[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: certification for pki

To: ghilborn@xxxxxxx
Subject: RE: certification for pki
From: FRousseau@xxxxxxxxxxxxxxxxx
Date: Wed, 21 Jun 2000 12:09:18 -0400
Cc: jean.med@xxxxxxxxxxxxx, ietf-pkix@xxxxxxx

Title: RE: certification for pki

Gene,

However, the major drawback with the Certificate Issuing and Management Component (CIMC) Protection Profile (PP) sponsored/created by the (US) National Institute of Science and Technology (NIST) is that the current version still specifies about 25 new security functional requirements (SFRs) that are NOT included in the Common Criteria (CC)/ISO 15408 instead of using the refinement and/or the iteration operations on existing CC security functional requirements.

In addition, all these additional security functional requirements from the NIST CIMC PP would probably not be recognised through the mutual recognition arrangement (MRA).

Francois
___________________________________
Francois Rousseau
Director of Standards and Conformance
Chrysalis-ITS
1688 Woodward Drive
Ottawa, Ontario, CANADA, K2C 3R7
frousseau@chrysalis-its.com Tel. (613) 723-5076 ext. 419
http://www.chrysalis-its.com Fax. (613) 723-5078

-----Original Message-----
From: ghilborn@csc.com [mailto:ghilborn@csc.com]
Sent: Wednesday, June 21, 2000 10:23 AM
To: ietf-pkix@imc.org
Cc: jean.med@arabtrust.com
Subject: Re: certification for pki

One internationally recognized avenue is an evaluation under the Common
Criteria/ISO 15408. Such an evaluation up to EAL4 is automatically recognized
by the (currently) nine mutual recognition arrangement countries. Two current
problems are (1) that the CC itself does not contain a crypto module evaluation
standard such as FIPS 140-1/2, and (2) there is not yet a consensus and
evaluated Protection Profile for PKI components. Some product vendors have
undertanen evaluations without PPs. FIPS 140-1 is officially US/Canada, but
also widely recognized.

There is a maturing draft PP sponsored/created by the (US) National Institute of
Science and Technology, which offers a selection of four levels of assurance
for certificate issuing and management components (CIMC). See
http://csrc.nist.gov/pki/documents/. For specific crypto module validation, it
references FIPS 140-1, but also includes all the other system security funcional
and assurance requirements appropriate to CIMC.

-Gene Hilborn

jean.med@arabtrust.com on 06/21/2000 06:00:06 AM

To: ietf-pkix@imc.org
cc: (bcc: Gene Hilborn/DEF/CSC)
Subject: certification for pki

Hi,

Is there any internationally accredited certification for PKI

Jean

Follow-Ups:
- RE: certification for pki
  - From: Russ Housley

Prev by Date: Re: certification for pki
Next by Date: Re: certification for pki
Previous by thread: Re: certification for pki
Next by thread: RE: certification for pki
Index(es):
- Date
- Thread