URL Correction: NIST Deprecates the Bridge Concept

["Anders Rundgren" <anders.rundgren@telia.com>]

It was not only the language that maybe was a bit over the top, the URL was in some way associated with a web-mail system.
Really nice that it did not show up until you clicked on it!  Sigh...

Try this one: http://www.gcn.com/print/25_9/40506-1.html

 

Anders

----- Original Message -----
From: Anders Rundgren
To: Multiple recipients of list
Sent: Thursday, April 27, 2006 11:59
Subject: Correction: NIST Deprecates the Bridge Concept


Dear list,

Pardon, the subject line of my previous message.  I have waited five years or so for this to happen and when it finally happened I got a bit carried away.  A somewhat more "moderated" analysis is as follows:

http://www.gcn.com/print/25_9/40506-1.html

<GCN.Quote>

"It's much harder than we thought it would be," Burr said. "We've backed the wrong horse any number of times." He said one of these wrong horses was the decision to use a bridge certificate authority rather than a single central certificate authority to issue and manage digital certificates

</GCN.Quote>


Although Mr. Burr indeed later endorsed the Bridge concept as a long-term goal, the immediate effect (if the US government proceeds as the article described), is that vendors, allies, and consultants will likely back away from this solution.

In the mean-time, simpler and cheaper approaches like "gateways", will effectively remove the need to ever resurrect the Bridge.   A client-centric Bridge CA concept also does not support the design of integrated organization-to-organization workflow applications, something which ought to be the long term goal for the US government IT.  What security principles they use (as long as they work), should be of secondary importance.

Regarding analysis of processes, there is actually quite a collection of papers to read, and very few of them show a need for a trust model where an employee/associate of one organization needs to be fully trusted/qualified by another organization.  A model where the "organization" becomes the primary entity (like in Shibboleth/SAML), scales better, allows arbitrary employee privacy protection, and probably works entirely satisfactory in 99 cases of 100.  Using a 2-layer credential and signature structure (gateway PKI + local PKI), you can easily take the last percent as well.


It should be like VeriSign's Phillip Hallam-Baker said on the PKI Workshop 2006:

"If I send a message from my company, I expect my company to secure it".

If it had not been for the Bridge, we could actually have had secure e-mail today.  Not only within isolated islands, but for every
Netizen.


/anders