1 / 13

Enhancing Federal PKI Interoperability: The Bridge Certification Authority Initiative

This document outlines the strategic approach to improve interoperability within the Federal Public Key Infrastructure (PKI) through the Bridge Certification Authority (BCA). Led by the Federal PKI Steering Committee, the BCA will establish a non-hierarchical hub aimed at cross-certifying agency certification authorities, thereby enabling trusted communications across various domains. The current status of the initiative, challenges faced, and future directions are detailed, including the emphasis on establishing high assurance levels and collaborating with external entities.

lyre
Télécharger la présentation

Enhancing Federal PKI Interoperability: The Bridge Certification Authority Initiative

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Uncle Sam, Meet The PKI! Richard Guida Chair, Federal PKI Steering Committee richard.guida@cio.treas.gov Michèle Rubenstein Department of the Treasury, Chair, EMA Board of Directors michele.rubenstein @cio.treas.gov

  2. Federal PKI Interoperability • Overview • Organizational Framework • Bridge Certification Authority Concept • Design Requirements • Meaning of Interoperability • Current Status • Challenges • Path Ahead

  3. Organizational Framework • Well over two dozen agency PKIs • No single Federal hierarchical root • Full spectrum of COTS products • Widely divergent agency requirements • Strong desire to interoperate (communicate accepting certificates from other sources)

  4. Bridge Certification Authority • Non-hierarchical “hub” • Designed under Federal PKI Steering Committee auspices • CP/CPS under development - will support four levels of assurance (rudimentary, basic, medium, high) • Operated by, and will exist at, the National Technical Information Service

  5. Bridge Certification Authority (2) • Will operate under auspices of Federal Policy Management Authority (FPKI Steering Committee) • Agencies can apply to have their CA’s cross-certify - FPMA decides level of assurance

  6. Bridge Certification Authority (3) • Once cross-certified, Bridge allows construction of trusted path between CA domains • Initial focus is interagency interoperability, but also plan to do so with external parties

  7. Design Requirements • High assurance for Bridge itself • Must honor four levels of assurance for cross-certified CAs • Must be hosted at Federal agency (NTIS) • Must meet MISPC and FIPS 140-1 • Must allow trusted path creation

  8. Meaning of Interoperability • Policy • Technical • Algorithms • Protocols • Encryption key recovery schema consistency

  9. Current Status (as of Oct 98) • Funding committed (pending budget passage) • In design stage • Once notional design developed, will be vetted through FPKI Steering Committee Technical Working Group (vendors) • Developing EMA Challenge participation

  10. WEMA Challenge ‘99 • Demonstrate standards-based, secure, global EC environment featuring interoperable PKI • Goals • Demonstrate scalable, standards-based PKI using COTS products that is transparent to users • Identify key issues, raise awareness, and determine solutions for a multi-domain PKI • Demonstrate the capabilities of COTS products and their ability to interoperate

  11. WEMA Challenge ‘99 • Foundation applications are web-based EC and secure messaging • Some of the participants: • BT • NTIS • Entrust • Xcert • European Commission • Documentation and information • www.ema.org/challenge99 • Baltimore • Boeing • GTE Cybertrust • GSA • Treasury

  12. Challenges • Dealing with OCSP vs. CRL domains for revocation checking • Ensuring Bridge supports all COTS products agencies may select • Ensuring Bridge’s full potential is used • Making client software use the Bridge • Mapping applicant CA’s assurance levels to those of Bridge

  13. Path Ahead • Complete design and vet through Technical Working Group • Get Bridge pilot operating (early 1999) • Participate in EMA Challenge 99 • Attract appropriate applications • Since fully funded through Sept 2000, expect no charge to cross-certify until afterwards (but depends on actual usage)

More Related