Pilot Root CA Policy
Pilot Registration Form
(In the process of developing page--
check again soon)
|This project was developed to support emergency
access to encrypted data
where required to support federal agencies needs. The most promising
mechanisms for such access require a security management infrastructure.
Today, the project is focused on the development of a public key
infratructure (PKI) for the Federal government. Such an
can support emergency access to encrypted data for those agencies that
require it, but does not impose additional requirements on agencies
do not require it.
Development of a unified PKI for the federal government presents a number
of technical challenges. While these projects do not directly address
recovery, a security management infrastructure is necessary.
supporting the development of a federal PKI by participating in the
Federal Bridge CA project,
continuing the development of the X.509 path
validation algorithm, and identifying key PKI-enabled applications
S/MIME) for federal use.
While this project has focused on possible methods for accomplishing
key recovery in a PKI environment, it should be noted that a PKI environment
need not support key recovery. In addition, a PKI is not strictly
necessary to accomplish key recovery. However, leveraging a
PKI is perhaps the most promising environment. PKI readily distinguish
between signature keys, where key recovery does not apply, and key
keys. It may be appropriate to apply key recovery to key managment
(depending upon the criticality of the encrypted data.)
In May 1996, the Office of Management and Budget (OMB) released a white
paper titled "Enabling Privacy, Commerce, Security, and Public Safety in the
Global Information Infrastructure". This paper stated that "government and
industry must work together to create a security management infrastructure
and attendant products that incorporate robust cryptography without
undermining national security and public safety". In support
of this goal,
the Key Recovery Demonstration Project (KRDP) was initiated in order
demonstrate the practicability of the recovery of keys that support
in Federal government applications. A pilot program was created
agencies to implement, test and evaluate different key recovery technologies.
brief description of the pilot agency applications is found in the
The National Institute Of Standards and Technology (NIST) issued a
Broad Agency Announcement
(BAA) soliciting products and services to support
this project. Three possible methods of key recovery are depicted in
Key Recovery Examples.
identify the functional and security concerns related to the Federal
need to have emergency access to encrypted data.