csg ca workshop
DESCRIPTION
CSG CA Workshop. January 7, 1999. Needs Are well known. Secure identification (NetID/passwords) Secure administrative systems Electronic commerce via web sites Private email Etc. Barriers are also well known. Certificate standard Key or Certificate Authority - PowerPoint PPT PresentationTRANSCRIPT
CSG CA Workshop
January 7, 1999
Needs Are well known
• Secure identification (NetID/passwords)
• Secure administrative systems
• Electronic commerce via web sites
• Private email
• Etc.
Barriers are also well known
• Certificate standard
• Key or Certificate Authority
• Public Key (Certificate) Infrastructure– Ability to revoke– Ability to check revocation– etc.
• Interoperation across institutions?!
Goals of this Workshop• To explore the state of the practice for
Certificate Infrastructure– On a campus and across campuses
• To identify model practices and remaining issues
• Ultimately CREN hopes to identify and promulgate a model set of practices
Summary: Understanding the Problem
• The issues for electronic identification are complex, e.g., – Know your data - who deserves credentials is a key question
• and individuals likely need a set of credentials
– Multiple identities - as an individual, as a group– electronic identity becomes a basis for trust– many authorities, distributed model in the analog world– and much more
• The technology can only be successfully deployed with a full understanding of the nuances of identity and trust as used today
• Less than thoughtful use of this technology will not succeed regardless of the technical sophistication
Summary, Technology in Search of a Problem
• Public/private key encryption is so cool, it must be good for something
• But, no PKI, many standards & applications in the space, but none that meet the need
• IETF PKIX working group is looking at these issues
Summary: Practice at Princeton
• Local CA signed by CREN as a root
• Legal sign-off
• Using Netscape CA server
• Email actually worked for sophisticated users
• Key escrow required
• See Michael’s presentation for details
Conclusion• We are still iterating between understanding the problem and
inventing technology– Beginning to drive the technology from the understanding
• Not ready for prime time, but very active area
• Desperately need proof of concept implementations
• When will Certification move from being a technical discussion to a business discussion?– A Higher Ed CA may be a cart ahead of the horse
• Significant policy issues, e.g., escrow, archival
• CSG and more action item:– Get vendors to support X.509 v3 CA constraint extension