[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: certification for pki

To: FRousseau@xxxxxxxxxxxxxxxxx
Subject: RE: certification for pki
From: Russ Housley <housley@xxxxxxxxxx>
Date: Wed, 21 Jun 2000 22:48:08 -0400
Cc: ghilborn@xxxxxxx, jean.med@xxxxxxxxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <>

Please take a look at the protection profiles being proposed by SPYRUS. You can find them at http://www.spyrus.com/documents/cims. We have released the Level 3 profile to ANSI X9 as a strawman for a financial industry protection profile.

Russ

At 12:09 PM 06/21/2000 -0400, FRousseau@chrysalis-its.com wrote:

Gene,

However, the major drawback with the Certificate Issuing and Management Component (CIMC) Protection Profile (PP) sponsored/created by the (US) National Institute of Science and Technology (NIST) is that the current version still specifies about 25 new security functional requirements (SFRs) that are NOT included in the Common Criteria (CC)/ISO 15408 instead of using the refinement and/or the iteration operations on existing CC security functional requirements.

In addition, all these additional security functional requirements from the NIST CIMC PP would probably not be recognised through the mutual recognition arrangement (MRA).

Francois
___________________________________
Francois Rousseau
Director of Standards and Conformance
Chrysalis-ITS
1688 Woodward Drive
Ottawa, Ontario, CANADA, K2C 3R7
frousseau@chrysalis-its.com      Tel. (613) 723-5076 ext. 419
http://www.chrysalis-its.com     Fax. (613) 723-5078

-----Original Message-----
From: ghilborn@csc.com [mailto:ghilborn@csc.com]
Sent: Wednesday, June 21, 2000 10:23 AM
To: ietf-pkix@imc.org
Cc: jean.med@arabtrust.com
Subject: Re: certification for pki

One internationally recognized avenue is an evaluation under the Common
Criteria/ISO 15408. Such an evaluation up to EAL4 is automatically recognized
by the (currently) nine mutual recognition arrangement countries. Two current
problems are (1) that the CC itself does not contain a crypto module evaluation
standard such as FIPS 140-1/2, and (2) there is not yet a consensus and
evaluated Protection Profile for PKI components.   Some product vendors have
undertanen evaluations without PPs. FIPS 140-1 is officially US/Canada, but
also widely recognized.

There is a maturing draft PP sponsored/created by the (US) National Institute of
Science and Technology, which offers a selection of four levels of assurance
for certificate issuing and management components (CIMC). See
http://csrc.nist.gov/pki/documents/. For specific crypto module validation, it
references FIPS 140-1, but also includes all the other system security funcional
and assurance requirements appropriate to CIMC.

-Gene Hilborn

jean.med@arabtrust.com on 06/21/2000 06:00:06 AM

To:   ietf-pkix@imc.org
cc:    (bcc: Gene Hilborn/DEF/CSC)
Subject: certification for pki

Hi,

Is there any internationally accredited certification for PKI

Jean

References:
- RE: certification for pki
  - From: FRousseau

Prev by Date: Re: AW: self-signed TSA [Was Re: Private Key Cloning]
Next by Date: RE: AW: self-signed TSA [Was Re: Private Key Cloning]
Previous by thread: RE: certification for pki
Next by thread: Re: certification for pki
Index(es):
- Date
- Thread