[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Brief report: G2G PKI in the Nordic Region
Maybe the following information regarding the current developments in the Nordic region could be of some interest? Each of the Nordic countries' governments have more or less on their own, come to the conclusion that inter-authority (G2G) as well as future government-to-business (G2B) messaging should for numerous reasons be based on domain-based security which is similar to firewall deployment. By doing that governments maintain message integrity, confidentiality and strong authentication (sometimes referred to as non- repudiation), without taking on a full-scale PKI project between the different authorities (internally, each authority is usually free to deploy client security solutions in their own pace, fitting their budgets and needs). Effectively each outgoing message is secured by a _single_ certificate, identifying only the authority with the aid of a registered organization- unique number and a common name. Such certificates are issued by specifically designated TTPs. The most recent development is to extend this concept to also support country-to-country messaging! Due to the very few CAs involved (one ot two in each country), and the simple, uniform and flat PKI structure, there is no need for any cross-certification or brídge CAs, in spite of the fact that such a network will eventually support millions of public sector employees, spread over several thousands of different authorities and communes, distributed over at least four countries. The following paper which was submitted to PKI Workshop 2003 http://w1.181.telia.com/~u18116613/pki4org.pdf describes the principles and motives behind this scheme. These PKI developments are also closely aligned with current LDAP usage, here citing Verisign's Phillip Hallam-Baker: "Paradoxically it is the value of the directory as the central hub of the enterprise information infrastructure that constrains its use" On the next IETF meeting it has been said that there will be a Gateway Signing BOF. Although I don't plan to attend, I have a feeling that this could be interesting as the scope of these concepts also apply to spam filtering because if an entire domain is recognized by a signature, ISPs will be much more cautious regarding spamming customers. Best Regards Anders Rundgren Consultant, e-infrastructure
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]