[kictanet] [Skunkworks] Fwd: Kenya’s PKI Destined for Failure?

Warigia Bowman warigia at gmail.com
Thu Mar 21 16:50:28 EAT 2013


Dear Brian

Thank you for this very thoughtful discussion.

   1. *Inertia*: CCK has proven to be very poor at the timely execution of
   functions that fall outside their core mandate of licensing, regulation and
   resource management. A perfect example is the implementation of the
   Universal Service Fund, which CCK insisted on handling as an inhouse
   function instead of facilitating the setup of a dedicated entity to handle
   the task. It has been over 6 years since regulation and legislation
   regarding the USF came into place and there is still nothing to speak of. I
   will reserve this as a subject for another day (it is a long and detailed
   one!)

Erm, am I the only one embarassed that all of our neighbors have a
functional USF, but Kenya does not?

*Recommendations*

The Government should immediately consider adopting a *Public Private
Partnership* approach for the implementation of Kenya’s NPKI. This is
especially timely because we now have a fully ratified Public Private
Partnership Policy that provides a variety of models for project
implementation. This will not only ensure involvement from crucial
stakeholders but also free the Root Authority from the problems highlighted
above (and probably many others) while at the same time ensuring that
enough private sector energy and enthusiasm is infused into the project so
that it moves with speed and determination. Success stories such as KENIC
and TEAMS show that it is not only possible but that it can be done with
ease.

PPPs are the respected model for many kinds of endeavors, and this is a
very strong suggestion.

Yours, Warigia

On Thu, Mar 21, 2013 at 8:24 AM, Lucy Kimani <lkimani at yahoo.com> wrote:

> Ali and Brian +1
>
> CCK can be the CA for the government but there has to be Private Sector
> based CAs as well to avoid conflict of interest.  What may seem complex
> when broken down may not be all that bad as evidenced in this paper:
>
> http://www.articsoft.com/whitepapers/AustPKI03SMr2.pdf
>
> I especially like the not always waiting for the government "The business
> and Internet communities are not waiting for some over-arching system to be
> put into
>
> ****
>
> place by governments or agencies such as the UN. They are seizing
> opportunities as they arise, putting in place systems that they trust and
> selecting their own RCA – a PRIVATE RCA – if they select one at all. An
> example of this is the Secure Electronic Transaction (SET) PKI developed by
> Visa and MasterCard. Figure 4 represents the basic SET PKI as identified by
> Ford & Baum.  A new version of the SET protocol has recently been
> introduced, sometimes referred to as 3DSET.  It
>
> ****
>
> expects to provide the customer with a provable digital receipt for a
> transaction, establishing the formality of the contract between the
> customer and the merchant, something that was lacking in the original
> implementation."
>
> VISA introduced 3D SET in 2000 to address issues with SET PKI.
>
> 3D SET simplifies the SET protocol into three domain Model:
>
> ****
>
>   1) acquirer domain,****
>
>   2) issuer domain,****
>
>   3) interoperability domain.****
>
> 3D SET provide a flexible framework that allows banks and acquirers to use
> their method to authenticate cardholders and merchants in a transaction.
>
>
> --- On *Thu, 3/21/13, Ali Hussein <ali at hussein.me.ke>* wrote:
>
>
> From: Ali Hussein <ali at hussein.me.ke>
> Subject: Re: [kictanet] [Skunkworks] Fwd: Kenya’s PKI Destined for Failure?
> To: lkimani at yahoo.com
>
> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
> Date: Thursday, March 21, 2013, 7:24 AM
>
>
> Adam +1
>
> And I give Brian the highest commendation for highlighting this issue. We
> must always try our level best to embrace the Multi-Stakeholder regime
> because as much as sometimes it sound like we are in the Tower of Babel
> ultimately the best solutions emerge (most of the time).
>
> Regards*
>
> Ali Hussein*
>
> *CEO, 3mice interactive media ltd*
>
> *Partner, Telemedia Africa Ltd
> *
>
>
>
> Tel: +254713601113
>
> Twitter: @AliHKassim
>
> Skype: abu-jomo
>
> LinkedIn: http://ke.linkedin.com/in/alihkassim<http://ke.linkedin.com/in/alihkassim>
>
> Blog: www.alyhussein.com
>
>
> On Thu, Mar 21, 2013 at 12:58 PM, Adam Nelson <adam at varud.com<http://mc/compose?to=adam@varud.com>
> > wrote:
>
> I think Brian's original point is well taken.  It's not ideal for a Korean
> government agency to hold such important keys.  However, Kenya can't just
> start its own key without at least a few years of lead time to get on a
> critical mass of browsers and operating systems by default (although it
> should start now just to get the ball rolling).  Finland and Turkey have
> CAs (although Turkey's was famously hacked with google.com signatures).
>
> I would suggest that the certificate authority for this be one of the most
> trusted and common commercial ones - Equifax.  That's what Google uses and
> because they're commercial, will probably be more responsive to the needs
> of the government than a Koren agency.
>
> -Adam
>
> https://twitter.com/varud
> https://www.linkedin.com/in/adamcnelson
>
>
> On Thu, Mar 21, 2013 at 12:32 PM, Kivuva <Kivuva at transworldafrica.com<http://mc/compose?to=Kivuva@transworldafrica.com>
> > wrote:
>
> Good points from Brian and Evans.
>
> I think the elephant in the room is CCK to be the Root Certification
> Authority. PPP as Brian puts it might be the best way to go, although it
> has its own challenges, as we saw last year when KENIC was facing
> leadership challenges, and discord within the board. Other channels might
> be to tender for local companies to bid to be the RCA. This has worked very
> well in developed countries.
>
> The issue of HR can be sorted if we are willing to empower our youth, by
> say Knowledge Transfer. Unfortunately, these Asians are not very keen
> in transferring such knowledge to the client side of the business since
> they want to be indispensable. But we can be forceful, and find ways to
> train people who will administer the NPKI system. We currently have
> thousands of security experts in the country, and we are willing to learn
> more.
>
> Kind Regards.
>
> --
> ______________________
> Mwendwa Kivuva
>
>
> _______________________________________________
> skunkworks mailing list
> skunkworks at lists.my.co.ke <http://mc/compose?to=skunkworks@lists.my.co.ke>
> ------------
> List info, subscribe/unsubscribe
> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
>
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
>
> -----Inline Attachment Follows-----
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/lkimani%40yahoo.com
>
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>



-- 
Dr. Warigia Bowman
Assistant Professor
Clinton School of Public Service
University of Arkansas
wbowman at clintonschool.uasys.edu
-------------------------------------------------
View my research on my SSRN Author page:
http://ssrn.com/author=1479660
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130321/67e8d220/attachment.htm>


More information about the KICTANet mailing list