Interoperable digital certificates for
Transcript of Interoperable digital certificates for
![Page 1: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/1.jpg)
![Page 2: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/2.jpg)
Interoperable digital certificates forInteroperable digital certificates fore-commercee-commerce
Dr Andreas MitrakasGlobalSign
The Open Group Conference,Helsingor, 27 April 1 9 9 9
![Page 3: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/3.jpg)
Context
Basic “key” elements of our trade culture
H IdentifiersH ProofsH The need for Privacy
![Page 4: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/4.jpg)
Context
Basic “key” elements of our trade culture
H Identifiers Digital IDsH Proofs Digital SignaturesH The need for Privacy Encryption
![Page 5: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/5.jpg)
Market Volume
H Source Datamonitor: Market Volume PKI (certificates)
0
500
1000
1500
2000
$m
1997 1998 1999 2000 2001
PKI Market Volume
RoW
North America
Europe
![Page 6: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/6.jpg)
Market Volumes
H Datamonitor: Market Volume PKI: 2001, $m1800,1 / 3 Europe, grow th rate Europe > US
H Forrester Research: “The average corporationcurrently spends more on coffee and soft drinks thanon network security; w e expect this to change”
H John M aynard Keynes: “I w ould rather be vaguelyrigth than precisely w rong”
![Page 7: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/7.jpg)
Market Volumes
H Aligned grow th rate w ith e-commerce
• number of Internet Users: 9 7 million in 1 9 9 8 , 3 2 0 m illion in2 0 0 2
• e-commerce market volume: $ 3 2 billion in 1 9 9 8 , $ 4 2 6 billion
![Page 8: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/8.jpg)
Agenda
H IntroductionH Certification AuthoritiesH A profile of GlobalSignH InteroperabilityH A Legal Framew orkH Conclusions
![Page 9: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/9.jpg)
Certification Authorities
H Trusted Third entity that issues, publishes andrevokes certificates• market recognition: partners, brand-name
• licensing from the government
H Certificate classes• M ay issue different “classes” of certif icates depending on the
level of ‘trust’
• Banking vs Online Publishing
• verification: is that person the person w ho he/she claims tobe?
![Page 10: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/10.jpg)
GlobalSign
![Page 11: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/11.jpg)
GlobalSign
H “Leading European Trusted Third Party basedon an International Netw ork of Certificationand Registration Authorities w hich all meetthe same accreditation requirements, followthe same verification procedures and co-brandtheir certificates in order to achieveinternational recognition of digital certificatesand w orld-w ide interoperability of CAs andRAs”.
![Page 12: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/12.jpg)
GlobalSignH GlobalSign:H a network of local Certification and Registration
Authorities
H combining nat ional t rust credentials by local presenceand international recognition and interoperability byuniform rules
H combining a minimum common framew ork based onEC direct ives and local legislat ion
H diverse legal regulations in the European Union can bebetter addressed through a network of RAs.
![Page 13: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/13.jpg)
A Clearing Network
Bank Bank
Clearing House
Bank
Clearing House ...
Int Credit Card Comp
![Page 14: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/14.jpg)
A Certification Network
GS
CARA
RARA
CA
RA
RA
RA
CARA
RA
RA
CARA
RARA
![Page 15: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/15.jpg)
GlobalSign’s European CA/RA Network
H ItalyH BelgiumH LuxembourgH AustriaH NetherlandsH UKH Greece
H EC projects: 1 1 member States
![Page 16: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/16.jpg)
GS Market Numbers
H GlobalSign: 1 2 0 , 0 0 0 certificates issued in 1 9 9 8
• Belgium: 6 %
• Germany: 7 %
• UK: 8 %
• Italy: 5 %
• Netherlands: 5 %
• France: 5 %
• Japan: 5 %
• United States: 5 %
![Page 17: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/17.jpg)
Agenda
H IntroductionH Certification AuthoritiesH A profile of GlobalSignH InteroperabilityH A Legal FrameworkH Conclusions
![Page 18: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/18.jpg)
Issues of interoperability
H Legal diversity
H PKI industry faces a balkanised legal environment
H Less obvious problems in the technical front
H CA instruments: CAs compelled to co-ordinate theirpractices w ith the Law through their CPS andCertification Policies
![Page 19: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/19.jpg)
GlobalSign’s CPS
H GlobalSign publishes its Certification PracticeStatement describing in great detail the practices andprocedures it uses for the issuing and management ofcertificates.
H The CPS of GlobalSign is subject to annual auditingby a recognized auditor. Suggestions have beenappropriately incorporated in the current version.
![Page 20: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/20.jpg)
A recognized CPS
H GlobalSign’s CPS is compatible w ith most legalobligations imposed by law s in EU member states andthe EU draft directive and the draft law s of theBelgium and the Netherlands
H GlobalSign acknow ledges its responsibility as a CAthrough a comprehensive insurance programme
H As a European CA GlobalSign offers full protection toconsumers according to the EU directives onconsumer protection and privacy
![Page 21: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/21.jpg)
Technical Interoperability I
H GlobalSign follow s the PKIX W G recommendationse.g. the RFC 2 4 5 9 draft
H GlobalSign’s Top root and primary roots follow thePKIX recommendation
H To serve users of Netscape, GS adds non-criticalNetscape proprietary extensions to clients and thelow est level of GlobalSign’s signing roots
H Next generation of certificates w ill not require theproprietary extensions of brow sers any more
![Page 22: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/22.jpg)
Technical Interoperability II
H GlobalSign certificates have been tested on softw arepackages:• Netscape brow ser and server
• M icrosoft brow ser and server
• Opera brow ser
• Apache server
H and on operating systems• W in NT4 , ’ 98 , 3 .1
• Linux
H GlobalSign certificates can be used on many morepackages and OSs depending on user needs andrequests.
![Page 23: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/23.jpg)
Technical Interoperability III
H Although GlobalSign currently does not have full scaleprocedures for interoperability tests it is currently onthe w ay of implementing interoperable standards w ithother CAs.
H Discussion and exchange of opinion through mailinglists
![Page 24: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/24.jpg)
Agenda
H IntroductionH Certification AuthoritiesH A profile of GlobalSignH InteroperabilityH A Legal FrameworkH Conclusions
![Page 25: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/25.jpg)
Towards Security Interoperability I
H Self-regulation
H As market grow s it w ill be increasingly necessary toaddress the issues of interoperability throughdiscussion in appropriate industry fora
H Self regulation essential for interoperability to set astandard of PKI services, technical requirements,organizational matters and additional securitymeasures
![Page 26: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/26.jpg)
Towards Security Interoperability II
H Positive Law
H A homogeneous legal approach on interoperability w illreduce transaction costs and increase the level oftrust in providing CA services
H Uniformity is critical in areas like consumertransactions and professional usage
![Page 27: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/27.jpg)
A self-regulation based framework
H The ICC ETERMS Repository
H The ICC ETERMS Repository can be used to register,publicize and access a CPS
H The ICC ETERMS Best Practice Rules can provide anappropriate forum for the discussion and conclusionof a uniform w ay to address interoperability issues
H Adherence to the ICC ETERMS BPRs can be usedw ithin a benchmarking system to assess compliancew ith interoperability standards
![Page 28: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/28.jpg)
Where do we go from here?
BusinessCredentials
Identifiers
PaymentSecurity
LegalSecurityTaxLogistics
CertificationAuthorities
DigitalSignaturesEncryptionDigital IDs
ClearingHouse
BusinessAuditors
As e-comm progresses...
![Page 29: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/29.jpg)
Tentative Conclusion
![Page 30: Interoperable digital certificates for](https://reader031.fdocuments.net/reader031/viewer/2022021106/620576546d61246d7004ed06/html5/thumbnails/30.jpg)
Tentative Conclusion
H W idely applied information security consistentlegislation to support interoperability of CA certs
H Self-regulation to dynamically pursuit an industrysupported solution for interoperability
H The ICC ETERMS can play a role in an increasinglycomplex information security environment based onPKI