Information on this web site is preserved for legacy purposes only. The OASIS PKI Member Section transitioned to the OASIS IDtrust Member Section in 2007. OASIS Technical Committees affiliated with the Member Section remain active.
  About PKI Forum PKI Members Join PKI Forum PKI News PKI Events OASIS Members Only  


PKI Resources
 White Papers

Technical Process
 IPR Policy
 TC Process

Technical Committees
 Current TC List

OASIS Network
 CGM Open

OASIS Info Channels
 Cover Pages

PKI Forum News


For further information:
Judith Vanderkay

PKI Forum Advances Interoperability
of Certificate Lifecycle Management

Multi-Vendor Testing of CMPv2 Implementations Aims to Expand PKI

Market SAN MATEO, Calif. -- Jan. 30, 2001 - The PKI Forum Inc., a multi-vendor and end-user industry consortium created to accelerate the adoption of Public-Key Infrastructure (PKI) technologies, today announced the successful conclusion of multi-vendor interoperability testing based on the Certificate Management Protocol version 2 (CMPv2) specifications. The success of this cooperative effort represents a significant achievement, the result of nine months of testing during which a group of PKI Forum members held monthly workshops to identify and resolve interoperability issues surrounding the implementation of CMPv2 specifications. The PKI forum plans to follow-up the successful CMP interoperability testing with similar testing programs for other standard certificate management protocols in common use in the PKI industry.

"Multi-vendor interoperability will definitely ease the deployment of PKI, because organizations will have more confidence in their purchase decision if they have the freedom to select from a range of interoperable products from multiple suppliers," said Lisa Pretty, executive director of the PKI Forum. "Now, through the hard work of the PKI Forum and its members, we are demonstrating that such interoperability is achievable today based on an accepted industry standard." As one of several standards-based interoperability projects currently active under the auspices of the PKI Forum, the CMPv2 interoperability project was initially selected by a critical mass of PKI Forum members who saw the benefit of collaborating to test the base set of functions supported by the CMPv2 specifications. The PKI Forum joined with ICSA Labs, a division of the TruSecure Corporation, to conduct a series of virtual workshops over the Internet to test the specifications that establish the baseline for mandatory CMP functions such as the issuance, revision, and revocation of digital certificates involving multiple Certification Authorities (CAs). "Because CMP is a complex protocol, successfully achieving interoperability faced a number of technical and operational challenges," said Robert Moskowitz, senior technical director, ICSA Labs. "We leveraged virtual workshops over the Internet to maximize the testing value, while simultaneously minimizing the cost to the participating vendors."

A Matter of Trust

Digital certificates are a key component of PKI solutions that foster trust between parties by providing assurances as to the identity of a particular person, company or Web site. Successful interoperability testing between vendors and CAs serves as a critical industry proof-point that will accelerate the acceptance and market growth for PKI products and services. Interoperability between vendors provides application developers and ISVs increased flexibility to develop products for multiple vendors. With interoperability, an organization can select the "flavor" of PKI system and the level of trust placed in different kinds of digital certificates according to specific security needs.

PKI Forum Members Participating in CMP Interoperability Project:

Baltimore Technologies plc





Cylink Corporation


Entegrity Solutions

Entrust Technologies




RSA Security Inc.


SSH Communications Security


TC TrustCenter GmbH

About the PKI Forum
The PKI Forum Inc. is an international, not-for-profit alliance comprised of technology and service providers, integrators and end-users whose purpose is to accelerate the adoption and use of PKI and facilitate interoperability through multi-vendor testing of industry standards and educational outreach. The PKI Forum advocates industry cooperation and market awareness to enable organizations to understand and exploit the value of PKI in their e-business applications. For more information about the PKI Forum, see the PKI Forum Web site at

Selected Statements from PKI Forum Vendors

Baltimore Technologies
"We welcome the adoption of CMP by PKI vendors and we are happy to have taken part in the successful CMP interoperability trials conducted by the PKI Forum. As co-author of the Internet RFC upon which this exercise was based, we're proud to see that our efforts in both the IETF and PKI forum are leading the delivery on the promise of open, interoperable PKI."

Stephen Farrell, Director of Research
Baltimore Technologies

"As a leading provider of wireless PKI solutions, Certicom has always understood the value of open standards and interoperability. Certicom has been active in the PKI Forum from its inception and has provided valuable guidance on issues related to the expansion of PKI standards for the wireless market. By working with other players in the market, we ensure that our products will work with other applications, ensuring maximum benefit for our customers."

Amit Kapoor, Vice President of Product Management

Cylink Corporation
"The announcement of the new standard for CMP protocols is an important step in enhancing the interoperability of PKI solutions and thereby simplifying deployments. Cylink is excited to be a member of the technical group that created this standard and is committed to continuing to implement the PKI Forum's advances in Cylink's NetAuthority PKI as it continues efforts to make PKI more user friendly."

Larry Cosgrove, Director, PKI Business Unit

Entegrity Solutions
"The PKIX CMP standard and the PKI Forum testing is very important to Entegrity Solutions as it is a major step towards achieving interoperability between PKI Infrastructure components and applications. As PKIX CMP becomes prevalent in the marketplace the customer will be able to buy 'best of breed' products without being locked into a single supplier."

John Hughes, CTO
Entegrity Solutions

Entrust Technologies
"Entrust Technologies is totally committed to achieving multi-vendor interoperability, and we have demonstrated our ongoing commitment to this particular interoperability initiative in several ways.  We have been, and continue to be, directly involved in each of the formal multi-vendor interoperability tests; we continue to provide a CMPv2 interoperability component outside our corporate firewall so that other vendors can test with us in between the formally scheduled tests; and, as co-authors of the CMP specification, we have incorporated many of the lessons learned from these demonstrations into the second version of CMP.  We support CMP version 1 in our current product release, and we plan to support CMP version 2 in the future."

Steve Lloyd, Senior Consultant Advanced Security Technology
Entrust Technologies

"IBM is an active participant in the PKI Forum, and we plan to support the new CMP standard in upcoming product releases. IBM, along with its Tivoli Systems division, actively supports interoperability through standards because customers require vendor flexibility when rolling out their e-business initiatives."

Bob Blakley, Chief Security Scientist
IBM's Tivoli Systems Inc.

RSA Security
"RSA Security is committed to supporting open standards that allow the broadest possible interoperability between vendors of PKI software. The CMP test environment of the PKI Forum provided RSA Security with a valuable opportunity to verify interoperability of our CMP implementation with those of other vendors. RSA Security is pleased to participate in the continued efforts of the PKI Forum to advance the widespread deployment of PKI technology."

Andrew Nash, Director of PKI Technologies and Standards
RSA Security Inc.

SSH Communications Security
"Large-scale VPN and IPSEC deployment would not be possible without automated certificate management. Our customers are already seeing major benefits in real applications from the CMP support in the SSH IPSEC and SSH Certifier products. Full interoperability allows customers and system integrators to combine products from multiple vendors to build the best overall solutions."

Tatu Ylonen, CTO
SSH Communications Security Inc

TC TrustCenter
"TC TrustCenter is Certification Authority for the Identrus Level 1 participants - the four leading German financial institutions (Commerzbank, Deutsche Bank, Dresdner Bank, HypoVereinsbank). CMP is used as a PKI management protocol for the communication between TC TrustCenter and the banks Registration Authority Tools that are Identrus compliant. As a certification authority with a strong commitment to high security standards, TC TrustCenter particularly focuses on CMP relevant security aspects. Our goal is to ensure that CMP can also be used in future PKIs with maximum security requirements."

Dr. Peter Biltzinger, CMP Project Manager and IT Consultant
TC TrustCenter

# # #



Copyright © OASIS Open 2006. All rights reserved.