[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] NIST deprecates the Bridge CA Concept
Hi Frederick In my opinion, NIST have hardly begun to touch the requirement issues except for e-mail. I think it is really very simple. If the intent is to communicate with other organizations, the "point-of-certification" should also be the organization. For the rather few occasions, where there must be a legally binding trace to an employee, you should still only move such evidence in the mandatory "organization authentication tunnel". This works fine regardless if the tunnel is a leased line, VPN, or as I propose, a signing and encrypting gateway PKI. A scheme that is globally established established since 30 years back simple cannot be wrong. Used by Banks, Telecom, B2B, you name it. Anders ----- Original Message ----- From: "Frederick Hirsch" <frederick.hirsch@nokia.com> To: "ext Anders Rundgren" <anders.rundgren@telia.com> Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>; "PKI TC" <pki-tc@lists.oasis-open.org> Sent: Thursday, April 27, 2006 17:22 Subject: Re: [pki-tc] NIST deprecates the Bridge CA Concept what was the benefit of bridge CAs, local administration/agency control and incremental deployment, was that it? Did that requirement change? I remember how bridge CAs were promoted as "the way" to get government PKI to work :) regards, Frederick Frederick Hirsch Nokia On Apr 27, 2006, at 4:40 AM, ext Anders Rundgren wrote: > List, > > http://www.gcn.com/print/25_9/40506-1.html > > <GCN.Quote> > > "It's much harder than we thought it would be," Burr said. "We've > backed the wrong horse any number of times." He said one of these > wrong horses was the decision to use a bridge certificate authority > rather than a single central certificate authority to issue and > manage digital certificates > > </GCN.Quote> > > > Although Mr. Burr indeed later endorsed the Bridge concept as a > long-term goal, the immediate effect (if the US government proceeds > as the article described), is that vendors, allies, and consultants > will back away from this solution. > > In the mean-time, simpler and cheaper approaches like "gateways", > will effectively remove the need to ever resurrect the Bridge. A > client-centric Bridge CA concept also does not support the design > of integrated organization-to-organization workflow applications, > something which ought to be the long term goal for the US > government IT. What security principles they use (as long as they > work), should be of secondary importance. > > Regarding analysis of processes, there is actually quite a > collection of papers to read, and very few of them show a need for > a trust model where an employee/associate of one organization needs > to be fully trusted/qualified by another organization. A model > where the "organization" becomes the primary entity (like in > Shibboleth/SAML), scales better, allows arbitrary employee privacy > protection, and probably works entirely satisfactory in 99 cases of > 100. Using a 2-layer credential and signature structure (gateway > PKI + local PKI), you can easily take the last percent as well. > > > It should be like VeriSign's Phillip Hallam-Baker said on the PKI > Workshop 2006: > > "If I send a message from my company, I expect my company to secure > it". > > If it had not been for the Bridge, we could actually have had > secure e-mail today. Not only within isolated islands, but for > every Netizen. > > > Sincerely > Anders Rundgren > Principal Engineer > RSA Security > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]