What We’re Working On
An overview of some of the activities the PKI Consortium (PKIC) is working on
Members of the PKI Consortium share information about the work of other relevant organizations and meetings. Engagement and knowledge sharing, including among members and reports from third party, are important to us. At our meetings members often provide updates on PKI-related meetings and conferences they attended, and may post updates to our website.
Improving quality of address information in certificates
To improve the quality of address information in digital certificates the PKI Consortium is collecting authoritative data and engaging with organizations such as the Universal Postal Union (a United Nations specialized agency and the postal sector’s primary forum for international cooperation) to better understand the local addressing systems and to validate data that is not generally available. We’re starting with the state or province data field and will then extend the reach of our linter to other address fields such as street address, locality, and postal code.
List of Trust Lists
They have many names, such as ‘trusted root list’, ‘trusted root store’, ‘trust store’, ‘approved trust list’, etc. The PKI Consortium is curating a global List of Trust Lists (a list of root, intermediate or issuing CA certificates accepted by a public, private, industry, or solution-specific PKI), one that is not limited to a specific purpose, region or size, and is open to anyone to contribute. Each list will be documented as a YAML file and hosted on GitHub, this makes it easier to read for humans while retaining version control and allowing systems to process and analyze the data.
Remote Key Attestation
Key attestation, in this context, is the technical ability to prove to a remote party that a private key was generated inside, and is managed inside, and not exportable from, a hardware cryptographic module. While several vendors offer remote key generation services, they all do it differently. This makes it hard or even impossible to scale usage of remote key attestation and create trust across the ecosystem. The PKI Consortium will start by creating a simple market survey, to make a list of the different available key attestation solutions being used by different vendors (including questions on how they work and are used technically).