Educause Security Discussion mailing list archives
Info relating to PKI
From: Don Murdoch <dmurdoch () ODU EDU>
Date: Wed, 15 Feb 2006 07:58:28 -0500
Greetings. Here are some thoughts regarding PKI, based on my work in a former campground where I assisted in developing a UETA compliant digital signature application. UETA …You should read about this legislation and determine how far you want to go w/ digi-sig’s. The natural inclination is to replace a blue ink signature, which historically has had the “force of law” (if I have that phrase correct). For instance: http://www.dir.state.tx.us/standards/UETA_Guideline.htm Searching Google… Use this phrase “certificate service practice statement filetype:pdf” and you will find the CPS of many, many firms. From a procedural point of view, in order to have longevity w/ PKI you need a CPS. From a keeping your hair point of view, figure out how you are going to renew certificates annually. From a sanity perspective, decide now if you are going to use tokens and if so what OS’s you plan to support. Research … You should research the Higher Ed Bridge Certificate Authority, which is based on the Fed Bridge C.A. Interesting reading. Echoing Valdis…. The only “signature” that will stand the test of time is one that is cycled through a token device, where the token device must have been present at the time of signing the document AND the user needed to enter the PIN to access the device. It is possible for malware to acquire the PIN via keylogging, but w/o the device you cannot perform the signature. Companies: Check out eOriginal and Compass (in Chesapeake), amount others. At least these two manufacture digital signature products (e-vaults). The one from Compass did have patent(s) applied to it. Building Root CA’s: My GCUX paper describes developing a Root CA and hardening the UNIX platform that it would reside on. This paper was specifically designed to address the Higher Ed Bridge CA / Fed Bridge CA requirements. http://www.giac.org/certified_professionals/practicals/gcux/0225.php - djm - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Don Murdoch, CISSP + 10 others Information Systems Security Officer Tel: 757-683-4580 Office of Computing and Communications Services Fax: 757-683-5155 Old Dominion University - Norfolk, Virginia This signature block is not a digital signature under UETA,. This email may contain private or confidential University information. If you received this message in error, inform the sender and delete it.
Current thread:
- Info relating to PKI Don Murdoch (Feb 15)