Re: [pki-tc] Question: Best Practice for PKI in a DR situation

[Arshad Noor <arshad.noor@strongauth.com>]

OK - so it is one component of PKI Operations he's referring to.

While it is conceivable to come up with a "best practice" for PKI
Disaster Recovery, it is very heavily dependent on the architecture
of the PKI and the software that was used to implement that design.

We've noticed that different vendors have quite different ways of
dealing with disasters - some that were good, and some that were
completely unacceptable, requiring unconventional ways to recover.

Trying to build a single document that covers so much variability
can be daunting - unless we assume a "best practice" for PKI
architecture, based on "best practice" policies, and implements
"best practice" operations and business processes.

I beleive the ISO is circulating something along these lines right
now - I just received this reference on another newsgroup:

"International Organization for Standardization's
 >>Draft of International Standard 21188 "Public key infrastructure for
 >>financial services - Practices and policy framework."  It was 
released for
 >>comment and approval in March.  Voting ends on August 30th."

Any possibility that OASIS can get this document and circulate it
to the PKI-TC for review, and perhaps, comment?

Arshad Noor
StrongAuth, Inc.


June Leung wrote:
> Hi Arshad,
> He was referring to CA Recovery in an emergency situation, such as 911.
> Thanks,
> June
> 
> 
> June Leung, CISSP
> PKI Department
> FundSERV Inc.
> 1700 - 130 King Street West
> Toronto ON 
> M5X 1E5
> T. 416.350.2516
> F. 416.362.6668  
> 
> -----Original Message-----
> From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
> Sent: Thursday, August 04, 2005 5:18 PM
> To: pki-tc@lists.oasis-open.org
> Subject: Re: [pki-tc] Question: Best Practice for PKI in a DR situation
> 
> 
> What best practices is your colleague referring to, June?
> PKI policies, architecture, implementation, operations or business
> processes?
> 
> While we tend to use certian well-honed design principles
> and techniques, we've had to modify them every single time
> to account for unique customer policies and constraints.
> 
> Arshad Noor
> StrongAuth, Inc.
> 
> 
> June Leung wrote:
> 
>>Hello everyone,
>>A colleague recently asked me if I know of any best practices for PKI 
>>exists in OASIS.  I personally don't think one exists in OASIS, but is
> 
> 
>>there one exists somewhere else?  If not, maybe it's something the PKI
> 
> 
>>TC can produce. Your feedback is appreciated.
>>Thanks,
>>June
>>
>>June Leung, CISSP
>>PKI Department
>>FundSERV Inc.
>>1700 - 130 King Street West
>>Toronto ON
>>M5X 1E5
>>T. 416.350.2516
>>F. 416.362.6668  
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe from this mail list, you must leave the OASIS TC that 
>>generates this mail.  You may a link to this group and all your TCs in
> 
> 
>>OASIS
>>at:
>>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>