Mar 2009

Strong editorial team for visual eID standard

During IETF last week in San Francisco we managed to form a really strong editorial team for the new visual eID standard.

This standard will make it possible to bind a visual representation of a certificate to its signature. More information about this project is available on my
Visual eID information page.

The editorial team:

Stefan Santesson, 3xA Security is lead editor as initiator and driver of this standards effort.

Russ Housley, Vigil Security. Russ is chairman of the Internet Engineering Task Force and was also co-editor of the original standard RFC 3709 on which this standards effort is based.

Siddharth Bajaj, VeriSign. VeriSign as the world leading provider of public certificates for web servers has been actively promoting a better UI experience for certificate based identification and authorisation. Siddharth has been actively involved with these efforts for almost a decade.

Leonard Rosenthol, Adobe. This standards effort was made possible much thanks to the standardisation of PDF in 2008. Leonard is the standards architect behind the development of an ETSI standard for PDF based Advanced Electronic Signatures (PAdES).

The work to write this standard will start immediately and a first draft will be published soon, no later than end of April.

Cert Cache adopted as TLS standards work

Today (March 26) at the IETF 74 conference, the TLS working group decided to adopt the certificate cache work with the intention to develop this to a new TLS standard. The decision was made after my presentation of the certcache proposal at the TLS working group.

The basic idea behind this proposal can be found in this
blog article.
The first draft (draft-santesson-tls-certcache-00) is available

PKIX Meeting Minutes and Presentations

The PKIX group of the Internet Engineering Task Force met this Monday in San Francisco.
I made several presentations at this meeting but my main focus was on presenting the Visual eID Project and in particular the standards efforts that is required to form a complete technical solution.

Meeting minutes and presentations are available from

Visual eID project presented at PKIX, March 23

On Monday March 23, I will present the standards mission of the Visual eID project at the PKIX meeting at the IETF 74 in San Francisco.

The presentation is available here

I’m currently looking for partners and sponsors for this project and for this purpose I have created a project information page at

ETSI approves new European PDF signature standard

The Electronic Signature Initiative group of the European Telecommunication Standards Institute, ETSI ESI, approved PAdES, the European standard for PDF Advanced Electronic Signatures on March 18, 2009.

PAdES, or ETSI standard TS 102 778, is ETSI’s continuation of EU commission funded standardization of Advanced Electronic Signatures in support of the EU Electronic Signature Directive from 1999. PAdES is the third signature standard in the ETSI series covering signatures on PDF documents. Previously published ETSI signature standards have specified signatures on XML documents (XAdES) and signatures using CMS (CAdES) where CMS is the ASN.1 based signature (Cryptographic Message Syntax) developed by IETF as part of the S/MIME standards series for secure e-mail.

EU Commission action plan on Electronic Signatures and Electronic Identities

The EU commission has released an action plan for harmonisation of electronic signatures and electronic identification among European member states.
You can download the action plan here
COM (2008) 798final
A presentation on the action plan held at ETSI ESI in Barcelona, March 17 2009 is
here

Updating the IETF Time Stamp standard

The IETF standard for time stamps is currently being updated - But are the changes really necessary? Read More...

PKI Resource Query Protocol (PRQP) Deployed by Federal Bridge and OpenCA

A fairly new and unknown protocol, the PKI Resource Query Protocol (PRQP) developed in the IETF PKIX Work Group, is being deployed by the US Federal Bride and OpenCA, reports the editor of the current draft, Massimiliano Pala.


Events in March - ETSI ESI#23 and IETF 74



Defining Hash functions without security properties

Do we need hash functions with no security properties in order to not confuse their use with cases when security is a requirement. A current discussion in the International standards community is trying to decide whether to standardise hash functions without security properties.


Visual Electronic Identities

How can we provide applications with standard User Interface tools to display a meaningful representation of an electronic identity (eID)

Optimising TLS handshake through certificate caching

A possible but unexplored optimisation of the TLS handshake is to cache server certificates. I’m proposing a new IETF standard that specifies a method to accomplish this. Read More...

All those Passwords

Passwords are a menace. A discussion I overheard between young students gave me reason to actually feel hopeful.


Welcome to my blog

In this Blog I provide information and personal thoughts related to Internet security.
I hope you will find some useful thoughts here.