[kictanet] [Skunkworks] Fwd: Kenya’s PKI Destined for Failure?

Adam Nelson adam at varud.com
Thu Mar 21 12:58:41 EAT 2013


I think Brian's original point is well taken.  It's not ideal for a Korean
government agency to hold such important keys.  However, Kenya can't just
start its own key without at least a few years of lead time to get on a
critical mass of browsers and operating systems by default (although it
should start now just to get the ball rolling).  Finland and Turkey have
CAs (although Turkey's was famously hacked with google.com signatures).

I would suggest that the certificate authority for this be one of the most
trusted and common commercial ones - Equifax.  That's what Google uses and
because they're commercial, will probably be more responsive to the needs
of the government than a Koren agency.

-Adam

https://twitter.com/varud
https://www.linkedin.com/in/adamcnelson


On Thu, Mar 21, 2013 at 12:32 PM, Kivuva <Kivuva at transworldafrica.com>wrote:

> Good points from Brian and Evans.
>
> I think the elephant in the room is CCK to be the Root Certification
> Authority. PPP as Brian puts it might be the best way to go, although it
> has its own challenges, as we saw last year when KENIC was facing
> leadership challenges, and discord within the board. Other channels might
> be to tender for local companies to bid to be the RCA. This has worked very
> well in developed countries.
>
> The issue of HR can be sorted if we are willing to empower our youth, by
> say Knowledge Transfer. Unfortunately, these Asians are not very keen
> in transferring such knowledge to the client side of the business since
> they want to be indispensable. But we can be forceful, and find ways to
> train people who will administer the NPKI system. We currently have
> thousands of security experts in the country, and we are willing to learn
> more.
>
> Kind Regards.
>
> --
> ______________________
> Mwendwa Kivuva
>
>
> _______________________________________________
> skunkworks mailing list
> skunkworks at lists.my.co.ke
> ------------
> List info, subscribe/unsubscribe
> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
>
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130321/fc96e272/attachment.htm>


More information about the KICTANet mailing list