PKI Forum News
FOR IMMEDIATE RELEASE
For further information:
PKI Forum Advances Interoperability
of Certificate Lifecycle Management
Multi-Vendor Testing of CMPv2 Implementations
Aims to Expand PKI
MATEO, Calif. -- Jan. 30, 2001 -
The PKI Forum Inc., a multi-vendor and end-user industry consortium created to
accelerate the adoption of Public-Key Infrastructure (PKI) technologies, today
announced the successful conclusion of multi-vendor interoperability testing based
on the Certificate Management Protocol version 2 (CMPv2) specifications. The
success of this cooperative effort represents a significant achievement, the result
of nine months of testing during which a group of PKI Forum members held monthly
workshops to identify and resolve interoperability issues surrounding the implementation
of CMPv2 specifications. The PKI forum plans to follow-up the successful CMP
interoperability testing with similar testing programs for other standard certificate
management protocols in common use in the PKI industry.
"Multi-vendor interoperability will definitely ease
the deployment of PKI, because organizations will have more confidence in their
purchase decision if they have the freedom to select from a range of interoperable
products from multiple suppliers," said Lisa Pretty, executive director of
the PKI Forum. "Now, through the hard work of the PKI Forum and its members,
we are demonstrating that such interoperability is achievable today based on an
accepted industry standard." As one of several
standards-based interoperability projects currently active under the auspices
of the PKI Forum, the CMPv2 interoperability project was initially selected by
a critical mass of PKI Forum members who saw the benefit of collaborating to test
the base set of functions supported by the CMPv2 specifications. The PKI Forum
joined with ICSA Labs, a division of the TruSecure Corporation, to conduct a series
of virtual workshops over the Internet to test the specifications that establish
the baseline for mandatory CMP functions such as the issuance, revision, and revocation
of digital certificates involving multiple Certification Authorities (CAs).
"Because CMP is a complex protocol, successfully achieving
interoperability faced a number of technical and operational challenges,"
said Robert Moskowitz, senior technical director, ICSA Labs. "We leveraged
virtual workshops over the Internet to maximize the testing value, while simultaneously
minimizing the cost to the participating vendors."
A Matter of Trust
Digital certificates are a key component of PKI solutions
that foster trust between parties by providing assurances as to the identity of
a particular person, company or Web site. Successful interoperability testing
between vendors and CAs serves as a critical industry proof-point that will accelerate
the acceptance and market growth for PKI products and services. Interoperability
between vendors provides application developers and ISVs increased flexibility
to develop products for multiple vendors. With interoperability, an organization
can select the "flavor" of PKI system and the level of trust placed
in different kinds of digital certificates according to specific security needs.
PKI Forum Members Participating in CMP Interoperability
About the PKI Forum
The PKI Forum Inc. is an international, not-for-profit
alliance comprised of technology and service providers, integrators and end-users
whose purpose is to accelerate the adoption and use of PKI and facilitate interoperability
through multi-vendor testing of industry standards and educational outreach.
The PKI Forum advocates industry cooperation and market awareness to enable organizations
to understand and exploit the value of PKI in their e-business applications. For
more information about the PKI Forum, see the PKI Forum Web site at www.oasis-pki.org.
from PKI Forum Vendors
"We welcome the adoption of CMP by PKI vendors and we
are happy to have taken part in the successful CMP interoperability trials conducted
by the PKI Forum. As co-author of the Internet RFC upon which this exercise was
based, we're proud to see that our efforts in both the IETF and PKI forum are
leading the delivery on the promise of open, interoperable PKI."
Farrell, Director of Research
"As a leading provider of wireless PKI solutions, Certicom
has always understood the value of open standards and interoperability. Certicom
has been active in the PKI Forum from its inception and has provided valuable
guidance on issues related to the expansion of PKI standards for the wireless
market. By working with other players in the market, we ensure that our products
will work with other applications, ensuring maximum benefit for our customers."
Kapoor, Vice President of Product Management
"The announcement of the new standard for CMP protocols
is an important step in enhancing the interoperability of PKI solutions and thereby
simplifying deployments. Cylink is excited to be a member of the technical group
that created this standard and is committed to continuing to implement the PKI
Forum's advances in Cylink's NetAuthority PKI as it continues efforts to make
PKI more user friendly."
Cosgrove, Director, PKI Business Unit
"The PKIX CMP standard and the PKI Forum testing is very
important to Entegrity Solutions as it is a major step towards achieving interoperability
between PKI Infrastructure components and applications. As PKIX CMP becomes prevalent
in the marketplace the customer will be able to buy 'best of breed' products without
being locked into a single supplier."
"Entrust Technologies is totally committed to achieving
multi-vendor interoperability, and we have demonstrated our ongoing commitment
to this particular interoperability initiative in several ways. We have
been, and continue to be, directly involved in each of the formal multi-vendor
interoperability tests; we continue to provide a CMPv2 interoperability component
outside our corporate firewall so that other vendors can test with us in between
the formally scheduled tests; and, as co-authors of the CMP specification, we
have incorporated many of the lessons learned from these demonstrations into the
second version of CMP. We support CMP version 1 in our current product release,
and we plan to support CMP version 2 in the future."
Lloyd, Senior Consultant Advanced Security Technology
"IBM is an active participant in the PKI Forum, and we
plan to support the new CMP standard in upcoming product releases. IBM, along
with its Tivoli Systems division, actively supports interoperability through standards
because customers require vendor flexibility when rolling out their e-business
Blakley, Chief Security Scientist
IBM's Tivoli Systems Inc.
"RSA Security is committed to supporting open standards
that allow the broadest possible interoperability between vendors of PKI software.
The CMP test environment of the PKI Forum provided RSA Security with a valuable
opportunity to verify interoperability of our CMP implementation with those of
other vendors. RSA Security is pleased to participate in the continued efforts
of the PKI Forum to advance the widespread deployment of PKI technology."
Nash, Director of PKI Technologies and Standards
RSA Security Inc.
SSH Communications Security
"Large-scale VPN and IPSEC deployment would not be possible
without automated certificate management. Our customers are already seeing major
benefits in real applications from the CMP support in the SSH IPSEC and SSH Certifier
products. Full interoperability allows customers and system integrators to combine
products from multiple vendors to build the best overall solutions."
Tatu Ylonen, CTO
SSH Communications Security Inc
"TC TrustCenter is Certification Authority for the Identrus
Level 1 participants - the four leading German financial institutions (Commerzbank,
Deutsche Bank, Dresdner Bank, HypoVereinsbank). CMP is used as a PKI management
protocol for the communication between TC TrustCenter and the banks Registration
Authority Tools that are Identrus compliant. As a certification authority with
a strong commitment to high security standards, TC TrustCenter particularly focuses
on CMP relevant security aspects. Our goal is to ensure that CMP can also be
used in future PKIs with maximum security requirements."
Peter Biltzinger, CMP Project Manager and IT Consultant
# # #