Embed Size (px)
Citation preview
PKI Session Overview
1:30 pm edt - Welcome, etiquette, session outline
1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia)
2:00 pm edt - HEPKI-PAG Update (David Wasley, UCOP)
2:20 pm edt - FBCA and NIH Pilot Update (Peter Alterman, NIH)
2:40 pm edt - Discussion
3:00 pm Break
3:15 pm edt - Sean Smith, Dartmouth PKI Lab
3:30 pm edt - Keith Hazelton, Wisconsin PKI Lab
3:45 pm - Discussion
Some general comments
There are campus and corporate successes
• Corporations use internally for VPN, some authentication, signed email (with homogenous client base)
• MIT, UT medical, soon VA, UCOP
Key is limited application use, lightweight policy approaches
There is very limited interrealm, community of interest or general interoperable work going on
• Federal efforts
• Healthkey
• Higher Ed
• Some European miches
Why X.509/PKI?
Single infrastructure to provide all security services
Established technology standards, though little operational experience
Elegant technical underpinnings
Serves dozens of purposes - authentication, authorization, object encryption, digital signatures, communications channel encryption
Low cost in mass numbers
Why Not X.509/PKI?
High legal barriers
Lack of mobility support
Challenging user interfaces, especially with regard to privacy and scaling
Persistent technical incompatibilities
Overall complexity
D. Wasley’s PKI Puzzle
The Four Planes of PKI
on the road to general purpose interrealm PKI
the planes represent different levels of simplification from the dream of a full interrealm, intercommunity multipurpose PKI
simplifications in policies, technologies, applications, scope
each plane provides experience and value
The Four Planes are
Full interrealm PKI - (Boeing 777) - multipurpose, spanning broad and multiple communities, bridges to unite hierarchies, unfathomed directory issues
Simple interrealm PKI - (Regional jets) - multipurpose within a community, operating under standard policies and structured hierarchical directory services
PKI-light - (Corporate jets) - containing all the key components of a PKI, but many in simplified form; may be for a limited set of applications; can be extended within selected communities
PKI-ultralight (Ultralights) - easiest to construct and useful conveyance; ignores parts of PKI and not for use external to the institution; learn how to fly, but not a plane...
Examples of Areas of Simplification
Spectrum of Assurance Levels
Signature Algorithms Permitted
Range of Applications Enabled
Revocation Requirements and Approaches
Subject Naming Requirements
Treatment of Mobility
...
PKI-Light example (HEPKI)
CP: Wasley, etal. Draft HE CP stubbed to basic/rudimentary
CRL: ?
Applications: (Signed email)
Mobility: Password enabled
Signing: md5RSA
Thumbprint: sha1
Naming: dc
Directory Services needed: Inetorgperson
PKI-Light example (Texas-Houston)
CP: Verisign
CRL: Verisign
Applications: authentication
Mobility: USB dongl;e
Signing: md5RSA
Thumbprint: sha1
Naming: X>500
Directory Services needed: I?
Deployment: 5,000 medical students
PKI-Ultralight (MIT)
CP: none
CRL: limit lifetime
Applications: Internal web authentication
Mobility: one per system; also password enabled
Signing: md5RSA
Thumbprint: sha1
Naming: X,500
Directory Services needed: none
Deployment: approximately 350,000 over five years
Healthkey snippets
Organizational commitment to pilot is difficult without more senior level support. Have had significant staff turnover. Biggest concern is impact of system on users ("non-transparency). Given lessons learned, will be investigating "encryption at the border and organizational certificates" rather than encryption and certificates at the desktop.
Healthkey snippets
· Managing individual digital certificates can be expensive· Digital certificates on the desk top can be vulnerable· Organizations can lose some control with individual certificates · Organizations may not want to accept pre-issued certificates· Checking for revoked certificates puts a burden on e-mail correspondents· Current implementations of digital certificates are not transparent to e-mail users· Vendor contracts do not support community initiatives
Interesting recent developments
Microsoft bundled root program
RSA buys Securant
...
