Tele Trus T — Competence Association for Applied

Tele. Trus. T - Competence Association for Applied Cryptography and Biometrics Arno Fiedler (Nimbus Network) Tele. Trus. T Deutschland e. V. E-Mail: arno. fiedler@teletrust. de http: //www. teletrust. de PKI-Forum, Amsterdam, 20 June 2002

Short Presentation for Project: “Unified ISIS-MTT-Specifications for Interoperability and Test Systems“

Tele. Trus. T - General • Promoting the trustworthiness of information and communication technology • Applied Cryptography & Biometrics • founded in 1989 • 110 members: major user sectors, research organisations, developers and manufacturers of security products, government agencies, and test institutes. • non-profit, political independent

weitere PKI-Dienste Single Sign On VPN Zeitstempeldienst Datenauthentizität und -integrität (elektron. Singatur) Verschlüsselte E-Mail (S/MIME) Dateiverschlüsselung Vertrauliche Kommunikation (SSL) Authentifizierung von Usern und Servern ISIS-MTT – The Foundation European Bridge-CA „E-Business“ ISIS-MTT Common ISIS-MTT Specification for Interoperability and Test Systems

Objectives of the project: • Synthesis of already available specifications towards a unified and open standard. • This standard should take into account the current technical and legal requirements and should receive active support by the market players. • Development of a test specification and a test bench, which allows the applications developers to prove their ISIS-MTT-interoperability • Investment protection for users because of exchangeability of single components.

Involved partner organizations: T 7 e. V. i. G. (direct) (ISIS-Spec. ) • interest group of leading (german) providers of certification services. Tele. Trus. T e. V. (direct) (Mail. Trus. T-Spec. ) • competence association of major companies and organizations concerned with trusted digital communication. Additional Bodies comprise (selection): • • AG INDI (indirect) Bundesverband Deutscher Banken (indirect) Media@kom-Projektpartner (indirect) Arbeitsgemeinschaft Karten im Gesundheitswesen (indirect)

ISIS-MTT document structure: ● Part 1: Certificate and CRL Profiles, ● Part 2: PKI Management, ● Part 3: Message Formats, ● Part 4: Operational Protocols, ● Part 5: Certificate Path Validation, ● Part 6: Cryptographic Algorithms, ● Part 7: Cryptographic Token Interface, C O R E S P E C ● Profile: Sig. G-conforming Systems and Applications and ● Profile: Optional Enhancements to the Sig. G-Profile. O P T I O N A L

ISIS-MTT- behind the cover # Object Content of the ISIS-MTT-Core-Profile 1 Certificate Profile Standard X. 509 V 3; Qualified Certs According ETSI QCP (RFC 3039 ) Attributes allowed in Key Certificates 1. 3 Attribut Certificate Standard X. 509 V 2 1. 4 CRL Standard CRL (including Delta CRL) 2 PKI Management Simple PKI-Management as in CMC 3 S/MIME Subset of S/MIME for mail 4. 2 LDAP Standard LDAP V. 3, no restrictions to DIT 4. 3 OCSP Standard OCSP Optional extension for positive statement 4. 4 TSP Standard TSP, no profiling yet 5 Certificate Path Validation Standard PKIX procedures 6 Algorithms etc look to: www. teletrust. de 7 PKCS#11 Profile

ISIS-MTT and the Infrastructure: C A X S S E N D E R E M P F Ä N G E R

Actions planned for 2002 • Development of a usable test bench for realistic test of applications and services. • Awarding of a “Quality Seal” for applications with proven interoperability. • Further development of ISIS-MTT specification. • Further contribution from the specification to the international standardization. • Strengthening of public relations and project management. • Development of a XML-Profile.

Core theses for ISIS-MTT: • ISIS-MTT is a free-of-charge offering to PKI integration to all applications developers. • ISIS-MTT is internationally aligned, existing standards are used an extended • ISIS-MTT defines a complete security architecture: encryption, authentication and signing. • ISIS-MTT provides for different security levels; legal binding according to German signature law is just an option. • ISIS-MTT interoperability criteria are publicly defined and provable through a test bench.

Testbed Prototype Platform ldap smtp pop 3 CUT dns EE Component LDAP-Server LDAP-Client Mail-Server DNS-Server Web-Client ldap smtp ocsp http Test Tools Test Data CGI-Skripts ocsp http File Transfer Web-Server http File Transfer Web-Browser Tester File Transfer CUT CA Component

ISIS-MTT-Serviceprovider: DATEV e. G. D-TRUST Gmb. H ITSG Deutsche Telekom AG Telesec TC Trustcenter CCI Sema Group Fraunhofer IBT Addtrust AB Medizon AG WV Deutscher Apotheker

ISIS-MTT-Application-Provider: Applied Security Gmb. H BGS Systemplanung Gmb. H Curiavant Gmb. H CV Cryptovision Gmb. H DATEV e. G. DE-CODA Gmb. H Microsoft Inc. Secartis Gmb. H Secrypt Gmb. H SECUDE Gmb. H Signcard Gmb. H TÜV Süddeutschland Utimaco AG Faktum Gmb. H

ISIS-MTT-actual and potential user: Deutsche Bank AG Dresdner Bank AG Daimler-Chrysler BSI Kassenärztliche BV Siemens AG Siemens BMW Sparkassen Informatik Bank 24 Cable & Wireless SAP Giesecke & Devrient Athur Andersen

ISIS-MTT-Lessons learned: • Don´t discuss the legal aspects too much, you can´t find a 100 percent solution! (not even 80 %) • To get a committment for a profile like ISIS-MTT is hard work, lobbying doesn´t work via e-mail. • Try to understand the needs of the different markets, but take care about „specific requirements“ which are propriatory. • Keep the project interesting, the work is never done. (Testbench, XML. .

Contacts for the project • Tele. Trus. T: www. teletrust. de Mr. Prof. Helmut Reimer, Tele. Trus. T e. V. Helmut. Reimer@teletrust. de Mr. Schneider und Herr Giessler (Editor), Fraunhofer SIT Mr. Bauspiess, Secorvo • T 7 e. V. i. G. : www. t 7 -isis. de Mr. Bernd Kowalski, DT AG, telesec; bernd. kowalski@t-systems. de Mr. Lindemann, TC Trustcenter Mr. Pfeuffer, Datev Mr. Horvath (Editor), Secunet Ms. Ulrike Korte, Sparkassen Informatik Kooperation • Project management and public relations: Mr. Fiedler, Nimbus Network; Arno. Fiedler@teletrust. de