OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pki-tc] EEMA pki Challenge papers

Thanx for the information.  It looked OK but the authors have reduced the scope to x.509-related things that is not where the major problem is today (as existing PKIs are mostly local).
I can report from Sweden that the e-governments have practically came to a standstill, not due to x.509 issues but due to the business models of the CAs involved.  One of the CAs requires end-users (citizens) to perform a time-consuming operation and pay some $30 to get a certificate, while a consortium of banks provide certificates for free by clicking on a button in the citizens on-line bank.  I can testify that this is really nice.   However, the "verifier" have to pay 25-60 cents for each status check as described in the following document: http://www.x-obi.com/OBI400/e-government-ID-A.Rundgren.pdf which works fine for the yearly IRS-declaration but not at all for frequent login to health-care portals etc.
Personally I believe the destiny of the four-corner model is the single most important question for wide-spread use of PKI in the society.  A delegation of public sector officials will talk to the Swedish government this fall and require CA business model "normalization".
Another problem is that we still don't have a cheap and standardized key-containers (smart card or similar) supported directly by the OS vendors.
Anders Rundgren
----- Original Message -----
From: Evans Paul
To: pki-tc
Sent: Wednesday, June 25, 2003 19:35
Subject: [pki-tc] EEMA pki Challenge papers

At Steve Hanna's suggestion, I'm providing links to some significant papers that are now available to the public and that we can leverage in our work. 

The European Electronic Messaging Association (EEMA) worked to carry forward the Challenge work of the EMA in North America in the form of their pki Challenge (pkiC). They made considerable effort to identify issues that impact interoperability and the deployment of PKI. They have succeeded in producing exceptionally useful materials that advance the understanding of PKI deployment issues. The EEMA reported out their results in April and released three additional papers last week.

The most applicable document to the PKI TC is the paper titled "Challenges for the PKI Industry" (92kb pdf).  Aimed at standards bodies, the European Commission, other groups with an interest in this area, and other participants, this paper outlines some of the technical challenges still facing the industry.  Steve and I agree that it is an especially clear analysis of some of the main problems that must  be addressed for PKI to succeed. 

For those in the vendor community, I suggest reviewing the pkiC's "Recommendations for vendors" (112kb pdf).  This document considers the implications for the vendor community in light of the conclusions of the pkiC, and makes recommendations about the features and levels of support for standards that PKI products should exhibit to encourage interoperability between users of different vendors' products.

An excellent read for organizations that are embarking on a PKI deployment is their "Best Practice of PKI users"  (129kb pdf).  All PKI products are highly configurable. This paper aims to provide guidance to those organizations that wish to benefit from the services they can deliver, but who also wish to deploy and use PKI in a manner that maximizes the chances of interoperability with other PKIs.

The final pki Challenge report (501kb pdf) was released at Infosecurity Europe, London, on April 29 2003.  You can also download a FAQ sheet (36kb pdf) showing the highlights of the full report.

Steve and I encourage everyone to read these as important background for our work, although the survey may also turn up other important issues.


Paul Evans

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]