Hello everybody,
I' ve been reading everything coming from this list very
carefully for months, although I' ve never taken part in
discussions. So I am raising up my hand for the first time
in this PEM parliament, :)...
My colleagues and me are very interested in problems related
to certificate based *secure infrastructure*. In our lab we
have been doing tests with CAs and PEM using GMD' s SecuDE
and ISODE Quipu, and we have connected our CAs to PASSWORD
infrastructure. We are also developing some supporting
applications for use of security services (CA Browser),
etc..
Based on this experience and inspired by PEM standards,
PASSWORD work (and also recent ideas by F. Jordan), I' ve
written a paper about *general guidelines* for secure
infrastructure. Based on this guidelines, a very *loose* CA
structure is proposed, as I think that the flexibility and
liberal concepts of Internet are something that should be
preserved also when CA structures are considered, if we want
to keep it growing.
Besides, I tried to assure enough flexibility that such
guidelines could be acceptable also for non hierarchical
structures, like PGP community. It is a fact that P.
Zimmerman' s SW has gained a large acceptance within
Internet and it shall not be over-looked when designing
global CA structure. Pragmatism is also a part of IP
philosophy - so we should try to find a way for growing
together with PGP community.
In my paper I tried to take into account such communities,
so they would have a possibility to get fully connected into
a global infrastructure. As I am aware of the fact that I
might have overlooked some facts, I would appreciate to get
response from anyone of you, especially from people that
could say a lot about this topic, like S. Kent, M. Roe, D.
Balenson, S. Crocker, C. Huitema, P. Williams, B. Jueneman,
R. Shirey, W. Schneider, J. Schiller, R. Waetherly, S.
Kille, R. Grimm... Sorry for those left out - there' s too
many names to mention.
Please send your responses to me directly as I definitely
don' t want to "get caught in a cross-fire" on pem-dev list
:-). It takes too much time, as the complexity of managing
such discussions is something like key-management complexity
growth in conventional cryptosystems...
The document can be ftped from kekec.e5.ijs.si (directory
/pub, files cas1.ps, cas2.ps) and is an extended and
(hopefully) bug-free version of the one, submitted to COST
225.
Cheers,
Denis
************************************************************* ************
* Denis Trcek O O * * *
* "Jozef Stefan" Institute O O * * *
* Jamova 39, 61 111 Ljubljana, SLOVENIA O O * * *
* e-mail: denis(_dot_)trcek(_at_)e5(_dot_)ijs(_dot_)si
denis(_dot_)trcek(_at_)ijs(_dot_)si O * * *
* Tel.:+386 61 1259 199, Fax:+386 61 1261 029, +386 61 273 677 * * *
******************************************************************* ******