1 / 9

Federal Bridge Certification Authority EMA Challenge 2000

Federal Bridge Certification Authority EMA Challenge 2000. Background Overview Test structure Participants Results Conclusions and lessons learned Path forward. Background. FBCA is non-hierarchical, peer-to-peer “hub” Supports interagency PKI technical interoperability

netis
Download Presentation

Federal Bridge Certification Authority EMA Challenge 2000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federal Bridge Certification AuthorityEMA Challenge 2000 • Background • Overview • Test structure • Participants • Results • Conclusions and lessons learned • Path forward

  2. Background • FBCA is non-hierarchical, peer-to-peer “hub” • Supports interagency PKI technical interoperability • Policy interoperability framework established by FPKI Policy Authority • Goal: accommodate Federal agency use of any PKI COTS product

  3. Overview • Prototype FBCA operational 2/8/00 • GSA auspices; hosted by Mitretek Systems • Entrust and Cybertrust CAs • PeerLogic i500 directory • Supports EMA Challenge and testing • Production FBCA operational late 2000 • Additional CA products within membrane • Mesh arrangement within membrane

  4. Test Structure • Six disparate PKI domains cross-certified with FBCA • Five different CA products • Five different X.500 directory products • Interoperability demonstrated via exchange of signed S/MIME messages • X.500 directory framework - chaining between directories, client access via LDAP

  5. Federal Bridge CA Canada Cybertrust CA Entrust CA GSA/FTS NIST 2 PCA PCA NSA CYGNACOM DoD Bridge CA CYBERTRUST Entrust PCA PCA PCA PCA SFL Client Entrust Client CA CA CA CA NIST 1 NASA GTRI PCA PCA PCA CA CA CA CA Entrust Entrust Motorola Spyrus Entrust Entrust Entrust Entrust Client Entrust Client SFL Client Entrust Client SFL Client Entrust Client Entrust Client

  6. Client Details • Eudora engineered with: • Entrust toolkit (“out of the box”) • CygnaCom libraries • JGVanDyke libraries • Outlook engineered with Entrust toolkit • Spyrus LYNKS cryptocards for CygnaCom/JGVanDyke enabled client • Private key on hard disk for Entrust enabled client

  7. Government of Canada NSA/DOD NIST NASA GSA Georgia Tech Research Institute CA products: Entrust; Cybertrust; CygnaCom; Spyrus; Motorola Directories: PeerLogic; ICL; Nexor; CDS; Chromatix Integrators: Mitretek; JGVanDyke; GNS; Booz Allen; CygnaCom; A&N Associates Participants

  8. Results

  9. Conclusions and Lessons Learned • FBCA concept works • Client ability to develop and process trust path straightforward to implement • Directory interoperability is critical to PKI interoperability • Directory entries must line up with CAs • Lots of details, lots of devils

More Related