Blockchain based PKI reassigning roles?

Robert BieleckiRobert.bielecki@luxtrust.lu

Trust Service Provides& EU Trusted Lists

• The eIDAS Regulation – on electronic identification and trust services for electronic transactions in the internal market

defines among others:– trust services and their operation by providers– operation of trusted lists

• ESTI TS 119 612

refers to many standards:– ISO, IETF, ESTI, CEN…

• The eIDAS Regulation – on electronic identification and trust services for electronic transactions in the internal market

defines among others:– trust services and their operation by providers– operation of trusted lists

• ESTI TS 119 612

refers to many standards:– ISO, IETF, ESTI, CEN…

EU Trusted Lists structure

Interoperability & sustainabilityare the main issue

EU Distributed Ledger of TSP

Trust by design is the main asset

PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates

and manage public-key encryption.

PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates

and manage public-key encryption.

Impact on the Public Key Infrastructure

• Digital Certificate is a set of attestedmetadata used to prove the possession ofthe public key

• The Digital Certificate contains:– Public key– (personal) information

• How does it respect the General Data ProtectionRegulation?

– Signature of its issuer• The certification chain must be checked

• Digital Certificate is a set of attestedmetadata used to prove the possession ofthe public key

• The Digital Certificate contains:– Public key– (personal) information

• How does it respect the General Data ProtectionRegulation?

– Signature of its issuer• The certification chain must be checked

Digital Certificate

Blockchain oriented Certificate

• The revocation status of the certificate is encoded on the blockchain

• User can manage his attributes and revocation

The new approach remains consistent with the old one

• The revocation status of the certificate is encoded on the blockchain

• User can manage his attributes and revocation

The new approach remains consistent with the old one

Blockchain riented Certificate

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 23 July 2014

on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

27)This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met.

ANNEX IREQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES

Qualified certificates for electronic signatures shall contain:…(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILof 23 July 2014

on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

27)This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met.

ANNEX IREQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES

Qualified certificates for electronic signatures shall contain:…(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;

eIDAS – to technic

Impact on the identity management

• The user manages his identity and his authentication means

Blockchain is a simple, effective and secure solution:

A new protocol should be defined to allow identity and authorization

management

• The user manages his identity and his authentication means

Blockchain is a simple, effective and secure solution:

A new protocol should be defined to allow identity and authorization

management

Impact on the identity management

• Shared identity, attributs/claims management

• TSP/CA should become a validation node

• Governance rules must be defined

• Identity transfer to blockchain addresses

• New electronic signature schema

• Long term preservation by design

• Private key management

• Smart contract validation

• Enforcement of court decision

• Shared identity, attributs/claims management

• TSP/CA should become a validation node

• Governance rules must be defined

• Identity transfer to blockchain addresses

• New electronic signature schema

• Long term preservation by design

• Private key management

• Smart contract validation

• Enforcement of court decision

Impact on the Cetification Authorities

Questions...