Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    When PKIs Learn to Connect

    By
    Dennis Fisher
    -
    February 23, 2004
    Share
    Facebook
    Twitter
    Linkedin

      As overhyped technologies go, PKI was among the all-time greats. Five years ago, it was being touted as the cure-all for enterprise security woes and an absolute necessity for organizations of any size. But after years of failed pilot projects, maddeningly complex implementation problems and vendor flameouts, customers abandoned public-key infrastructure, and advocates of the technology had few successful implementations to cite.

      Since then, however, the technology has matured, and customers have realized that it can be effective in specific applications. A prime example of this is the Federal Bridge Certification Authority. The 2-year-old project has united the trust infrastructures of a handful of federal agencies, and officials are looking to extend the initiative to private industry groups and foreign governments.

      The FBCA arose of necessity. When the interest in PKI implementations was at its peak three or four years ago, a number of government agencies began laying the groundwork for their own internal certification authorities. As sometimes happens in the federal government, most of these initiatives were ad hoc, with the principals having no idea that other agencies were working on similar projects.

      This meant that each agency was developing its own policies and procedures for cross-certification, as well as selecting its own vendor. The agencies were looking to hook their infrastructures together, but there was no agreement on how to do it.

      Enter the FBCA. The fact that the federal government, never known for its efficiency or innovation, is the driving force behind the initiative only adds to the wonder at its success.

      “There was some recognition within the federal PKI community that the agencies were building their own PKIs with interoperability in mind. But how do you get them to interoperate?” said Gary Moore, senior architect at Entrust Inc., based in Addison, Texas, and one of the vendors involved in the establishment of the FBCA. “People assumed they could buy a [certificate authority] and turn it on without any policy.”

      Technically, the FBCA is not a PKI implementation; instead, it is the bridge through which implementations at individual agencies can cross-certify so that they can communicate with one another. The system is primarily used for secure e-mail right now. The architecture resembles a hub-and-spoke design, with the General Services Administration acting as the hub and each agency or organization representing a spoke. The GSA runs the physical servers that house the CA and acts as the clearinghouse for the documentation detailing what agencies need to do to cross-certify with the FBCA.

      Those policy documents are, in fact, the heart and soul of the FBCA effort. As each agency implemented its PKI before the FBCA existed, they also developed policies and procedures for issuing credentials, revoking certificates and dozens of other mundane operations. When the FBCA was proposed, it quickly became apparent that the effort would fail without a defined master policy to govern all these issues.

      “This was done as a very collaborative project. But the real crux is the policy issues and interoperability policy,” said Judith Spencer, chairwoman of the Federal PKI Steering Committee at the GSA, in Washington. “If youre on the outside of the trust environment, we had to agree on a way to get you on the inside. The technical stuff is easy. There are always smart people to figure that out. But never underestimate the politics. Policy is always the long pole in the tent.”

      Since its establishment in 2001, the FBCA user community has grown to more than 2 million, and Spencer is now at work on an effort to extend the trust environment beyond the Beltway. She has had discussions with a group from the aerospace industry, as well as people in the higher-education community, about tying into the FBCA. Several states have also expressed interest in cross-certifying with the FBCA.

      Most intriguing, however, is the possibility of extending the bridge outside the United States. Spencer has had preliminary discussions with governments in Asia and Europe and said that, aside from the obvious political issues, there isnt much standing in the way of foreign governments hooking into the bridge.

      In fact, she envisions the FBCA eventually being the main portal into the federal government. This goal is one that could hardly have been imagined just three or four years ago, when PKI was among the most-maligned and overhyped technologies in the marketplace.

      “Right now it does everything we wanted it to do,” Spencer said. “The idea behind PKI is to enable trust in a business environment. We have a lot of momentum right now. Bad PKI is bad PKI, but if you do it right, it can be foolproof.”

      Dennis Fisher
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×