SunSpec Alliance and SecureG Webinar Announcement: 2030.5 PKI Rollout Updates: Recap
The SunSpec & SecureG 2030.5 PKI webinar focused on the rollout and updates of the SunSpec Public Key Infrastructure (PKI). SunSpec Chairman, Tom Tansy, provided an overview of IEEE 2030.5 adoption emphasizing the role of PKI in establishing mutual authentication and trust within the ecosystem. Damon Kachur from SecureG provided an extensive overview of SecureG, including its partnership with the SunSpec Alliance, the development of a next-generation PKI service for the Alliance, and the expansion of SecureG’s security solutions to critical infrastructure assets.
Damon delivered a comprehensive update on the PKI for SunSpec, covering the completion of the Certificate Policy Statement (CPS), the development of APIs for the SunSpec PKI Service Center, and the upcoming signing of the Root CA.
Sean Turner discussed his involvement in NIST post-quantum committees and the development of certificate policy, highlighting the many complexities of the process.
The Q&A session focused on the process for manufacturers to request and download certificates, as well as the requirements for manufacturers to create cryptographic material and certificates themselves.
The discussion also delved into the logistics of installing certificates associated with different Root CAs on existing devices and explored the potential for having federated routes. SunSpec and SecureG also plan to hold an update webinar later in the fall to share more information. Tom Tansy emphasized the importance of SunSpec Certification in ensuring interoperability and trust within the ecosystem.
5 Key Takeaways from the Q&A:
1. Improved Interoperability and Certification:
The SunSpec Certification process for companies participating in the 2030.5 DER ecosystem is crucial. It involves vetting manufacturers and collecting necessary data to ensure trust and compliance.
2. SunSpec Certification Registry:
The SunSpec Certification Registry plays a vital role in maintaining a trusted ecosystem by providing necessary information about certified devices to controlling entities.
3. Longevity and Certificate Revocation:
Per IEEE 2030.5, PKI certificates never expire and compromised entities or devices are handled through the use of white-lists.
4. Post-Quantum Cryptography:
The field of post-quantum cryptography is still in its early days, with standard selections yet to be finalized. Organizations like the Internet Research Task Force (IRTF) and its Thing to Thing Research Group (T2TRG) are actively working on IoT security for the future, including considerations for post-quantum security.
5. Clarification on LFDI:
The LFDI (Logical Device Fingerprint Identifier) is a hash representing a fingerprint of the device certificate, not the root certificate. This distinction is important for understanding device security and identification.
Meet the Speakers
![](https://sunspec.org/wp-content/uploads/2024/05/Damon-Kachur_SecureG.webp) |
Damon Kachur
Damon joined the SecureG team in September 2023. For over the past twenty-years, he has focused exclusively on cyber security with an emphasis on IoT PKI ecosystems and threat intelligence for mobile and fixed- line networks. During the first part of his career with VeriSign and Symantec, he was responsible for over 1B IoT devices and 350M subscribers for parental control and threat intelligence services. He has spent time with Sectigo, PrimeKey – Keyfactor and Utimaco during his career. Damon has spoken at a variety of security conferences and is a regular panel participant at cyber security events worldwide. Mr. Kachur is co-author of US Patent 10560448 – One-touch secure on-boarding of OOB IoT devices. He holds a B.S degree in Business Management and Administration from the Eberhardt School of Business at the University of the Pacific in Stockton, CA.
|
![](https://sunspec.org/wp-content/uploads/2024/05/3.jpg) |
Sean Turner
Sean has been involved in the IETF since IETF 34 and has authored or co-authored over 50 RFCs. From March 2007 to March 2014, Sean served on the IESG as the IETF Security Area Director. Prior to being appointed to the IESG, Sean was chair of the SMIME and XMPP WGs. Currently, Sean is chair of the TLS, MLS, and WPACK WGs.
He is founder of sn3rd llc, which focuses on policy, design, and implementation of security solutions, and is author of the Implementing Email and Security Tokens: Current Standards, Tools, and Practices (John Wiley and Sons, 2008).
He has served on the Internet Society’s Board of Trustees as an IETF appointee from 2014-2020. On the Board, he has been a member of the Compensation, Elections, Executive, Finance, Governance, Nominations, and PIR Nomination Committees as well as serving a Treasurer from 2015-2019.
|