The IESG Secretary announced the availability of a proposed modified charter submitted for the Public-Key Infrastructure (X.509) PKIX working group in the Security Area of the IETF. The IESG has not made any determination as yet. As proposed: "The PKIX Working Group was established in the fall of 1995 with the goal of developing Internet standards to support X.509-based Public Key Infrastructures (PKIs).
News
News lets the community share announcements, press releases, and recommended news articles relevant to IDTrust. (Educational materials that are not time-sensitive are listed at Articles and white papers.)
Proposed Recharter of IETF Public-Key Infrastructure (X.509 PKIX) WG
Poor password management may have led to bank meltdown
Huge losses reported by Société Générale were apparently enabled by forgotten low-level IT chores such as password management.
Findings and Recommendations of the Industry/Government FPKI Think Tank
On September 6, 2007, Dr. Peter Alterman, Chair of the Federal Public Key Infrastructure Policy Authority (FPKIPA), hosted a group of PKI experts from government and industry to determine:
1. The strategic direction for the FPKI;
2. Short-term actions in support of that FPKI strategic direction; and
New $2B Dutch Transport Card is Insecure
The new Dutch transit card system, on which $2 billion has been spent, was recently shown by researchers to be insecure. Three attacks have been announced by separate research groups. Let’s look at what went wrong and why.
Read the rest of the story at Ed Felten's blog at http://www.freedom-to-tinker.com/?p=1250.
Can Mid-Market Merchants Comply with PCI Standards In Time?
If you want to transact business with credit cards, you have to follow the rules: the payment card industry security standards. Companies that don't comply face fines or worse. So why aren't more mid-market merchants already in compliance?
By Michael Jackman
CIO Magazine,
January 15, 2008