1 / 26

Communications-Electronics Security Group

Communications-Electronics Security Group. PKI interoperability issues for UK Government … again. Richard Lampard Richard.Lampard@cesg.gsi.gov.uk. … or, The triumphant return of Richard Lampard!. Richard Lampard Richard.Lampard@cesg.gsi.gov.uk.

edison
Download Presentation

Communications-Electronics Security Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Communications-Electronics Security Group

  2. PKI interoperability issues for UK Government … again Richard Lampard Richard.Lampard@cesg.gsi.gov.uk

  3. … or,The triumphant return of Richard Lampard! Richard Lampard Richard.Lampard@cesg.gsi.gov.uk

  4. … or,Oh dear, Lisa must really be scraping the barrel. Richard Lampard Richard.Lampard@cesg.gsi.gov.uk

  5. Structure 1. Quick introduction 2. Why is interoperability crucial? 3. ALICE 4. Vendor interoperability trial 5. Summary

  6. 1. Quick introduction • Communications-Electronics Security Group • a government agency • UK national Infosec authority • operates on a cost-recovery basis • aims to encourage adoption of PKI and related technologies by UK government, the armed forces and wider public sector Capitalising on the UK’s Sigint knowledge base, we will help to protect the nation’s security and safety, and deny foreign Sigint success

  7. CA TSP CA CA Repository CA CA CA CA CA CA CA CA 2. Why is interoperability crucial?

  8. 2. Why is interoperability crucial? • Encoding • DER versus BER • GeneralizedTime vs UTCTime • DN ordering • Base 64 vs ASN.1 • PrintableString vs TeletextString • RFC 822 address included in DN

  9. 2. Why is interoperability crucial? • Implementation problems • misinterpretations of standards, crass mistakes, incorrect assumptions, or “short cuts” • ASN.1 compiler bugs • arbitrary or machine limitations e.g. serial number length • inability to deal with incorrect or unexpected behaviour e.g. bad certification requests

  10. 2. Why is interoperability crucial? • Directories (gulp!) • inability to use same Directory • schema clashes • Proprietary private key token formats

  11. CA CA Repository CA Client Client Client Client 2. Why is interoperability crucial?

  12. CA CA Repository CA Client Client Client Client 2. Why is interoperability crucial?

  13. 3. ALICE • Test level of interoperability provided by national implementations of international and NATO standards • Hence, reduce risk to national procurements and developments

  14. 3. ALICE

  15. 3. ALICE STANAG 4406interoperability

  16. 3. ALICE STANAG 4406PCT with basiccertificateexchange

  17. 3. ALICE STANAG 4406S/MIME and basiccertificate exchange

  18. 3. ALICE STANAG 4406S/MIME and fullPKI support

  19. 3. ALICE SMTP S/MIME and fullPKI support

  20. 3. ALICE

  21. 4. Vendor interoperability trial • Previous interoperability work attracted some criticism • we didn’t always have most up to date version or based on beta code • not enough vendor involvement • test scenario did not present a level playing field

  22. 4. Vendor interoperability trial Agree scenario Agree config- uration Invite vendorsto participate Bake-off Assemble testbed Internet dry run Open to HMG users!

  23. 4. Vendor interoperability trial • Why are we doing this? • give vendors the chance to prove their claims • … or enough rope to show otherwise • provides an up to date view of interoperability for products out of the box • shows CESG’s commitment to working with multiple vendors • shows CESG’s departmental customers the state of play • does anyone want to play?

  24. 5. Summary • Lack of interoperability will still be a major problem for UK Government • Key HMG efforts: • ALICE • vendor interoperability trial • and of course, participation in PKI Forum

  25. 5. Summary PKI is done neither for personal acclaim (because the applications get all the glory), nor for financial gain (if you’re a civil servant). Therefore, CESG PKI experts must be the purest form of security consultant. Discuss.

  26. Communications-Electronics Security Group

More Related