Re: [egov] Brief report: G2G PKI in the Nordic Region

["David RR Webber" <david@drrw.info>]

Anders,

I forgot to add - the white paper is IMHO a
fabulous summary of where we are in time and
space on all this.

Clearly early movers need to start understanding their
own vision and needs and making good things happen
in this whole arena instead of the alternate, and famous,
ostrich approach!  I presume that is the 'hidden message'
here in investing all the time and effort in the white paper
in the first place... to shine a light in useful places?

Thanks, DW

----- Original Message ----- 
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: <egov@lists.oasis-open.org>
Sent: Saturday, July 17, 2004 4:15 PM
Subject: [egov] Brief report: G2G PKI in the Nordic Region


> Maybe the following information regarding the current developments
> in the Nordic region could be of  some interest?
>
> Each of the Nordic countries' governments have more or less on
> their own, come to the conclusion that inter-authority (G2G) as well
> as future government-to-business (G2B) messaging should for numerous
> reasons be based on domain-based security which is similar to firewall
> deployment.  By doing that governments maintain message integrity,
> confidentiality and strong authentication (sometimes referred to as non-
> repudiation), without taking on a full-scale PKI project between the
> different authorities (internally, each authority is usually free to
deploy
> client security solutions in their own pace, fitting their budgets and
needs).
>
> Effectively each outgoing message is secured by a _single_ certificate,
> identifying only the authority with the aid of a registered organization-
> unique number and a common name.  Such certificates are issued by
> specifically designated TTPs.
>
> The most recent development is to extend this concept to also
> support country-to-country messaging!
>
> Due to the very few CAs involved (one ot two in each country),
> and the simple, uniform and flat PKI structure, there is no need
> for any cross-certification or brídge CAs, in spite of the fact that
> such a network will eventually support millions of public sector
> employees, spread over several thousands of different authorities
> and communes, distributed over at least four countries.
>
> The following paper which was submitted to PKI Workshop 2003
> http://w1.181.telia.com/~u18116613/pki4org.pdf
> describes the principles and motives behind this scheme.
>
> These PKI developments are also closely aligned with current LDAP
> usage, here citing Verisign's Phillip Hallam-Baker:
>
>        "Paradoxically it is the value of  the directory as the
>          central hub of the enterprise information
>          infrastructure that constrains its use"
>
> On the next IETF meeting it has been said that there will be a
> Gateway Signing BOF.  Although I don't plan to attend, I have
> a feeling that this could be interesting as the scope of these
> concepts also apply to spam filtering because if an entire domain
> is recognized by a signature, ISPs will be much more cautious
> regarding spamming customers.
>
> Best Regards
> Anders Rundgren
> Consultant, e-infrastructure
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/egov/members/leave_workgroup.php.
>
>