Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Babysteps
  • PKI
    • "Public Key Superstructure"
    • The importance of PKI today
    • Relationship Certificates
    • The "Security Printer" model for CA operations
    • Position Paper on PKI Governance in Australia
    • Position Statement on PKI of the Australian Security Industry
    • Audit based public key infrastructure
    • Privacy positive aspects of public key infrastructures
    • PKI Without Tears
    • Rethinking PKI - the electronic business card
    • Leveraging external accreditation to achieve PKI cross-recognition
    • Demystifying international cross-recognition of PKI
    • Will Biometrics Obsolete PKI?
    • Attribute Certificates and their Limitations
    • Problems in Mandating Strong Personal EOI in PKI
    • A vulnerability analysis of roaming soft certificate solutions
  • Privacy
  • Smartcards
  • eHealth
  • Identity & Authentication
  • Lockstep Technologies
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Return on Investment
  • Quotes
  • Links
  • Science generally
  • Downloads

The "Security Printer" model for CA operations

A simple new conceptual model to describe the role of backend CAs, likening them to secure printing bureaus, and thus decoupling CAs from business relationships between PKI end users.

Our historical view of the role of backend CAs has had them tied into the whole of the certificate management process. CAs tend to be joined in liability arrangements and contracts to potentially any wrongdoing or misadventure associated with certificates. CPs, CPSs and user agreements have been correspondingly difficult to construct. To date, the separation of roles of RA and CA has done little to quarantine the two functions from one another, nor to simplify liability arrangements. Accreditation remains complex and sensitive to the slightest changes at either the RA or CA.

This White Paper presents a new way of looking at backend CAs, likening them to conventional security printers, and outlines how a fresh metaphor might help simplify the accreditation of CAs.

Lockstep WP03 CA as Security Printer (1 1)[download, 200Kb]
© 2008 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions