US DOD Bridge Certification Authority Final Report Available

["Fillingham, David W." <dwfilli@xxxxxxxxxxxxxx>]

The US Department of Defense recently completed a Bridge Certification
Authority (BCA) Technology Demonstration.  The final report for this
demonstration may be obtained at:  http://www.anassoc.com/BCA.html

Important features of the demonstration:

*  Establishment of trust relationships through the BCA among five Public
Key Infrastructure (PKI) domains, comprising three different PKI vendors;
*  Establishment of directory connectivity among the five domains;
*  Demonstration of the border directory concept;
*  Development and processing of certificate paths through the BCA;
*  Application processing of multiple Certificate Policies to accept or
reject certificates based on assurance level in a policy-heterogeneous PKI;
*  Transfer of signed data between applications constructing certificate
paths that include the BCA;
*  Transfer of both signed and encrypted data between applications
constructing certificate paths that include the BCA;
*  Demonstration of cryptographic algorithm agility; and,
*  Demonstration of access control of security labeled information in both
store-and-forward and web-based environments based on authorizations
contained in attribute certificates.

The report describes the demonstration objectives, implementation, and
results.  Of particular interest to the IETF may be the "lessons learned"
section of the report, that describes some of the standards interpretation
issues that may arise when attempting to interoperate with different PKI
implementations.

Dave Fillingham
US Department of Defense