communications-electronics security group. pki interoperability issues for uk government richard...

Communications-Electronics Security

Group

PKI interoperability issues for UK Government

Richard Lampard

Richard.Lampard@cesg.gsi.gov.uk

Structure

1. What is CLOUD COVER?

2. Interoperability testing

3. Trust models

4. Wish list

5. Summary

1. What is CLOUD COVER?

CLOUD COVER aims to ensure that government departments have access to the widest possible range of secure, interoperable and cost effective PKI solutions.

2. Interoperability testing

CA

CA CA

2. Interoperability testing

PCA PCA PCA

CACA

2. Interoperability testing

• COAST system is very, very simple …

• … but it took a lot of work to achieve interoperability!

2. Interoperability testing

• Experiences in COAST– misinterpretations of standards e.g. wrong version– encoding problems e.g. DER versus BER, GeneralizedTime vs UTCTime,

DN ordering– problems with tools e.g. ASN.1 compiler bugs– dealing with incorrect behaviour e.g. processing certification requests– missing functionality e.g. ARLs– mistakes e.g. keyUsage & basicConstraints– invalid assumptions e.g. populating keyIdentifier– implementation limitations e.g. serial number length

2. Interoperability testing

Requirement

Simple,interoperablesolution

Fully functional,interoperablesolution

Fully functional,non-interoperablesolution

Very hard!

Very, veryhard indeed!

2. Interoperability testing

CA

CA

CA CA CA CA

CA CA

CA CA

CA

Repository

HMG RootCA

(Baltimore)

Ministry ofEducation

(Entrust)

Ministry ofWorks

(Baltimore)

Ministry ofTransport

(Entegrity)

Ministry ofTruth

(NIST)

Ministry ofPlenty

(Spyrus)

2. Interoperability testing

2. Interoperability testing

• Conclusion?

• It doesn’t work!

2. Interoperability testing

• Experiences with testbed:– on-line cross certification relies upon proprietary protocol

exchanges, procedures and token standards– certificate extensions not processed– directory schema e.g. same OID representing different object

classes– inability to use same Directory– name encoding e.g PrintableString vs TeletextString, RFC 822

address included in DN

2. Interoperability testing

• Manual cross certification between different products is limited– achieved between other products and Notary– using Entegrity PKIBench toolkit– pre-certificate imported to Notary CA– Entegrity token created for it

– could develop similar toolkits for all other products

2. Interoperability testing

• What is happening to the IETF!?– divergent working groups (PKIX, SPKI, OpenPGP)– competing PKIX standards (CMC versus CMP)– massive proliferation of standards ...

2. Interoperability testingRepresentation of elliptic curve DSA (ECDSA) keys and signatures in Internet X.509 PKI certificatesCertificate management message formats (CMMF)Certificate management messages over CMS (CMC)Caching on-line certificate status protocolWeb based certificate access protocol (WebCAP/1.0)Enhanced CRL distribution options(OCDP)

Time stamp protocolsData validation and certification server protocolsPKIX roadmapQualified certificatesDiffie-Hellman proof of possession algorithmsAn Internet attribute certificate profile for authorisationBasic event representation token v1Extending trust in non-repudiation tokens in timeSimple certificate validation protocol (SCVP)Using HTTP as a transport protocol for CMPLimited attribute acquisition protocolRFC 2459 - Certificate and CRL profileRFC 2510 - Certificate management protocols (CMP)RFC 2511 – Certificate request message format (CRMF)RFC 2527 - Certificate policy and certificate practices framework

RFC 2528 – Representation of key exchange algorithm (KEA) keys in Internet X.509 PKI certificatesRFC 2559 – Operational protocols: LDAPv2RFC 2560 – Online certificate status protocol (OCSP)RFC 2585 – Operational protocols: FTP and HTTPRFC 2587 – LDAPv2 schemaOperational protocols: LDAPv3Limited attribute certificate acquisition protocolOCSP extensionsUsing HTTP as a transport protocol for CMPUsing TCP as a transport protocol for CMP

A string representation of general name – allows representation of GeneralName when not using ASN.1 encoded protocol (e.g. configuration file)Technical requirements for a non-repudiation servicePKIX profile for IKE – allows use of PKIX certificates with IPSec.

3. Trust models

B

R

We would like to use all three in Government ...

… but we are generally stuck with hierarchies

4. Wish list

• PKI Forum should feed into IETF PKIX WG• Don’t forget client interoperability and Directory issues• Interoperability should not be exclusive among Forum

members• Testing service or reference implementation• Liaise with other initiatives e.g. ECAF, TIE, Identrus

5. Summary

• Lack of interoperability will be a major problem for UK Government

• PKI Forum efforts are very welcome• Ensure that the work is coordinated with other

international efforts

Communications-Electronics Security

Group