Stefan Santesson Consultant, 3xA Security AB (http://aaa-sec.com) Born November 2, 1962 in Malmö, Sweden



Similar documents
National Security Agency Perspective on Key Management

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

Public Key Infrastructure (PKI)

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

SBClient SSL. Ehab AbuShmais

Digital Signatures in a PDF

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Key Management and Distribution

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

Making Digital Signatures Work across National Borders

SAFE Digital Signatures in PDF

NIST Test Personal Identity Verification (PIV) Cards

Public-Key Infrastructure

Using BroadSAFE TM Technology 07/18/05

Digital Certificates Demystified

Introduction to Network Security Key Management and Distribution

Trustis FPS PKI Glossary of Terms

Axway Validation Authority Suite

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

How To Understand And Understand The Security Of A Key Infrastructure

Securing VMware View Communication Channels with SSL Certificates TECHNICAL WHITE PAPER

XML Advanced Electronic Signatures (XAdES)

PKI - current and future

Optimized Certificates A New Proposal for Efficient Electronic Document Signature Validation

Signature policy for TUPAS Witnessed Signed Document

PKCS. PKCS: Public Key Cryptography Standards. Apple, Digital, Lotus, Microsoft, MIT, Northern Telecom, Novell, Sun

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

GT 6.0 GSI C Security: Key Concepts

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Applying Cryptography as a Service to Mobile Applications

PKCS. PKCS: Public Key Cryptography Standards

CS 356 Lecture 28 Internet Authentication. Spring 2013

Key Management and Distribution

An introduction to EJBCA and SignServer

Long term electronic signatures or documents retention

Binding Security Tokens to TLS Channels. A. Langley, Google Inc. D. Balfanz, Google Inc. A. Popov, Microsoft Corp.

Operating a CSP in Switzerland or Playing in the champions league of IT Security

A Noval Approach for S/MIME

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Part III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Real-World Post-Quantum Digital Signatures

encryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.

Introduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi

Welcome to cryptovision. cv cryptovision GmbH T: +49 (0) F: +49 (0) info(at)cryptovision.com

Electronic Signature. István Zsolt BERTA Public Key Cryptographic Primi4ves

Hungarian Electronic Public Administration Interoperability Framework (MEKIK) Technical Standards Catalogue

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

CERTIFICATION PRACTICE STATEMENT UPDATE

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict All rights reserved

Grid Computing - X.509

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

Configuring DoD PKI. High-level for installing DoD PKI trust points. Details for installing DoD PKI trust points

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

WiMAX Public Key Infrastructure (PKI) Users Overview

RECOMMENDATIONS for the PROCESSING of EXTENDED VALIDATION SSL CERTIFICATES January 2, 2014 Version 2.0

CALIFORNIA SOFTWARE LABS

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

OASIS Standard Digital Signature Services (DSS) Assures Authenticity of Data for Web Services

Microsoft Trusted Root Certificate: Program Requirements

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Overview. SSL Cryptography Overview CHAPTER 1

ETSI TS V1.1.1 ( ) Technical Specification

APNIC Trial of Certification of IP Addresses and ASes

Certification Authority. The X.509 standard, PKI and electronic documents. X.509 certificates. X.509 version 3. Critical extensions.

SSL Protect your users, start with yourself

Digital Signing without the Headaches

Danske Bank Group Certificate Policy

DEPARTMENT OF DEFENSE ONLINE CERTIFICATE STATUS PROTOCOL RESPONDER INTEROPERABILITY MASTER TEST PLAN VERSION 1.0

New CICS support for Secure Sockets Layer

StartCom Certification Authority

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

TeliaSonera Public Root CA. Certification Practice Statement. Revision Date: Version: Rev A. Published by: TeliaSonera Sverige AB

AlphaTrust PRONTO Enterprise Platform Product Overview

Federal PKI. Trust Infrastructure. Overview V1.0. September 21, 2015 FINAL

PAdES signatures in itext and the road ahead. Paulo Soares

DigiCert Certification Practice Statement

Digital Signature Verification using Historic Data

Alcatel OmniPCX Enterprise R11 Supported SIP RFCs

The Role of Digital Certificates in Contemporary Government Systems: the Case of UAE Identity Authority

Understanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012

Windows Server 2008 PKI and Certificate Security

RSA Digital Certificate Solution

Computer and Network Security. Outline

Certificate profile for certificates issued by Central Signing services

Certificate Path Validation

Transcription:

CV Stefan Santesson Consultant, 3xA Security AB (http://aaa-sec.com) Born November 2, 1962 in Malmö, Sweden Björnstorp 744 240 13 Genarp Sweden sts@aaa-sec.com Tel +46-767 861337 Skype: Razumain COMPETENCE PROFILE Internationally renowned expertise in the area of Internet Security, Public Key Infrastructure (PKI), electronic signatures, Authentication Authorization and Accounting (AAA), Identity Management (IdM), cryptographic protocols, Internet security protocols and related international standardization. BACKGROUND Stefan Santesson has 30 years of experience within the field of computer science and over 25 years of experience with Information Security, ranging from advanced crypto algorithm development to being CEO of an international information security organization. Stefan is very active and well positioned internationally in particular as chairman for the Internet Engineering Task Force (IETF) PKIX group, as selected member of the IETF Security Area Directorate and as contributor to European electronic identification and electronic signature standards. Most notably, Stefan is co-author of the most commonly deployed PKI standard RFC 5280. He is also the editor of the IETF Qualified Certificate standard RFC 3739 as well as the European Qualified Certificate standard ETSI TS 101 862 and co-author of the European Certificate Policy for issuers of Qualified Certificates TS 101 456. NOTABLE POSITIONS IN THE STANDARDS COMMUNITY Chairman for the IETF PKIX group, since July 2006 (http://ietf.org/html.charters/pkixcharter.html ) Member of the IETF Security Area Directorate, since March 2006 SUMMARY OF AUTHORED IETF STANDARDS RFC 3709, standard profile for Qualified Certificates. Published in January 2001 (http://tools.ietf.org/html/rfc3039) RFC 3709, standard for logotypes in X.509 Certificates. Published in January 2004 (http://www.ietf.org/rfc/rfc3709.txt) RFC 3739, standard profile for Qualified Certificates. Published in March 2004, replacing RFC 3039 (http://www.ietf.org/rfc/rfc3739.txt) and (http://www.ietf.org/rfc/rfc3039.txt) RFC 4262, standard for S/MIME Capabilities in X.509 Certificates. Approved by IETF June 2005 (http://www.ietf.org/rfc/rfc4262.txt) RFC 4325, standard for CRL signer certificate discovery using the Authority Information Access extension. (http://www.ietf.org/rfc/rfc4325.txt) RFC 4680, TLS Handshake Message for Supplemental Data (http://www.ietf.org/rfc/rfc4680.txt) RFC 4681, standards for the TLS User Mapping Extension. (http://www.ietf.org/rfc/rfc4681.txt) RFC 4985, standard for a Subject Alt Name for Service Resource Records in X.509 certificates. (http://www.ietf.org/rfc/rfc4985.txt)

RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (http://tools.ietf.org/html/rfc5280) RFC 5758, Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA. Published January 2010 (http://tools.ietf.org/html/rfc5758). RFC 5816, ESSCertIDv2 Update for RFC 3161(time stamping standard). Expected publication April 2010. CONTRIBUTION TO PUBLIC STANDARDS Co-Author of Swedish standards for electronic ID-Cards SS-614330 Electronic ID Application, SS-614331- Electronic ID Certificate and SS-614332 Electronic ID Card Swedish profile. Published 1998 Author of the SEIS S-10 standard policy for issuing of electronic ID-cards. Published June 1998 Author of Internet RFC 3039, standard for Qualified Certificates. Published in January 2001 Author of ETSI TS 101 862 Version 1.1.1, European Standard for Qualified Certificates. Published in January 2001 Co-Author of ETSI TS 101456, Policy requirements for certification authorities issuing qualified certificates. Published January 2001 Author of Internet RFC 3709, standard for logotypes in X.509 Certificates. Published in January 2004 Author of Internet RFC 3739, revised standard profile for Qualified Certificates. Published in March 2004 Author of ETSI TS 102 280 Version 1.1.1, X.509 V.3 Certificate Profile for Certificates Issued to Natural Persons, European interoperability standard, Published March 2004 Author of ETSI TS 101 862, revised version 1.3.1, European Standard for Qualified Certificates. Published in March 2004 Author of IETF standard for S/MIME Capabilities in X.509 Certificates. Approved by IETF June 2005 Co-author of Internet RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, successor of RFC 3280. Published in May 2008. Author of IETF standard for CRL signer certificate discovery using the Authority Information Access extension. Approved by IETF August 2005. RFC 4325 Author of IETF standard for a Subject Alt Name for Service Resource Records in X.509 certificates. Ongoing task within the IETF PKIX group. RFC 4985 Author of IETF standard for a TLS User Mapping Extension. RFC 4680 and 4681. Author of IETF standard for Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA, RFC 5758, Published January 2010. Author of ESSCertIDv2 update for RFC 3161, RFC 5816 Author of Internet X.509 Public Key Infrastructure: Certificate Image (draft-ietf-pkix-certimage) Author of OCSP Algorithm Agility (draft-ietf-pkix-ocspagility) Author of Transport Layer Security (TLS) Cached Information Extension draft-ietf-tls-cachedinfo) Author of Channel binding for HTTP Digest Authentication (draft-santesson-digestbind) 2

SIGNIFICANT ASSIGNEMTS 3XA SECURITY (2009-) E-delegationen, A strategy for Swedish government agencies provision of e-services - SOU 2009:86. Providing the technical content of the strategy for electronic identification and support of electronic signatures (elegitimationer) - http://www.edelegationen.se/node/254 Invited expert by the European Commission to the High level experts consultation meeting on an electronic identity management infrastructure for a trustworthy information society, October 2009. Invited Speaker at the RSA Europe 2009 conference - Fostering Electronic Signature Interoperability in Europe - Panelists: Reinhard Posch, CIO, Government of Austria; Gerard Galler, Policy Officer, European Commission; Riccardo Genghini, Chair, ETSI, TC/ESI; Stefan Santesson, chair, IETF PKIX. Expert witness representing BBS (Bankernas Betalningssentral) in Norway in patent case trial, Oslo, January 2010. MICROSOFT CORPORATE, REDMOND USA (2004-2009) Principal Consultant, Microsoft Security Center of Excellence (July 2004 - April 2005) Senior Program Manager, Windows Security - Standards (April 2005 February 2009) MICROSOFT DENMARK, PRINCIPAL CONSULTANT (2003-2004) Editor of QuEST The Qualified Electronic Signatures Tutorial, produced under the EMEA Trustworthy Computing team as guidance for implementation of Qualified Electronic signatures, according to the European Union Directive on electronic signature. Delivery to the PKI product group: A full inventory of the wide range of X.509 certificate extensions, attributes and options supported by MS CAPI. April 2004. Delivery to the PKI product group: Delta specification between public PKI standards and MS CAPI processing of X.509 certificate chains (path processing). Delivery to the PKI product group: Implementation specification for X.509 certificate processing in the Longhorn version of MS CAPI. June 2004. ADDTRUST, MALMÖ SWEDEN (2000-2003) CEO for at most 64 employees (January 2000 - July 2000) Executive VP and member of the board (July 2000 - January 2003) 3

ACCURATA SYSTEMSÄKERHET, CONSULTANT 1992-1999 Co-author of the requirement specification for the Swedish Allterminal procurement (the first official European procurement of an integrated SmartCard and PKI based security solution), executed by Swedish Police, Swedish Tax board, RFV (Government body for Social Insurance) and the Swedish Agency for Administrative development. 1992 Consultant within the Allterminal procurement evaluation and selection process (as above), 1993 Editor of the Swedish Allterminal specifications (post procurement specifications for interoperability purposes), 1993-1994 Consultant at the introduction of the Allterminal concept at the Swedish Police., 1993 1994 Consultant at the introduction of the Allterminal concept at the Swedish tax board. 1994-1995 Consultant at the introduction of the Allterminal concept at RFV Sweden, 1994-1995 Co-author of the joint banking proposal for a common electronic purse system, Issued by Kontocentralen, 1995 Editor of the technical requirements of the security protocol for the procurement of the Stockholm road toll system, 1995 Technical evaluator of tenders within the Stockholm road toll procurement, 1995 Editor of the first electronic ID-card specification written by the joint banking/industry project Strategic cooperation for an electronic ID-card, 1995 Member of the steering board that founded the Swedish SEIS-organization (Secured Electronic Information In Society, founded by members of the Banking, Industrial, Government, Military and Educational sectors) as a continuation of the Allterminal project, 1995 Responsible for security issues at the EU-commission SONAH project (preparatory work for the ACTS and INFOWIN program), 1995 Contributor to the SEIS Certificate specification SEIS S3, 1996-1998 Contributor to the SEIS Card specification SEIS S1, 1996-1998 Project leader for SEIS regulations group, 1997-1998 Author of SEIS Certificate policy SEIS S10 for certificates related to Swedish national electronic ID-cards, 1998 Assistant project leader of Sweden Post CA-project, including development of the Sweden Post electronic ID-card concept 1997-1998 Project leader and author of the Swedish Single Face to Industry (SFTI) recommendation on a security standard for secure EDI over Internet, 1999 Author of a proposal for a general PKI structure within the Swedish health care, issued by the healthcare project SITHS-CA, 1999-2000 Initiator and lead editor of the IETF/PKIX standard RFC 3039, Certificate profile for Qualified Certificates, 1998-2000 Editor of the European standard for Qualified Certificates (ETSI standard TS 101862) and Task leader for ETSI STF 155 Task 3. Standard was developed by ETSI (European Telecom Standards Institute) in response to the European electronic signature directive by the Commission of the European Union, 1999 2000 Co-Editor of the European ETSI standard for Certificate Policies for Certification Service Providers issuing Qualified Certificates. 1999 2000 4

EMPLOYMENTS (REVERSE CHRONOLIGAL ORDER) Independent Consultant and founder/owner of 3xA Security AB Senior Program Manager for Security Standards at Microsoft Windows Security February 2009 - Current April 2005 February 2009 Consultant at Microsoft Security Center of Excellence July 2004 - April 2005 Program Manager in Microsoft Windows Security division January 2004 June 2004 Principal Consultant at Microsoft Denmark June 2003 June 2004 Independent Information Security Consultant and Manager/Owner of consultancy company Retrospekt AB January 2003 June 2003 Executive VP & CTO of AddTrust AB July 2000 January 2003 Founder and CEO of AddTrust AB, A European PKI service company with a global branding strategy. Independent Information Security Consultant and Manager/Owner of the consulting company Accurata Systemsäkerhet AB Cryptologist and R&D manager and co-founder of, SecuriCrypto AB, Crypto solutions company, provider of crypto solutions to the Banking industry and Defense industry in Sweden. Manager of Swedish Infotech in Malmö, Retail store for computers and peripherals Military Service within the field of communication and cryptography, Swedish Armed Forces Computer software and hardware engineer at Datahuset i Malmö AB, A local computer store in Malmö Sweden January 2000 June 2000 August 1992 December 1999 March 1984 August 1992 July 1983 March 1984 June 1982 July1983 August 1979 June 1982 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information