Current Status of Japanese Government PKI Systems - NTNU.pptVIP

Current Status of Japanese Government PKI Systems Yasuo Miyakawa*+, Takashi Kurokawa*, Akihiro Yamamura* and Yasushi Matsumoto+ * National Institute of Information and Communications Technology (NICT), Japan+ Information-technology Promotion Agency (IPA), Japan Background There are many e-Government projects around the world Also in Japan As the main system, Government PKI system was constructed In about 2000 There may have been similar projects in other countries in those days Abstract 2 characteristics: I. Bridge Model II. Signature non-repudiation centric Current Status Overview Our Standpoint We have not assumed the responsibility about the design of Government PKI systems - very complicated systems But, we had been consulted by the contractors, system integrators, and ministries Although it was managed to operate up to now… It will not be easy to cope with … I. Before talking about Bridge CA Model Vertically Divided Administration Ministries should have dealt equally No superior Ministries wished to have flexibility I. Trust Model of Government PKI Systems in Japan PKI System Owners Vertically Divided Administration again Prefectures should be treated equally No superior Bridge Model is adopted Actually, identical CPSs and CPs Our efforts regarding Bridge Model In 2002 There was not Trust Status List Test-suite for Japanese government PKI software Testing datum for path validation over Bridge CA IPA’s Contractor /mpki/index.html Our efforts regarding Bridge Model IETF Internet-Draft: Guidance “Memorandum for multi-domain Public Key Infrastructure Interoperability” Already cleared – RFC will be published soon /internet-drafts/draft-shimaoka-multidomain-pki-13.txt Practical factors e.g.: ‘Domain Policy Object Identifier’ Certificate Policy as Domain Policy II. Signature non-repudiation centric The majority of certificates are for Non-repudiation keyUsage bit: set in US style CP: not well utilized, no confusion ? ACT ON ELECTRONIC SIGNATURES AND CERTI