Monday, 30 January 2012

Re: [pakgrid] Re: PKI in Pakistan

 

How does an email signature get access to sensitive data ?????



Best regards,

Zahid Jamil
Barrister-at-law
Jamil Jamil
Barristers-at-law
219-221 Central Hotel Annexe
Merewether Road, Karachi. Pakistan
Cell: +923008238230
Tel: +92 21 5680760 / 5685276 / 5655025
Fax: +92 21 5655026
www.jamilandjamil.com

*** This Message Has Been Sent Using BlackBerry Internet Service from Mobilink ***

From: Sajjad asghar <sa4_79@yahoo.com>
Sender: pakgrid@yahoogroups.com
Date: Sun, 29 Jan 2012 14:48:10 -0800 (PST)
To: pakgrid@yahoogroups.com<pakgrid@yahoogroups.com>
ReplyTo: pakgrid@yahoogroups.com
Subject: Re: [pakgrid] Re: PKI in Pakistan

 

Dear Kamran,
First of all PK-GRID-CA is an offline CA, which mean it is totally secure as none of its critical components are attached with any network, this is one way of establishing a CA the other one is having an online CA for which you required an HSM (FIPs level three atleast) which is really expensive. OCSP is something that is required to ensure the availability of up to date information about revocation and it could be setup easily. NCP is using CRL for revoked certificate and it is supported by the LCG project, as NCP is part of this project. I am surprise to see your comment "no root key protection under-writings" in the case of off-line CA root key is protected by not connecting the signing machine to any network and its the physical security that becomes important and it is covered in the CP/CPS. Furthermore PK-GRID-CA is member of IGTF and there are hundreds of CAs that are part IGTF they are running with same kind of CP/CPS as these CP/CPS are written according to RFC 3820 none of the members of IGTF has raise any concern about the security of system. There is a due process in IGTF to get accreditation as CA; a committee accredited PK-GRID-CA after reviewing its CP/CPS. Now NCP is running this CA for almost 8 years and not a single problem related to security has been reported. 
 
The current accreditation of PK-GRID-CA is from IGTF that's why they are issuing certificate to research community for other purposes a new CP/CPS document is required. If there is a community that required digital certificate other than research purposes they can come under the new CP/CPS. In this case certificates are going to be much cheaper than NIFT and more people will be able to afford the digital certificate.
 
In my opinion we need a national CA for this purpose and not some forging company having a potential access to our critical financial and government data (VeriSign in this case is that company).
Br
Sajjad


From: Kamran Meer <kamran.meer@gmail.com>
To: pakgrid@yahoogroups.com
Sent: Friday, January 27, 2012 3:14:26 PM
Subject: Re: [pakgrid] Re: PKI in Pakistan

 
Thanks to Sajjad for bringing this to our knowledge, however if you read the CPS of this PKI established at QAU-NCP Islamabad, many of the controls have "No Stipulation", they have no key escrow arrangement, no up-time guarantees, no BCP guarantees, no OCSP and no root key protection under-writings.

The CPS also adds the disclaimer: "The PK-Grid-CA will issue certificates to entities, which are based and/or having offices in Pakistan, and are intended for cross-organizational sharing of resources. The focus of these organizations should also be in research and/or education."

In conclusion, this PKI is a great initiative taken long before NIFT but it does not compare to the features of NIFT which carries far less risk and root key protection is under-written by VeriSign PKI (now owned by Symantec). Users (even if they belong to research or education organizations) should use the services of the QAU-NCP PKI CA with full knowledge of the prevalent risks, as I have identified above.

Regards,

Kamran Meer

On Thu, Jan 26, 2012 at 11:10 PM, Sajjad asghar <sa4_79@yahoo.com> wrote:
 
Natioanl center for physics has a PKI setup with the name  of Pk-GRID CA ,it was established in 2004 long before NIFT.  Here is website of the  PK-Grid CA
Best Regards
Sajjad Asghar


From: Javed Naushahi <jnaushahi@yahoo.com>
To: "pakgrid@yahoogroups.com" <pakgrid@yahoogroups.com>; "ammar@brain.net.pk" <ammar@brain.net.pk>
Sent: Wednesday, January 25, 2012 2:51:24 AM
Subject: [pakgrid] Re: PKI in Pakistan

 
Dear Jafferi saheb,
 
Do we have moe PKIs / CAs operating in the country in Education or Govt. sector?, other than e-NIFT.
 
Is there any plan to launch low cost PKI, with decades of experience under your belt in e-security.
 
Regards,
 
Javed Naushahi
 

From: "ammar@brain.net.pk" <ammar@brain.net.pk>
To: pakgrid@yahoogroups.com
Sent: Thursday, January 19, 2012 8:46 AM
Subject: Re: [pakgrid] URDU Content on Web

 
Dear Rauf Sb,

This is totally not-for-profit activity and not funded by any
organization. ( For E-Village Project ). All information is public and can
be shared with anyone interseted to get it.

Information provided by few friends has been of great help but as you all
know this is a big job and I would request all those who can help may
provide the required information.

Regards,

Ammar Jaffri








__._,_.___
Recent Activity:
.

__,_._,___

No comments:

Post a Comment