Defense Messaging System Was: e-Government uses "Authority-stamp-signatures"

To: "Stephen Kent" <kent@xxxxxxx>

Subject: Defense Messaging System Was: e-Government uses "Authority-stamp-signatures"

From: "Anders Rundgren" <anders.rundgren@xxxxxxxxx>

Date: Sat, 21 Dec 2002 11:16:25 +0100

Cc: <ietf-pkix@xxxxxxx>

List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>

List-id: <ietf-pkix.imc.org>

List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

References: <> <>

Sender: owner-ietf-pkix@xxxxxxxxxxxx

Title: Re: e-Government uses "Authority-stamp-signatures"

Steve,

<snip>

This is not a new concept in other environments, e.g., the US DoD Defense Message System sends all official messages with signatures that represent organizations, not individuals. The system was developed and initially deployed starting in the early 90's, I believe.

This is [good] news in my opinion, being an advocate for this kind of "architecture for secure inter-organization information-management". I was though unable to find any decent "rationale" type of paper. To be complete, I would like to mention the pre-PKI systems currently performing maybe some 99% of all inter-organization "e-transactions", that practically all authenticate messages at the business partner (organization) level. It is a bit puzzling that the PKI community in general seems to have a problem with this simple, time-proven, and efficient scheme.

BTW, OASIS will hopefully address these issues in a newly formed PKI TC http://www.oasis-open.org/committees/pki

cheers
Anders