Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Relationship Certs in China

[5 Nov 2005] Stephen presented to the 5th International PKI Symposium in Beijing.

The invited presentation, "Relationship Certificates for Known Customers - a new PKI paradigm" was received enthusiastically. Mine was the only presentation all day to attract a question from the audience, when the Chair of the Chinese Taipei PKI Forum, Han-Min Hsia, took to the stage in response.

Dr Hsia said he worries that the PKI industry is too conservative. In contrast, the IT industry is characterised by its speed of progress. Therefore Dr Hsia appreciated the "innovative ideas from Australia" on how to build better PKIs, and asked for suggestions as to how PKI could make better use of innovation in general in the IT industry.

Of course I agreed that PKI has been too conservative. I suggested that while we do need a radical rethink of how certificates are issued and used, we can preserve the valuable investment made by CAs around the world. Most CAs should probably change their business model to wholesale certificate manufacture over a large number of trusted organisations, professional associations, e-commerce schemes and so on. I went on to suggest that other potential areas for innovation in PKI include adopting accreditation frameworks from other sectors.

An annotated copy of my presentation is available at conference presentations. See also the new Relationship Certificates and Security Printer whitepapers at PKI library.

Throughout the APKIF Working Group meetings this past week, views seemed to be converging on variations of the Relationship Certificates concept. The Japan PKI Forum described a move towards trusted organisations rather than generic certification service providers, and the Korea PKI Forum discussed the use of (multiple) X.509 certificates for the efficient management of long term attributes. Details will follow shortly in my trip report to be posted at Asia PKI Forum.