1 / 6

EESSI Deliverables: An IETF Perspective

EESSI Deliverables: An IETF Perspective. Dr. Stephen Kent Chief Scientist - BBN Technologies Co-chair: PKIX WG - IETF. What is PKIX?. Internet Engineering Task Force (IETF) working group

adsila
Download Presentation

EESSI Deliverables: An IETF Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EESSI Deliverables: An IETF Perspective Dr. Stephen Kent Chief Scientist - BBN Technologies Co-chair: PKIX WG - IETF

  2. What is PKIX? • Internet Engineering Task Force (IETF) working group • Membership is defined by mail list participation, not live meetings, although we do meet 3 times each year, along with the rest of the IETF WGs • Recent meeting attendance is ~75-80 people, but it has been as high as 200 • PKIX = PKI for X.509 (as distinguished from PKI based on any other certificate format) • PKIX profiles X.509 documents and creates its own PKI standards

  3. EESSI Deliverables & PKIX (1/2) • Policy Requirements for CAs issuing Qualified Certificates • IETF generally focuses on technical, not policy, matters • Profile for Qualified Certificates • based on RFC 3039 • Security Requirements for Trustworthy Systems managing Certificates for Electronic Signatures • a Common Criteria topic • Security Requirements for Secure Signature Creation Devices • a Common Criteria topic

  4. EESSI Deliverables & PKIX (2/2) • Electronic Signature Formats • RFC 2630 (CMS) • Signature Creation Process and Environment • a Common Criteria topic • Procedures for Electronic Signature Verification • RFC 3280 (path validation) • RFC 2560 (OCSP) • Internet Draft in progress (SCVP) • Time-stamping Profile • based on RFC 3161

  5. A Difference in Focus • PKIX addresses PKI issues in a much broader context, not only legally binding signatures • IPsec • SSL/TLS • S/MIME • PKIX does not address non-protocol aspects of PKI use, e.g., assurance standards, policies, etc. • Differences in certificate status models relative to interpretation of German digital signature regulations?

  6. The Bottom Line • EESSI deliverables defined to date are very closely aligned with PKIX standards wherever there is overlap • Differences exist in focus & scope of WG activities • PKIX emphasizes protocol standards for interoperability in broad Internet context, for a wide range of applications • EESSI encompasses broad range of issues associated with legally binding digital signatures

More Related