1 Introduction

1.1.1 The Secure Electronic Environment (S.E.E.) Project is developing a Public Key Infrastructure (PKI) for use among NZ Government agencies. Its primary purpose is to authenticate public servants to inter-agency web-based applications classified up to SENSITIVE.

1.1.2 The S.E.E. PKI Project's goal is to promote interoperable PKI solutions within the government, the development of common guidance, and the sharing of information, resulting in economies of scale, reduction of risk, and systems that are fast to implement, and easy to use.

1.1.3 While PKI is based on cryptography, more than just strong cryptographic algorithms are required for it to be effective. Carl Ellison and Bruce Schneier said in a recent article "Security is a chain; it's only as strong as the weakest link. The security of any CA-based system is based on many links and they're not all cryptographic. People are involved."

1.1.4 This document discusses two aspects of the "security chain" in the context of PKI. The first part deals with the architecture of the 'trust-chain', also known as the 'certificate path'. Part 2 discusses PKI's reliance on people, procedures and other aspects of information security.