1. Usage of PGP in TACAR 19th OGF Meeting Chapel Hill, USA February 1, 2007 Licia Florio Project Development Officer licia@terena.org www.terena.org

2. Slide 2 Outline What is TACAR ? TACAR trust model Expanding TACAR?

3. Slide 3 What is TACAR? TACAR (TERENA Academic CA Repository) Is a collection of root-CA certificates run by NRENs and other not-for-profit organisations (ie. Grid projects) TACAR Policy Defines the process to gather root-CA-certificates Defines the way to publish the root-CAs on a trusted web site And implicitly: a way for building a PKI-based web of trust within the European academic community (and beyond!) Provides of course some papers to fill in ;-)

4. Slide 4 TACAR Trust Model TACAR Trust model based On face-to-face meeting between the applying CA and TERENA representative or since January 2007 a Trusted Introducer PGP keys can be used after the first face-to- face meeting for later electronic updates

5. Slide 5 Using TACAR Allows for delegation of TERENA s role to a small number of accredited individuals (the Trusted Introducers) Mechanism already used by CERTs One TI per PMA David Groep for the EuGridPMA Yoshio Tanaka for Asia-Pacific PMA Mike Helm for the TAGPMA

6. Slide 6 Why PGP PGP model (web of trust) matches TACAR model PGP provides a relatively secure mechanism not related to the what is stored in TACAR Even if the root-CA is compromised, PGP can still be used S/MIME still not easy to use

7. Slide 7 TACAR beyond certs TACAR hosts more than 35 roots PGP not mandatory but followed by 95% of the CAs Side effect of this: TACAR offers also a way of collecting PGP keys Accreditation/registration procedures already in place It could be re-used to build a PGP repository