re:[pki-tc] NIST deprecates the Bridge CA Concept

[Stephen Wilson <swilson@lockstep.com.au>]

Anders

Respectfully I submit that you are mixing together two quite separate
issues: the questionable usefulness of Bridge CAs, and your abiding
promotion of gateway PKI.  

Just to look at the Bridge CA question (and I must say I have not read Bill
Burr's comments in detail, so I may or may not be at cross purposes with
him) ... 

I have found recently in Asia that Bridge CA models are being put on hold.
 Influential private sector PKI providers in China told the APKIF in
November that they do not think a China BCA will be useful in the
forseeable future; in September the Taiwanese government announced it was
dropping its BCA proposal in favour of a Trust List approach.  

In my view there are fundamental reasons to question the utility of BCAs. 
I think the really basic premise of BCAs is that most individuals will only
 belong to one PKI and so have just the one certificate to be used in
multiple domains.  Then the business question of a subject in one domain
presenting their certificate to another domain has to do with whether or
not that certificate is equivalent (mappable).  Personally, I hypotehise
that there is some psychology involved in this model as well, based on the
notion of security clearances in government hierarchies, and the (real)
challenge of govt employees in one jurisdiction being at the same or higher
or lower level of employees in other jurisdictions. 

The attached annotated cartoons try to compare that scenario with an
alternative PKI model, one which is coming to dominate in Australia and I
think in Asia -- "scheme based PKI", where there are many more or less
closed PKIs.  People will have different certificates for different
application domains.  This is fast becoming reality in the embedded PKIs of
e-passports, national ID smartcards, PIV, EMV cards and so on.  

In this environment, equivalence (or questions of 'rank') of certificates
in different domains is moot.  The real issue here is whether or not a
given certificate is fit for purpose; i.e., is it "recognised" for the
purpose to which it is being put?  I don't see how a Bridge CA helps here.
 Instead, the Trust List model is natural; relying parties simply need a
list of the Root CAs that underpin the domains they are transacting in. 

I hope my cartoons are understandable in this context!  I have been meaning
to develop a more comprehensive white paper on this topic but haven't had
time.  However, an overview of the scheme based PKI approach is contained
in http://www.lockstep.com.au/library/pki/relationship_certificates. 

Having said all this, we should monitor developments in the various
industry BCAs cosely, especially SAFE in pharma. 

Comments welcome!!! 

Cheers, 

Stephen.


Stephen Wilson
Lockstep Consulting Pty Ltd
www.lockstep.com.au
ABN 59 593 754 482

11 Minnesota Ave
Five Dock NSW 2046
Australia

P +61 (0)414 488 851

--------------------

About Lockstep 
Lockstep was established in early 2004 by noted authentication expert
Stephen Wilson, to provide independent specialist advice and analysis on
identity management, PKI and smartcards.  Lockstep is also developing
unique new smartcard solutions to address privacy and identity theft. 





> List,
> 
> http://www.gcn.com/print/25_9/40506-1.html
> 
> <GCN.Quote>
> 
> "It's much harder than we thought it would be," Burr said. "We've backed
the wrong horseany number of times." He said one of these wrong horses was
the decision to use a bridgecertificate authority rather than a single
central certificate authority to issue andmanage digital certificates
> 
> </GCN.Quote>
> 
> 
> Although Mr. Burr indeed later endorsed the Bridge concept as a long-term
goal, theimmediate effect (if the US government proceeds as the article
described), is thatvendors, allies, and consultants will back away from
this solution.
> 
> In the mean-time, simpler and cheaper approaches like "gateways", will
effectively removethe need to ever resurrect the Bridge.   A client-centric
Bridge CA concept also does notsupport the design of integrated
organization-to-organization workflow applications,something which ought to
be the long term goal for the US government IT.  What securityprinciples
they use (as long as they work), should be of secondary importance.
> 
> Regarding analysis of processes, there is actually quite a collection of
papers to read,and very few of them show a need for a trust model where an
employee/associate of oneorganization needs to be fully trusted/qualified
by another organization.  A model wherethe "organization" becomes the
primary entity (like in Shibboleth/SAML), scales better,allows arbitrary
employee privacy protection, and probably works entirely satisfactory in99
cases of 100.  Using a 2-layer credential and signature structure (gateway
PKI + localPKI), you can easily take the last percent as well.
> 
> 
> It should be like VeriSign's Phillip Hallam-Baker said on the PKI
Workshop 2006:
> 
> "If I send a message from my company, I expect my company to secure it".
> 
> If it had not been for the Bridge, we could actually have had secure
e-mail today.  Notonly within isolated islands, but for every Netizen.
> 
> 
> Sincerely
> Anders Rundgren
> Principal Engineer
> RSA Security

--
<Put email footer here>

bridge CA comparison SGW (0.2a).ppt