1 / 11

Filling the FPKI Void

Filling the FPKI Void. Tice F. DeYoung Fed/ED 16 June ‘04. Void, What Void?. Two extremes in the Federal PKI Space FPKI Policy Authority (FPKI-PA) High level policy wonks CPWG to map policy compliance FBCA Operational Authority (FBCA-OA) Low level bit twiddlers

amanda
Télécharger la présentation

Filling the FPKI Void

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Filling the FPKI Void Tice F. DeYoung Fed/ED 16 June ‘04 Fed/ED

  2. Void, What Void? • Two extremes in the Federal PKI Space • FPKI Policy Authority (FPKI-PA) • High level policy wonks • CPWG to map policy compliance • FBCA Operational Authority (FBCA-OA) • Low level bit twiddlers • FBCA TWG for FBCA specific issues • Nothing between these two areas • QED, a void in the middle Fed/ED

  3. How to Fill the Void • Need an FPKI group that sits below the high level policy wonks and above the bit twiddlers • A group that will • Answer agencies questions about PKI • Discuss technical issues and future directions in FPKI • Host a FAQ list about PKI with answers and how to dos • A group that will act • As a mentor to other agencies • As an intelligent clearing house • A group that will tackle the inter-agency issues associated with public key infrastructure • Tries to solve the issue of public encryption keys for addressees outside their own agency • Looks at the issue of full path discovery and validation for every transaction Fed/ED

  4. What Questions About PKI? • How do they go about implementing PKI? • What is PKI and who are the vendors? • Do they do it themselves or outsource it to another US Government Agency or ACES vendor or a Shared Service Provicer (SSP)? • If they outsource it, do they • archive the keys themselves or outsource it? • provide the Registration Authority or do they outsource the function? • participate in any of the management function or not? • If they want to do it themselves, can they justify it? • Specific reasons that they must maintain control of their PKI • Business case that in-house is more cost effective Fed/ED

  5. Mentor and Clearinghouse, How? • Provide a safe haven where they won’t feel foolish • A place where they will be welcomed as equals • A place where people don’t have ulterior motives (for the most part) • A place where they will get the help they need • Provide a clearinghouse for PKI • Prevent re-inventing the PKI wheel, yet again • Share war stories • Share documents • Share ideas Fed/ED

  6. What FBCA Discussions? • Technical issues • Should the FBCA expand beyond CRLs only? • OCSP SCVP • XKMS Others? • How do we solve the bridge to bridge to bridge problem? • Meta bridge? God like trust anchor? • Trusted bridge cloud or axle? • Should we look at new architectures for the FBCA? • Are there newer technologies that are better? • Future Directions for FPKI Fed/ED

  7. What Inter-Agency Issues? • Current system doesn’t support retrieving public encryption keys from outside your own agency • Why not? • Can it be made to? • Full path discovery and validation for every transaction • Is it necessary? • Are there secure alternatives? • Time out issues, are they inherent in the system? Fed/ED

  8. Still Not Convinced? • Current FPKI-PA and FBCA-OA folks May Not Have the Time or the Inclination to Take on More Responsibilities • Current FPKI-PA and FBCA-OA Don’t Necessarily Have the Right People for the Job • Policy wonks may not know technical implications • Bit twiddlers may not know policy implications • Need a group that can speak policy & technical jargon • Vendors are in the Business of Making $$ • USG has to be aware of its options • Vendors will gladly sell you something, even if it may not be the right thing • How will agencies know the difference? Fed/ED

  9. Where Will It Fit & How Will it Function? • The FPKI AdHoc Working Group (FPKI-AHWG) may be a working group of the FPKI-PA • The FPKI-AHWG may be a special US Government employees only session of the FPKI-TWG • It will in either case report to the FPKI-PA on technical & policy issues • It will advise the FPKI-PA on policy matters that have technical implications • It will advise the FBCA-OA on technical matters that may have policy implications • The group will be comprised of USG agencies cross-certified with the FBCA • Special technical and policy experts will be brought in as needed Fed/ED

  10. Additional Stuff, Thanks to Steve Roberts, DoJ PKI • Within this group, things that are needed by all agencies could be worked to provide things like: • Necessary FPKI Architecture adjustment recommendations and future direction; • Architecture Value Reporting for Federal Agencies; • Agency Service Option Assessments that help agencies select an appropriate service (e.g., ACES, SSPs, Outsourced, etc.); • Develop Personnel Position Description for PKI Trusted Roles, RA functions, Help Desk responsibilities, etc.; • Federal Archive Recommendations; • Report on the status of PKI deployments Federal Government wide; • Document/Collect Lessons Learned; • Third Party and Trusted "sounding board" for evaluating vendor proposals and recommendations; Fed/ED

  11. Discussion Questions, Comments, Slings & Arrows? Fed/ED

More Related