dossiers by the electronic format; the weekly, and no longer monthly, submission by the CAs of the number of certificates issued; and the payment of the accreditation fee prior to the accreditation request with the ITI, with the candidate entities being able to be audited from the beginning of the request.
The members of the GC ICP-Brasil also approved the use of the “Automatic Certificate Management Environment – ACME” mechanism in the request for the issuance of a new SSL certificate based on the certificate still in force, enabling faster management of processes.
Participants
In addition to the ITI board, the following members of the ICP-Brasil GC participated: Fernando Wandscheer, from the Civil House; José Garcia da Luz, from the Institutional Security Office of the Presidency of the Republic; Vinicius Damasceno de Araújo, from the Government Secretariat; Luis Felipe Salin, from the Ministry of Economy; Luciana Mancini, from the Ministry of Foreign Affairs; Sérgio Antônio Garcia, from the Ministry of Science, Technology, Innovations and Communications; Thiago de Aquino Lima, from the Ministry of Justice and Public Security.
Márcio Nunes da Silva, from the National Association for Digital Certification – ANCD; Edmar Araujo, from the Association of Brazilian Registration Authorities – AARB; Salvador Ferrer, from the Brazilian Federation of Banks – FEBRABAN; Gianni Moreira Leitão, from the National Confederation of Trade in Goods, Services and Tourism – CNC, who also represented Camara e-Net.
EN 
PT 
