Re: [pki-tc] NIST deprecates the Bridge CA Concept

["Anders Rundgren" <anders.rundgren@telia.com>]

Hi Frederick

In my opinion, NIST have hardly begun to touch the requirement issues
except for e-mail.

I think it is really very simple.  If the intent is to communicate with other
organizations, the "point-of-certification" should also be the organization.

For the rather few occasions, where there must be a legally binding
trace to an employee, you should still only move such evidence in the
mandatory "organization authentication tunnel".

This works fine regardless if the tunnel is a leased line, VPN, or as
I propose, a signing and encrypting gateway PKI.

A scheme that is globally established established since 30 years back
simple cannot be wrong.  Used by Banks, Telecom, B2B, you name it.

Anders

----- Original Message ----- 
From: "Frederick Hirsch" <frederick.hirsch@nokia.com>
To: "ext Anders Rundgren" <anders.rundgren@telia.com>
Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>; "PKI TC" <pki-tc@lists.oasis-open.org>
Sent: Thursday, April 27, 2006 17:22
Subject: Re: [pki-tc] NIST deprecates the Bridge CA Concept


what was the benefit of bridge CAs, local administration/agency  
control and incremental deployment, was that it?

Did that requirement change?

I remember how bridge CAs were promoted as "the way" to get  
government PKI to work :)

regards, Frederick

Frederick Hirsch
Nokia


On Apr 27, 2006, at 4:40 AM, ext Anders Rundgren wrote:

> List,
>
> http://www.gcn.com/print/25_9/40506-1.html
>
> <GCN.Quote>
>
> "It's much harder than we thought it would be," Burr said. "We've  
> backed the wrong horse any number of times." He said one of these  
> wrong horses was the decision to use a bridge certificate authority  
> rather than a single central certificate authority to issue and  
> manage digital certificates
>
> </GCN.Quote>
>
>
> Although Mr. Burr indeed later endorsed the Bridge concept as a  
> long-term goal, the immediate effect (if the US government proceeds  
> as the article described), is that vendors, allies, and consultants  
> will back away from this solution.
>
> In the mean-time, simpler and cheaper approaches like "gateways",  
> will effectively remove the need to ever resurrect the Bridge.   A  
> client-centric Bridge CA concept also does not support the design  
> of integrated organization-to-organization workflow applications,  
> something which ought to be the long term goal for the US  
> government IT.  What security principles they use (as long as they  
> work), should be of secondary importance.
>
> Regarding analysis of processes, there is actually quite a  
> collection of papers to read, and very few of them show a need for  
> a trust model where an employee/associate of one organization needs  
> to be fully trusted/qualified by another organization.  A model  
> where the "organization" becomes the primary entity (like in  
> Shibboleth/SAML), scales better, allows arbitrary employee privacy  
> protection, and probably works entirely satisfactory in 99 cases of  
> 100.  Using a 2-layer credential and signature structure (gateway  
> PKI + local PKI), you can easily take the last percent as well.
>
>
> It should be like VeriSign's Phillip Hallam-Baker said on the PKI  
> Workshop 2006:
>
> "If I send a message from my company, I expect my company to secure  
> it".
>
> If it had not been for the Bridge, we could actually have had  
> secure e-mail today.  Not only within isolated islands, but for  
> every Netizen.
>
>
> Sincerely
> Anders Rundgren
> Principal Engineer
> RSA Security
>
>