Japan E-Commerce Promotion Council on CAs

Robert Hettinga rah at shipwright.com
Thu Apr 10 15:44:30 PDT 1997



--- begin forwarded text


Mime-Version: 1.0
Date: Thu, 10 Apr 1997 11:44:59 -0700
From: jmuller at brobeck.com (John D. Muller)
Subject: Japan E-Commerce Promotion Council on CAs
To: dcsb at ai.mit.edu
Sender: bounce-dcsb at ai.mit.edu
Precedence: bulk
Reply-To: jmuller at brobeck.com (John D. Muller)

     Press release
     Announcement of Certification Authority Guidelines in Japan
     ----------------------------------------------------------------------
     --
     Full Document
     7th, April, 1997
     Electronic Commerce Promotion Council of Japan


     ----------------------------------------------------------------------
     --


     1. Background

     The Electronic Commerce Promotion Project partially funded by the
     Japanese government was started In late 1995 . The project consists of
     19 test-bed projects which experimentally provide various kinds of
     electronic commerce between consumers and businesses. Currently over
     350 companies participate in the projects and more than 500,000
     consumers are presumed to have join. To foster Electronic Commerce(EC)
     in Japan, and also to support and coordinate these projects, the
     Electronic Commerce Promotion Council of Japan (ECOM) was established
     in early 1996. ECOM has set up 14 Working Groups to study a wide range
     of EC related issues. One of these Working Groups is the Certification
     Authority(CA) Working Group which focuses on the technology, practice,
     and legal environment of CA. One of objectives of this CA Working
     Group is to develop the CA Guidelines. The primary draft of the
     Guidelines was made public in the December 1996.

     2. Objectives of the CA Guidelines

     CA Guidelines provide the foundation for the operation of CAs which
     issue digital certificates. A digital certificate, which
     electronically verifies the identity of business parties during
     network transactions, will play an important role in electronic
     commerce conducted via open networks. Digital certification guarantees
     the security of transaction information transmitted through networks,
     and information transmitted between organizations, within
     organizations and between individuals, by eliminating problems such as
     wiretapping, tampering or repudiation. This fosters the reliance and
     trust required to conduct business.

     3. Structure of the CA Guidelines(Alpha Version)

     (1) Introduction

     This section first defines the basic terminology related to CAs, such
     as public keys, certificates, and revocation of certificates, etc. The
     section then deals with the following subjects concerning public key
     infrastructure, which can be regarded as the technological foundation
     of the guidelines:

     (1) certificate management service for issuance, publication, and
     storage of certificates, services relating to the registration and
     management of personal information, and electronic notary, etc. (2)
     hierarchical structure of CAs; (3) purpose of use and format of
     certificates.

     (2) Management requirements

     As management requirements are important for increasing the
     reliability of CAs, establishment and publication of policies relating
     to certification, requirements needed by organizations, operational
     security requirements, and information disclosure requirements are
     stipulated. Within the policy arena the establishment and presentation
     of provisions concerning the requirements for secure operation of
     equipment and facilities, and of provisions concerning standards for
     issuance of certificates are discussed. This section also stipulates
     that organizational requirements must specify independence, third
     party character and specialization.

     (3) Service requirements

     This section specifies requirements for guaranteeing security relating
     to five services that constitute the certificate management service,
     which is the basic service of CAs: management of the keys of CAs,
     issuance of certificates, registration and publicizing of
     certificates, storage and management of certificates, and revocation
     of certificates. For example, in view of the serious consequences of
     leakage or theft, private keys of CAs must be stored in an independent
     special module with high storage capacity, and in an environment that
     does not allow illegal removal of the storage module. Auditing of
     certificate issuance are also discussed. The personal verification of
     the applicant must be divided into three levels and that personal
     verifications should be conducted according to these levels.

     (4) Facilities and system requirements

     This section specifies that requirements conform to measures
     classified under group A of the "Information Systems Security Measures
     Standards," which were announced by MITI in August 1995 and the
     instruction manual was published by the Information Service Industry
     Association in October 1996. Group A requirements relate to
     information systems that affect people's lives, the property of
     others, privacy and other social elements.

     4. Forthcoming Schedule

     ECOM is requesting that member companies and other relevant parties
     offer their comments regarding this guidelines draft. At the same
     time, the guidelines will be applied to the electronic commerce
     test-bed projects sponsored by MITI ( Ministry of International Trade
     & Industry), with the results of these test operations to be
     incorporated in the guidelines. The final version, based on opinions
     obtained from various sectors, is scheduled to be prepared and
     announced by March 1998.

     More information
     E-mail: tawara at ecom.or.jp
     FAX : +81-3-5531-0068
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from the dcsb list, send a letter to: Majordomo at ai.mit.edu
In the body of the message, write:  unsubscribe dcsb
Or, to subscribe,           write:  subscribe dcsb
If you have questions, write to me at Owner-DCSB at ai.mit.edu

--- end forwarded text



-----------------
Robert Hettinga (rah at shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
Lesley Stahl: "You mean *anyone* can set up a web site and compete
               with the New York Times?"
Andrew Kantor: "Yes."  Stahl:  "Isn't that dangerous?"
The e$ Home Page: http://www.shipwright.com/









More information about the cypherpunks-legacy mailing list