[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: certification for pki

To: "'pgut001@xxxxxxxxxxxxxxxxx'" <pgut001@xxxxxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: certification for pki
From: "Morrill, Dan" <DMorrill@xxxxxxxxxxxxx>
Date: Wed, 21 Jun 2000 10:04:13 -0700

I don't suppose that out there on the net or in committee, there is one
unifying document to take care of both the PKI process and the machinery
that it is stored on as a mutually agreed upon set of standards? If not,
maybe it would be good for this panel to make one?

Just a thought.
r/
Dan Morrill
CSC

-----Original Message-----
From: pgut001@cs.auckland.ac.nz [mailto:pgut001@cs.auckland.ac.nz]
Sent: Wednesday, June 21, 2000 09:48 PM
To: ietf-pkix@imc.org
Subject: Re: certification for pki

ghilborn@csc.com writes:

>It is not a choice of CC vs. FIPS.  The FIPS 140-1 testing pertains
narrowly
>to crypto modules.  The CC evaluation/"torture" process is about the
>system/components for certificate issuance and management meeting its
security
>specification (security target and claimed PP(s)).

Oh, so the interest is in certifying the PKI process rather than machinery
which makes it possible?  In that case there's a whole host of standards to
choose from, from ISO there's ISO 15782-1, Banking - Certificate Management,
from ANSI theres X9.57 Certificate Management and ANSI X9.79, PKI Practices
and
Framework, and from vendors there's both VISA and MC's SET PKI requirements
(which, while in some cases SET-specific), are well thought out.  Would any
of
those be usable as a PP?

Peter.

Prev by Date: Re: certification for pki
Next by Date: Re: certification for pki
Previous by thread: Re: certification for pki
Next by thread: Re: certification for pki
Index(es):
- Date
- Thread