1 / 8

CSG CA Workshop

CSG CA Workshop. January 7, 1999. Needs Are well known. Secure identification (NetID/passwords) Secure administrative systems Electronic commerce via web sites Private email Etc. Barriers are also well known. Certificate standard Key or Certificate Authority

zephr-fry
Download Presentation

CSG CA Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSG CA Workshop January 7, 1999

  2. Needs Are well known • Secure identification (NetID/passwords) • Secure administrative systems • Electronic commerce via web sites • Private email • Etc.

  3. Barriers are also well known • Certificate standard • Key or Certificate Authority • Public Key (Certificate) Infrastructure • Ability to revoke • Ability to check revocation • etc. • Interoperation across institutions?!

  4. Goals of this Workshop • To explore the state of the practice for Certificate Infrastructure • On a campus and across campuses • To identify model practices and remaining issues • Ultimately CREN hopes to identify and promulgate a model set of practices

  5. Summary: Understanding the Problem • The issues for electronic identification are complex, e.g., • Know your data - who deserves credentials is a key question • and individuals likely need a set of credentials • Multiple identities - as an individual, as a group • electronic identity becomes a basis for trust • many authorities, distributed model in the analog world • and much more • The technology can only be successfully deployed with a full understanding of the nuances of identity and trust as used today • Less than thoughtful use of this technology will not succeed regardless of the technical sophistication

  6. Summary, Technology in Search of a Problem • Public/private key encryption is so cool, it must be good for something • But, no PKI, many standards & applications in the space, but none that meet the need • IETF PKIX working group is looking at these issues

  7. Summary: Practice at Princeton • Local CA signed by CREN as a root • Legal sign-off • Using Netscape CA server • Email actually worked for sophisticated users • Key escrow required • See Michael’s presentation for details

  8. Conclusion • We are still iterating between understanding the problem and inventing technology • Beginning to drive the technology from the understanding • Not ready for prime time, but very active area • Desperately need proof of concept implementations • When will Certification move from being a technical discussion to a business discussion? • A Higher Ed CA may be a cart ahead of the horse • Significant policy issues, e.g., escrow, archival • CSG and more action item: • Get vendors to support X.509 v3 CA constraint extension

More Related