Download
uncle sam meet the pki n.
Skip this Video
Loading SlideShow in 5 Seconds..
Uncle Sam, Meet The PKI! PowerPoint Presentation
Download Presentation
Uncle Sam, Meet The PKI!

Uncle Sam, Meet The PKI!

99 Views Download Presentation
Download Presentation

Uncle Sam, Meet The PKI!

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee richard.guida@cio.treas.gov Michèle Rubenstein Department of the Treasury, Chair, EMA Board of Directors michele.rubenstein @cio.treas.gov

  2. Federal PKI Interoperability • Overview • Organizational Framework • Bridge Certification Authority Concept • Design Requirements • Meaning of Interoperability • Current Status • Challenges • Path Ahead

  3. Organizational Framework • Well over two dozen agency PKIs • No single Federal hierarchical root • Full spectrum of COTS products • Widely divergent agency requirements • Strong desire to interoperate (communicate accepting certificates from other sources)

  4. Bridge Certification Authority • Non-hierarchical “hub” • Designed under Federal PKI Steering Committee auspices • CP/CPS under development - will support four levels of assurance (rudimentary, basic, medium, high) • Operated by, and will exist at, the National Technical Information Service

  5. Bridge Certification Authority (2) • Will operate under auspices of Federal Policy Management Authority (FPKI Steering Committee) • Agencies can apply to have their CA’s cross-certify - FPMA decides level of assurance

  6. Bridge Certification Authority (3) • Once cross-certified, Bridge allows construction of trusted path between CA domains • Initial focus is interagency interoperability, but also plan to do so with external parties

  7. Design Requirements • High assurance for Bridge itself • Must honor four levels of assurance for cross-certified CAs • Must be hosted at Federal agency (NTIS) • Must meet MISPC and FIPS 140-1 • Must allow trusted path creation

  8. Meaning of Interoperability • Policy • Technical • Algorithms • Protocols • Encryption key recovery schema consistency

  9. Current Status (as of Oct 98) • Funding committed (pending budget passage) • In design stage • Once notional design developed, will be vetted through FPKI Steering Committee Technical Working Group (vendors) • Developing EMA Challenge participation

  10. WEMA Challenge ‘99 • Demonstrate standards-based, secure, global EC environment featuring interoperable PKI • Goals • Demonstrate scalable, standards-based PKI using COTS products that is transparent to users • Identify key issues, raise awareness, and determine solutions for a multi-domain PKI • Demonstrate the capabilities of COTS products and their ability to interoperate

  11. WEMA Challenge ‘99 • Foundation applications are web-based EC and secure messaging • Some of the participants: • BT • NTIS • Entrust • Xcert • European Commission • Documentation and information • www.ema.org/challenge99 • Baltimore • Boeing • GTE Cybertrust • GSA • Treasury

  12. Challenges • Dealing with OCSP vs. CRL domains for revocation checking • Ensuring Bridge supports all COTS products agencies may select • Ensuring Bridge’s full potential is used • Making client software use the Bridge • Mapping applicant CA’s assurance levels to those of Bridge

  13. Path Ahead • Complete design and vet through Technical Working Group • Get Bridge pilot operating (early 1999) • Participate in EMA Challenge 99 • Attract appropriate applications • Since fully funded through Sept 2000, expect no charge to cross-certify until afterwards (but depends on actual usage)