The Batchelor Public Key Infrastructure (PKI) including it's Certificate Authority (CA) is maintained for the personal use of the Batchelor Family.
Our policy aligns with the Electronic Frontiers Australia (EFA) position on cryptography and independant management of our PKI.
Certificates
Certificate Revocation Lists
What is a public key infrastructure and why is it important?
Public key cryptography requires a user to possess two keys - a private key which must be kept secret and a public key which is usually posted in a public place where other users can obtain a copy of it (see the cryptography FAQ for an explanation of public key encryption and digital signature systems). In short, the purpose of a PKI is to provide the necessary regulation and structure around an encryption system, such that when a digital signature is used that claims to belong to “Person A”, the recipient of the signature has reason to believe that “Person A” has been correctly identified, has managed their key securely, and uses the key in good faith.
The participants in a PKI – including “Certification Authorities” (CA) who issue digital certificates – complete a wide range of tasks including:
They must have a means for providing confidence that a particular public key belongs to a particular user. The way this is usually done is for the person who wants to lodge their key to show up in person at an office of the CA and produce proof of their identity. The CA will then take their public key and digitally sign it with the CA's own key (in a tamper-proof way) to prove that the CA has verified the key belongs to its correct owner.
CAs must have a way of revoking certificates if a user happens to lose or compromise their private key (just as a credit card owner who loses their card needs to cancel it as quickly as possible). The most common way this is achieved is through a “Certificate Revocation List” (CRL).
They must store old digital certificates so that for example, in the event of a dispute at some time in the future, the old public key can be retrieved and used to settle the dispute.
The development of PKIs around the world is in its infancy and a number of different models are being used. Some models are relatively simple and require the key owner to take responsibility for key revocation and key archiving. Other systems provide a full range of services to users.
What progress has been made in Australia in setting up a public key infrastructure?
A number of international Certificate Authorities, operated by private companies, are available for use in Australia. These include Verisign, CyberTrust and Thawte (who have established a ‘web of trust’ to provide for localised verification of identity).
The Australian federal government itself progressed the establishment of a public key infrastructure for its own use. This initiative, called Gatekeeper, is managed by the Department of Finance & Administration.
In acknowledging that public key infrastructure is not a solution for all authentication problems, in 2003 the Government redirected its focus to an initiative known as the Australian Government Electronic Authentication Framework. According to the AGAF website:
The Government is working towards the implementation of an Australian Government Authentication Framework (AGAF) that provides a whole-of-government approach to authentication. The Australian Government recognises that different authentication techniques are needed for different types of transactions, depending on how much risk is involved. The AGAF aims to ensure that Australian Government agencies apply a consistent approach when making decisions about appropriate authentication methods. The AGAF will ensure that Australian Government agencies implement authentication mechanisms that correspond with the level of risk in the transaction.
What is EFA policy on encryption?
Electronic Frontiers Australia (EFA):
supports the widespread availability of strong crypto.
opposes government-mandated key escrow or key recovery.
opposes export controls on cryptography products.
EFA's position is based on the following observations:
the current export controls are a failure because strong cryptography software is already widely available throughout the world.
Australia is one of the few countries in the world that refuses to apply the Wassenaar Arrangement General Software Note waiver to the export of mass market and public domain crypto software.
the current regulations impose unnecessary constraints and costs on business while doing little to achieve their aim of restricting availability of cryptographic software.
the key escrow and key recovery concepts currently encouraged as unofficial policy are fundamentably unworkable and a risk to data security.
no objective case for the benefits of imposing such controls has been made public.
current regulations are stifling Australian initiatives in developing secure communications protocols.
the restrictions on deployment of strong cryptography increase the risk of criminal or terrorist attack on vital infrastructure such as banking, electricity supply etc.
What is the policy of other industry organisations?
Almost all major national and international organisations involved in the information industry have publicly supported the relaxation of strict controls over the use and export of encryption products. Among these are:
International
Federation for Information Processing
(IFIP)
http://www.ifip.tu-graz.ac.at/TC11/
Ad
Hoc Group of Cryptographers and Computer Scientists, 1998.
http://www.crypto.com/key_study
US
Association for Computing Machinery (USACM)
http://www.acm.org/usacm/crypto/
Institute
of Electronics and Electrical Engineers (IEEE)
http://www.ieee.org
American
Association for the Advancement of Science
http://www.acm.org/usacm/crypto/joint_crypto_letter_1997.html
The
Internet Society (ISOC)
http://www.isoc.org
Australian
Information Industry Association (AIIA)
http://www.aiia.com.au
The
Australian Computer Society (ACS)
http://www.acs.org.au/news/caelli.htm
Government and political statements supporting strong crypto:
OECD
Cryptography
Guidelines
http://www.oecd.org/document/34/0,2340,en_2649_34255_1814690_1_1_1_1,00.html
Telecommunications
Legislation Amendment Bill 1997.
Second reading debate,
House of Representatives, 19th November 1997.
Mr. Martyn
Evans, Shadow Minister for Science and Information Technology
http://parlinfoweb.aph.gov.au/piweb/view_document.aspx?id=541570& table=HANSARDR
Review
of policy relating to encryption technologies - the Walsh
Report.
Commonwealth Attorney-General's Department
1996.
http://www.efa.org.au/Issues/Crypto/Walsh/