S.E.E. PKI - FAQs

FAQs

What is S.E.E. PKI?
Is S.E.E. PKI a Public Key Infrastructure (PKI)?
Will S.E.E. PKI be used for businesses and citizens?
Is S.E.E. PKI used for secure email?
Who can be a S.E.E. PKI Certification Authority?

What is S.E.E. PKI?

S.E.E. PKI is an infrastructure for the authentication of government agency employees to inter-agency applications. Examples of its use include Shared Workspace and SEEMail, both of which need to authenticate users from all member agencies. In future S.E.E. PKI may be used for other services like SecureMail to enable encrypted email links to non-government users.

Is S.E.E. PKI a Public Key Infrastructure (PKI)?

Yes, S.E.E. PKI is a PKI with certificates being issued to both operational (SEEMail, Shared Workspace) users, and testers and developers.

Will S.E.E. PKI be used for businesses and citizens?

S.E.E. PKI is targeted at applications that are focused primarily on public servants, but needs to include some external people. For instance, Shared Workspace needs to include subject matter experts throughout New Zealand and, potentially, from around the globe.

S.E.E. PKI is not targeted at applications that are focused primarily on businesses or citizens.

Is S.E.E. PKI be used for secure email?

The SEEMail system is used to protect email traffic among email gateways. This SEEMail gateway-to-gateway secure email system is preferred over individual-to-individual S/MIME because:

we can protect most email in the short-term without the process of issuing individual digital certificates,
we can content check email, e.g. for viruses, at mail gateways,
the installed base of email client software does not have mature S/MIME support.

S.E.E. PKI certificates are used for the SEEMail gateways, rather than individuals.

For more information see the SEEMail information.

Who can be a S.E.E. PKI Certification Authority?

Presently all Digital Certificates used in the SEEMail system and for Shared Workspace are created by the S.E.E. PKI Certification Authority. This was not anticipated when the project was initiated but since then the withdrawal of Baycorp ID Services from the market has left the S.E.E. PKI as the sole provider.

It is anticipated that as the use of PKI becomes more common, more private Certifying Authorities will wish to qualify as S.E.E. PKIs. The criteria for qualification may be found here.