The National Institute of Standards and Technology (NIST) is taking a leadership role in the development of a Federal Public Key Infrastructure that supports digital signatures and other public key-enabled security services. In doing this, NIST is coordinating with industry and technical groups developing PKI technology such as the Federal PKI Steering Committee and its Technical Working Group (TWG), CommerceNet, Internet's PKIX, and the Open Group. NIST chairs the TWG, which is composed of technical representatives from Federal agencies and industry. Active since October 1994, the TWG has developed initial versions of a requirements document, a concept of operations, a technical security policy, an X509 v3 certificate profile, and an interoperability report. These documents are available below. NIST is represented in the Federal PKI Steering Committee chaired by the Government Information Technology Services (GITS) IT10.03 and maintains contact with the Federal PKI Business Working Group.
In addition to work within the TWG, NIST has several laboratory-based activities. The first activity is developing a Minimum Interoperability Specification for PKI Components (MISPC). This activity involves industry participants through Cooperative Research and Development Agreements (CRADAs). During this activity the NIST PKI Team is (1) exercising implementations of PKI components provided by CRADA participants and examining their features, (2) identifying a minimum set of desirable features, and (3) drafting the specification. Industry participants will have a review period to examine the draft specification and comment on its feasibility. The PKI Team will evaluate the comments received and make the appropriate changes prior to releasing the MISPC to the public domain.
Additional laboratory activities include the development of a Reference Implementation and the initial implementation of a root Certification Authority (CA) for the Federal PKI. The purpose of the Reference Implementation is to have a proof of concept for the MISPC that will be available for testing of commercial implementations. The Reference Implementation need not be as efficient and robust as an operational system but it must be well-behaved and function correctly. The initial implementation of a root CA involves the development of a procurement specification for a CA based on the MISPC and the procurement of an operational CA. The purpose of this root CA is to examine hierarchical and non-hierarchical CA relationships, scalability, and other operational issues. In addition, the minimum interoperability specification will be available to companies and to Government agencies developing their own procurement specifications for PKI components and/or services.
NIST envisions a follow on activity that will develop a test suite for conformance to the MISPC. The test suite may be used in establishing an interoperability validation service for PKI components. Although many details regarding this service remain to be defined, it is likely that independent commercial entities would be accredited to perform the tests.
Additional files may be added in the near future. You are encouraged to check this site periodically for new postings.
Summary of recent updates: (1) There is a new version of the Concept of Operations. (2) We have added Word and WordPerfect files for most documents, in addition to the PostScript versions originally posted.
The following documents are products of the Federal PKI Steering Committee's Technical Working Group. Together, they comprise Version 1 of the Technical Specifications for the Federal PKI. (Note: A certificate and CRL profile will constitute Part E of the Technical Specifications. Part E should be posted in August, 1996.)
Contractor Reports: the following reports were developed by contractors for NIST. These reports do not constitute government positions, but rather detail the advice and guidance provided to the government regarding public key infrastructure.