Mar 2009
Strong editorial team for visual eID standard
During IETF last week in San Francisco we managed to form a really strong editorial team for the new visual eID standard.
This standard will make it possible to bind a visual representation of a certificate to its signature. More information about this project is available on my Visual eID information page.
The editorial team:
Stefan Santesson, 3xA Security is lead editor as initiator and driver of this standards effort.
Russ Housley, Vigil Security. Russ is chairman of the Internet Engineering Task Force and was also co-editor of the original standard RFC 3709 on which this standards effort is based.
Siddharth Bajaj, VeriSign. VeriSign as the world leading provider of public certificates for web servers has been actively promoting a better UI experience for certificate based identification and authorisation. Siddharth has been actively involved with these efforts for almost a decade.
Leonard Rosenthol, Adobe. This standards effort was made possible much thanks to the standardisation of PDF in 2008. Leonard is the standards architect behind the development of an ETSI standard for PDF based Advanced Electronic Signatures (PAdES).
The work to write this standard will start immediately and a first draft will be published soon, no later than end of April. Read More...
This standard will make it possible to bind a visual representation of a certificate to its signature. More information about this project is available on my Visual eID information page.
The editorial team:
Stefan Santesson, 3xA Security is lead editor as initiator and driver of this standards effort.
Russ Housley, Vigil Security. Russ is chairman of the Internet Engineering Task Force and was also co-editor of the original standard RFC 3709 on which this standards effort is based.
Siddharth Bajaj, VeriSign. VeriSign as the world leading provider of public certificates for web servers has been actively promoting a better UI experience for certificate based identification and authorisation. Siddharth has been actively involved with these efforts for almost a decade.
Leonard Rosenthol, Adobe. This standards effort was made possible much thanks to the standardisation of PDF in 2008. Leonard is the standards architect behind the development of an ETSI standard for PDF based Advanced Electronic Signatures (PAdES).
The work to write this standard will start immediately and a first draft will be published soon, no later than end of April. Read More...
Cert Cache adopted as TLS standards work
Today (March 26) at the IETF 74 conference, the TLS working group decided to adopt the certificate cache work with the intention to develop this to a new TLS standard. The decision was made after my presentation of the certcache proposal at the TLS working group.
The basic idea behind this proposal can be found in this blog article.
The first draft (draft-santesson-tls-certcache-00) is available here
Read More...
The basic idea behind this proposal can be found in this blog article.
The first draft (draft-santesson-tls-certcache-00) is available here
Read More...
PKIX Meeting Minutes and Presentations
The PKIX group of the Internet Engineering Task Force met this Monday in San Francisco.
I made several presentations at this meeting but my main focus was on presenting the Visual eID Project and in particular the standards efforts that is required to form a complete technical solution.
Meeting minutes and presentations are available from http://tools.ietf.org/wg/pkix/minutes Read More...
I made several presentations at this meeting but my main focus was on presenting the Visual eID Project and in particular the standards efforts that is required to form a complete technical solution.
Meeting minutes and presentations are available from http://tools.ietf.org/wg/pkix/minutes Read More...
Visual eID project presented at PKIX, March 23
On Monday March 23, I will present the standards mission of the Visual eID project at the PKIX meeting at the IETF 74 in San Francisco.
The presentation is available here
I’m currently looking for partners and sponsors for this project and for this purpose I have created a project information page at http://aaa-sec.com/visualeid/.
The presentation is available here
I’m currently looking for partners and sponsors for this project and for this purpose I have created a project information page at http://aaa-sec.com/visualeid/.
ETSI approves new European PDF signature standard
The Electronic Signature Initiative group of the European Telecommunication Standards Institute, ETSI ESI, approved PAdES, the European standard for PDF Advanced Electronic Signatures on March 18, 2009.
PAdES, or ETSI standard TS 102 778, is ETSI’s continuation of EU commission funded standardization of Advanced Electronic Signatures in support of the EU Electronic Signature Directive from 1999. PAdES is the third signature standard in the ETSI series covering signatures on PDF documents. Previously published ETSI signature standards have specified signatures on XML documents (XAdES) and signatures using CMS (CAdES) where CMS is the ASN.1 based signature (Cryptographic Message Syntax) developed by IETF as part of the S/MIME standards series for secure e-mail.
Read More...
PAdES, or ETSI standard TS 102 778, is ETSI’s continuation of EU commission funded standardization of Advanced Electronic Signatures in support of the EU Electronic Signature Directive from 1999. PAdES is the third signature standard in the ETSI series covering signatures on PDF documents. Previously published ETSI signature standards have specified signatures on XML documents (XAdES) and signatures using CMS (CAdES) where CMS is the ASN.1 based signature (Cryptographic Message Syntax) developed by IETF as part of the S/MIME standards series for secure e-mail.
Read More...
EU Commission action plan on Electronic Signatures and Electronic Identities
The EU commission has released an action plan for harmonisation of electronic signatures and electronic identification among European member states.
You can download the action plan here COM (2008) 798final
A presentation on the action plan held at ETSI ESI in Barcelona, March 17 2009 is here Read More...
You can download the action plan here COM (2008) 798final
A presentation on the action plan held at ETSI ESI in Barcelona, March 17 2009 is here Read More...
Updating the IETF Time Stamp standard
The IETF standard for time stamps is currently being updated - But are the changes really necessary? Read More...
PKI Resource Query Protocol (PRQP) Deployed by Federal Bridge and OpenCA
A fairly new and unknown protocol, the PKI Resource Query Protocol (PRQP) developed in the IETF PKIX Work Group, is being deployed by the US Federal Bride and OpenCA, reports the editor of the current draft, Massimiliano Pala.
Read More...
Read More...
and 
Defining Hash functions without security properties
Do we need hash functions with no security properties in order to not confuse their use with cases when security is a requirement. A current discussion in the International standards community is trying to decide whether to standardise hash functions without security properties.
Read More...
Read More...Visual Electronic Identities
How can we provide applications with standard User Interface tools to display a meaningful representation of an electronic identity (eID)
Read More...
Read More...Optimising TLS handshake through certificate caching
A possible but unexplored optimisation of the TLS handshake is to cache server certificates. I’m proposing a new IETF standard that specifies a method to accomplish this. Read More...
All those Passwords
2009-Mar-08 15:19 Filed in:Authentication | All
Passwords are a menace. A discussion I overheard between young students gave me reason to actually feel hopeful.
Read More...
Read More...Welcome to my blog
2009-Mar-04 18:34 Filed in:All
In this Blog I provide information and personal thoughts related to Internet security.
I hope you will find some useful thoughts here.