Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » S.E.E. PKI - Scope » Where to from here

Where to from here

The S.E.E. PKI sub-project team has scoped and implemented a PKI to authenticate public servants to inter-agency applications like the S.E.E. Workspace and CFISnet. This is in keeping with the S.E.E. project principle "start small, learn, scale fast".

The encryption requirement for these applications is to prevent eavesdropping communications. This will be achieved by SSL/https. Encryption of stored material is not within scope. The project team has deferred encryption of individual e-mail due to e-mail client variability, product immaturity and the availability of S.E.E. Mail.

Legal digital signature / non-repudiation is not required, as most government interactions are between two parties that know each other, and already know their accountabilities/levels of trust. The risk of liability is low as government agencies cannot sue each other.

The advantages of developing an authentication only PKI were:

  • Significantly less documentation required

  • No liability issues c.f. digital signatures

  • Less key management required c.f. key recovery of lost encryption keys

  • No repudiation issues c.f. digital signature time stamping

  • No archival issues, c.f. recovery of encrypted information in the future

  • No archival issues, authentication is typically a real-time action c.f. long term authentication of digital signatures

To construct the PKI Management framework, the S.E.E. PKI sub-project undertook the following specific steps:

  • Developed PKI policy guidance discussing a limited range of policy issues relevant to an authentication PKI-including appropriate usage, privacy and trust levels.

  • Ensured the preparation of a program plan for the authentication PKI. The program plan defined roles and responsibilities among participating agencies and identified milestones and resources needed to develop, deploy, and maintain a PKI and associated applications, including the need for PKI-related training.

  • Ensured the development and periodic review of technical guidance, as use of authentication PKI technology in the public and private sectors broadens and standards develop and mature.

  • Ensured, through ongoing oversight of information security activities, that agencies were adhering to authentication PKI policy and technical guidance, including providing justification for nonparticipation.

  • Defined the required next steps for further development of the S.E.E. PKI, e.g. expanding the PKI to include certificates for encryption and/or adding digital signature/non-repudiation.


[ Previous | Next ]