[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Fwd: RE: UPU CPC EPM Positioning Proposal vis-a-vis the OASIS DSS
At 10:16 AM 7/9/2003 -0700, Ed wrote: >> Carlisle's "Corporate Seal" 2.1 and "Identified Requestor" 2.3 use cases >>are closely related, as he states in the use-case itself. The value is >>definitely coming from an "inside (the corporation) looking out" >>perspective. The Government of Canada also saw this value and requested the >>S2S EPM. This is the subset of the EPM I spoke of that actually uses the >>"External Sign" operation described in our WSDL. This Sign however was >>mandated (by the Canadian Security Establishment (CSE), one of only 2 >>FIPS-140 certified accreditation labs in North America) to take place >>"within" the departments' of the GoC using departmentally-held and keying >>material. Each department within the government was mandated to use "their >>own" internally-controlled and deployed "Corporate Signing" service (using >>the EPM S2S Sub-Service of the Government Secure Channel as the vehicle). I'd love to hear more details, so we can make sure DSS's Sign operation meets EPM's "External Sign" requirements. >> In my opinion, this description above is what Carlisle seems to be >>alluding to. This very much constrained and controlled definition of >>"delegated signing" we would condone. Your description of "delegating >>signing" is an enormous leap from the above definition. I wonder what >>Carlisle originally envisioned ? I think Carlisle, I, and yourself are in violent agreement that this use case makes most sense when an organization is maintaining a DSS for its members. >> To take this all the way out to a definition where some 3rd party DSS >>signing service "holding the private keys of the corporations' of America" >>is what we find totally off the mark. I don't think that would be a good idea either. Like I mentioned, I wrote a paper arguing for what DSS would view as the client-side-hashing, identified-requestor-with-single-keypair use case. It argues that if you have a PKI hierarchy that contains, say, government CAs certifying corporate CAs, and corporate CAs certifying employees, then you should replace that bottom layer of certificates with delegated signing/encryption servers **that are hosted by the organization for the benefit of its members**. In other words, a 2-layer system with PKI between corporations, since PKI complexities are manageable at the server level, with users insulated from these complexities by delegated signing/encryption servers. From the conclusion: "Delegated cryptography splits the problem of end-to-end security into an intra-enterprise portion that can be addressed with authentication techniques and an inter-enterprise portion that can be addressed with PKI. This exploits the strengths and avoids the weaknesses of both technologies: Authentication techniques are easy to use and widely deployed, but can only secure interactive sessions between two parties. PKI can secure sessions or messages between a large number of parties, but imposes complex and difficult burdens on these parties. By using authentication techniques to access a PKI-enabled server we can confine the burdens of PKI to a single point within an enterprise while making its benefits available throughout." Maybe that's a little pollyanna-ish, and we're just designing a protocol, we don't have to agree on architectural visions of that sort, but that's where I'm coming from at least. And I think that's inline with what Carlisle proposed, and what EPM's External Sign is about. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]