Tim Polk, NIST PKI Program Manager wpolk@nist.gov March 2000 Component, Enterprise, Or Application? Choices In Interoperability Testing Tim Polk, NIST PKI Program Manager wpolk@nist.gov March 2000 October 28, 2019
PKI Interoperability Three different aspects to PKI interoperability Component interoperability Enterprise interoperability Application interoperability October 28, 2019
PKI Component Interoperability Ability to mix and match COTS PKI products Depends upon specification-based messages exchanged between components to support: Certificate requests Certificate renewal Certificate revocation CA RA Client Repository October 28, 2019
Factors For Component Interoperability Algorithm suite Certificate management protocols Certificate issuance Certificate revocation Transport mechanisms October 28, 2019
Enterprise Interoperability Enterprise A PKI CA RA Client Repository A Enterprise B PKI Repository B The ability to connect two enterprise PKIs into a larger functional PKI More than just cross-certification Clients must be able to find and validate meaningful certification paths October 28, 2019
Factors for Enterprise Interoperability Algorithm suite Certificate format and extension set Certificate policies Certificate status information formats Path building and validation across PKIs October 28, 2019
Application Interoperability Enterprise A PKI CA RA Client Repository A Enterprise B PKI Repository B The ability of PKI-aware applications to: Share PKI certificates, key-pairs, and processing modules Rely on different PKI environments to implement security services October 28, 2019
Factors for Application Interoperability Ability to share cryptographic modules OR export/import cryptographic materials Cryptographic application programming interfaces (APIs) Access to path validation and path building utilities Consistency of processing Feature sets October 28, 2019
Does Anyone Care? Yes, to different degrees Application interoperability is the real goal In fact, it’s an expectation, especially for electronic mail Enterprise interoperability is the prerequisite for application interoperability Component interoperability will reduce cost and increase choices - some day October 28, 2019
What NIST Is Doing Promote Interoperability Certificate Formats and Profiles Certificate Management Protocols MISPC V2 (soon!) and interoperability workshops Encouraging multi-algorithm solutions through expanded FIPS, MISPC Pursuing Bridge CA Concept Profiles for PKI-Enabled Application Interoperability Testing October 28, 2019
NIST And Interoperability Testing CMP interoperability workshops Bridge CA demonstration and testing (ongoing) Path Validation Test Suite (end of FY00) S/MIME v3 interoperability testing (FY01) October 28, 2019
S/MIME Interoperability Testing Remote testing against the Van Dyke reference implementation May use NIST issued certificates to eleiminate enterprise interoperability issues OR May use locally issued certificates if your PKI is cross certified with the Federal Bridge CA May be followed by tests for additional applications October 28, 2019
For More Information Tim Polk (301) 975-3348 wpolk@nist.gov October 28, 2019