November - 2008
(I think I have now got the correct place to start a new thread - sorry for last stuff-up)
Since I can remember Open Products in general, focused on PGP as a non standard offering for free security methodology.
Out of mainstream commercial use PGP continued to become the de-facto standard as it avoided costly production and verification by limited CA’s.
Most all CA’s offer free and unlimited S/MIME Certificates and SSL Certificates remain a cost item and so they should.
Would you be happy for a NON CA to start to create either their own or free SSL certificates which would make a mockery and dilute safe Https traffic.
Now Open Products including OpenSuse are knocking on the door of major commercial, government and military Domains.
Fully supported SLES and SLED continues to offer the commercial wold a real time contender Operating Systems but we fail in adopting Global Standards in security and validation.
For Suse Linux and indeed Open Browsers and Email Clients there is a very poor and limited uptake of Global Security Standards to the point where Commercial, Government and Military domains can not consider the real-time use of any Open Software which fails in providing support for the Global Security Standard.
In order for us to provide a real world alternative operating systems and applications we can no longer accept Application Clients like Groupwise etc. to bridge the gap in global acceptance. Current handling by either Browser or Email Clients, with respect to correct handling and disposition messages remains poor or completely ignored.
It is clear that we need to look where the PKI Standard emanates and find that it is indeed a NON proprietary standard.
The PKI Standard is formulated by participating Countries of the United Nations, where the standard is defined and available to the World as a non-commercial standard without digital rights. ALL PKI Email Client and Browser handling is documented, however we do not follow it.
-
Best Practice for PKI users
https://www.eema.org/pki-challenge/files/pkiC_82.pdf
All PKI products are highly configurable. This paper aims to provide guidance to those organisations that wish to exploit applications supported by PKI and maximise the chances of interoperability with other PKIs. -
Recommendations for vendors
https://www.eema.org/pki-challenge/files/pkiC_83.pdf
This document considers the implications for the vendor community in light of the conclusions of the pkiC, and makes recommendations about the features and levels of support for standards that PKI products should exhibit to encourage interoperability between users of different vendors’ products. -
Challenges for the PKI Industry
https://www.eema.org/pki-challenge/files/pkiC_84.pdf
Aimed at standard bodies, the European Commission, other groups with an interest in this area, and other participants, this paper outlines some of the technical challenges still facing the industry.
I would like to introduce this message as a possible introduction to the discussion to be had by interested and effected parties. This does need to happen soon as we are creating and developing security standards that will not be accepted, the single most startling of which is the functional ability to remove CA validation of PKI certificates from Browser and Email Clients alike.