Objective of Meeting
Summary
Next Steps
Links
Sponsoring Forum(s)
Messaging
Security
|
Secure Messaging
Objective of Meeting
The Open Group is one of many organizations actively promoting secure (i.e, encrypted)
messaging solutions. In line with the consortium Interoperability Pledge,
this meeting was established to bring groups together to share information and thus avoid
duplicated work.
Summary
Mike Lambert, Director of The Open Group Messaging Forum opened the meeting with
an Introduction
to The Open Group and the Work of the Messaging Forum.
This was followed by the keynote presentation from Michael W Todd, Associate
Director for Information Management, Office of the DoD Deputy CIO. This provided a vision
of the future role of messaging in the DoD's Global Information
Grid Enterprise Services.
All of the approaches to secure messaging being addressed during the day involve the
use of Public Key technology for encryption and digital signatures. In the end-of-day
discussions it was agreed that there really isn't any alternative. Several of the
presentations addressed the challenges of using Public Key technology in the absence of a
ubiquitous Public Key Infrastructure.
- Russell Chung of the American Eagle Group reported on the various Secure Messaging
Challenges completed by The Open Group Messaging Forum and its predecessor, EMA,
including the Federal Bridge Certification Authority Challenge in 2000 and the end-to-end
highly encrypted Secure Messaging Challenge in 2002.
- Chris Gilbert from the Royal Mail in the UK reported on the EEMA PKI
Challenge, which set out to address the interoperability problems associated with the
deployment of PKI, in the process identifying interoperability issues relating to
protocols, directories, and email clients.
- Paul Evans from Booz Allen Hamilton reported on the work of the OASIS PKI
Technical Committee on Obstacles to PKI
Deployment and Usage, which concluded that PKI interoperability standards are
currently inadequate, creating an environment where implementations from different vendors
rarely interoperate.
The US Department of Defense is mandating the use of PKI for Web access and secure
messaging, effective from April 2004.
- Chuck Hall from the DoD PKI PMO gave a briefing on the DoD Interim External
Certificate Authority program. At the request of the speaker, copies of the presentation
materials are only available to meeting attendees. For more information refer to the DISA
web site at http://iase.disa.mil/pki/eca/.
Three presentations in the afternoon session all focused on the use of S/MIME to
achieve secure messaging.
- Ben Littauer, a consultant representing the Massachusetts Health Data Consortium
(MHDC), provided an overview of the IETF S/MIME
activities. (Blake Ramsdell, the Technical Editor of the IETF RFCs, provided
input to this presentation.)
- Michael Chernick, from NIST, presented S/MIME Testing
with NIST, a description of an automated test responder for testing the conformance of
both senders and recipients of encrypted email against a profile of the IETF S/MIME
standard.
- Ken Beer, from Tumbleweed Communications Corporation, presented an update on The
Open Group Messaging Forum's joint activity with MHDC to develop a Secure Messaging
Gateway Certification Program. This entails a new profile of S/MIME for domain-based
security and the development of an associated testing and certification program.
Next Steps
The next quarterly meeting of The Open Group will feature an additional session to
address the implications of the DoD IECA program.
The next meeting of the Secure Messaging Gateway joint working group from The Open
Group and MHDC is in Waltham, MA on November 5th/6th 2003. This meeting will focus
on completion of the S/MIME Domain Security Profile and development of the testing
strategy.
Links
|
