4th CACR Information Security Workshop
Bill Poletti ,MasterCard International
Business Requirements for CA Evaluations
To establish a high level of trust in a globally deployed PKI, it is
necessary to make sure all of the supporting infrastructure meets a basic
level of security surrounding protection of the private keys and systems
operation. MasterCard created and refined security requirements to establish
a basic level of security and trust in SET transactions. These
requirements are aimed at the critical platforms in SET - the certificate
authorities and payment gateways. The presentation reviews both these
requirements and the experience in reviewing compliance.
The SET specification relies heavily on the X.509 certificate structure.
In its deployment, a problem with digital signatures, confirmed by industry
leaders deploying other PKIs, that has a long-term impact on the use of the
existing structure will also be covered.
Bill started his career in data processing in the financial sector. Within
a few months, he was named Director of MIS at a St. Louis bank. Bill joined
MasterCard in 1987 as Manager of Member Implementation, a technical support
group. He later joined the Electronic Commerce group and was directly
responsible for creating the specification for secure electronic commerce
ultimately resulting in SET.
Bill is currently in MasterCard's Information Security group and is
responsible for cryptographic support and architecture and support for
MasterCard applications, and for reviewing security for SET deployments
under the MasterCard and Maestro brands. Bill also is a member of the
SETCo Root management team.