Public Key Infrastructure (PKI) Study Group
The focus of this study group is to examine the reliance concerns and processing issues related to “Certificate Authority” third party service providers and the possibility of operating a centralized Certificate Authority specifically devoted to the financial services industry. This would be a Certificate Authority on which trust for current and future financial industry security could rely upon as a fully interoperable point of service that would exist above any question of security, user authentication, or commercial interest. It would also be independent of rules and requirements from other industry groups which have much different needs than the financial community.
Existing commercial Certificate Authorities exist primarily for the Web PKI, that is, the general usage of the Internet by businesses and individuals. This has traditionally been governed by Browsers, who consume certificates in order to present security information in their user interface. However, Browsers and the financial community interests aren’t always aligned. Hence when Browsers dictate policies which Certificate Authorities are forced to follow, the financial community has no choice but to go along.
This group will examine options to determine a way that would protect the financial communities interest while maintaining a strong security posture. Contact us if you’d like to participate.