Presentation on theme: "PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format."— Presentation transcript:
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format (X.509) Cert types (server, application, signing, assurance levels) CA Root key protection (FIPS level) Identity proofing scheme Key length Key lifetime Key delivery CRL frequency Subject requirements (OU field) Etc. –Start from Jim Hansen Requirements
PKI Strategy CA Self-certification – Legal Document –Certification Checklist Base of sections of RFC for CPS Enumerate requirements from standard that must be met in CPS –CA files affidavit with NAESB certifying compliance CA Declaration/Nomination – Legal Document –Identifies Entitys CA(s) that will be used –Agrees to abide by CAs CPS –Attests to implementation of a PKI security program to keep certs secure –Agrees to liability for use of certs issued to end-entity provided relying party performs CRL check, Root CA validation, etc. –End-Entity files affidavit with NAESB certifying compliance
PKI Strategy OASIS Application Security Standard –Must comply with PKI Standard –Must use CA that has executed Self-Certification –Must have filed End-Entity CA Declaration/Nomination –May require two-factor authentication (token, PIN, etc.) –Other? Tagging Application Security Standard –Etc.