Subject Identification Method (SIM)

1
Subject Identification Method (SIM)
ltdraft-ietf-pkix-sim-00.txtgt

• Korea Certification Authority Central
• Korea Information Security Agency
• Jong-Wook, Park
• (khopri_at_kisa.or.kr)
• http//www.rootca.or.kr/eng/doc_en/doc_en.html

2
Overview

• Document Background
• - In practical, Subject Name in certificate MAY
  NOT GUARANTEE that it is unique for each subject
  entity
• - In some countries, a person/corporation's
  identifier is regarded as a "private or personal
  data" by law
• How to satisfy these requirements?
• Outstanding Characteristics
• - Defined new unique cryptographically secure
  value, VID (Virtual Identifier)
• - Could be embedded in standards such as
  RFC3280, PKCS10, CRMF, PKCS8, PKCS11 etc
• - Already implemented and widely used in South
  Korea.

3
Overall Procedures

• Initialization
• Obtain CAs certificate generate a public key
  pair
• Random string generation
• 160-bit random string, R
• Generating VID
• VID h(h(ID, R))
• Encryption of VID
• EVID E(VID, R)
• Certificate request
• PKCS10 or CRMF/CMP
• Certification
• Put into the VID into the SubAltName extension

h() Hash function (SHA-1 recommended) R
Random string (20byte) E Encryption function ID
Person or Organization Number
4
Use-Cases

• 3 use-cases described in the draft
• Case 1 RP request new users ID and R
• Case 2 RP already knows the users ID
• Case 3 User wants to protect his/her ID from RP

lt Case 1gt

5
Next Step

• Looking for more comments implementations
• Support for the centralized scheme
• Globally unique and secure R for end entities
  MAY be generated by CAs
• The centralized scheme to be included in the next
  draft (draft-ietf-pkix-sim-01.txt)