[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: The Bridge CA Enigma
I have since its conception, followed the
development of Bridge CAs.
The Bridge CA concept essentially builds on the
idea that a set of parties belonging to a "sector", together fund and run a
Bridge CA. To make it useful, the
parties should also agree on a limited set of policies.
Why do you actually need Bridges?
To create large zones of interoperable trust
.
To date, it seems that there is a sole entity in
the world, the US Government, that have succeeded not only creating, but to
some extent also using a bridge CA.
The following paper, shows how the US government
assumes that competitors within the private enterprise sector will unite on
bridge CAs: http://csrc.nist.gov/pki/documents/B2B-article.pdf
A question that begs for an answer: If the
above plan doesn't work as planned, how should/will the PKI community proceed in
order to create interoperability for B2B and similar?
It would be interesting hearing your thoughts on
this.
That the interoperability problem is for real is
without doubt the case; if every company runs their own CA (why shouldn't
they?), each B2B party will have to manually administer 100-100000 of more or
less unknown trust anchors. It is in this context important to realize
that the primary motive for running an enterprise PKI, is for securing internal
operations which of course works fine, since there is just one trust anchor to
administer and it comes from a trusted source. That is, the needs of
external parties do not have first-hand priority.
Anders Rundgren
It is also worth noting that Financial Industry,
have managed to create secure, globally interoperable payment networks
without even touching certificate policies for bank employees.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]