1 / 17

PKI Future Directions

PKI Future Directions. 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981. Outline. Background Privilege Management Certification Status Management Protocols Legal and Policy Applications. Digital Signing.

jacqui
Download Presentation

PKI Future Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981

  2. Outline • Background • Privilege Management • Certification Status • Management Protocols • Legal and Policy • Applications

  3. Digital Signing • A one-way hash function is used to create a hash of the data to be signed • A digital signature is cryptographic transformation of the hash value and the signer’s private key Hash Sign HashValue SignatureValue OriginalMessage OriginatorPrivate Key

  4. X.509 Certificate Format VERSION v1 or v2 or v3 12345 SERIAL NUMBER RSA with SHA-1 SIGNATURE ALGORITHM C=US, S=VA, O=RSA Labs ISSUER 1/1/01 - 1/1/02 VALIDITY C=US, S=VA, O=RSA LabsCN=Russell Housley SUBJECT SUBJECT PUBLICKEY INFO RSA, 48...321 ACBDEFGH ISSUER UNIQUE ID RSTUVWXY SUBJECT UNIQUE ID EXTENSIONS SIGNATURE

  5. X.509 CRL Format v1 or v2 VERSION SIGNATURE ALGORITHM RSA with SHA-1 C=US, S=VA, O=RSA Labs ISSUER 11/25/01 LAST UPDATE 12/2/01 NEXT UPDATE REVOKEDCERTIFICATES CRL EXTENSIONS SIGNATURE SEQUENCE OF 12345 SERIAL NUMBER 9/27/01 REVOCATION DATE CRL ENTRY EXTENSIONS

  6. Privilege Management • Extensions allow arbitrary information to be bound to the subject identity • Should only include an attribute in the identity certificate if it meets two criteria • The CA is authoritative for the attribute • The expected lifetime of the attribute will not increase the likelihood of revocation • When these criteria cannot be met, then an attribute certificate should be used instead

  7. Attribute Certificate VERSION v1 or v2 C=US, S=VA, O=RSA Labs HOLDER ISSUER C=US, S=VA,O=RSA Labs, OU=IT RSA with SHA-1 SIGNATURE ALGORITHM SERIAL NUMBER 123456789 11/29/01 - 11/30/01 VALIDITY ATTRIBUTES ISSUER UNIQUE ID EXTENSIONS SIGNATURE SEQUENCE OF { 2 5 4 72 } (role) ATTRIBUTE TYPE SET OFATTRIBUTE VALUES Administrator

  8. Linking Identity Certificatesand Attribute Certificates • The attribute certificate holder field is a pointer to an identity certificate • Two techniques: • Matching subject – Links to any identity certificate for that subject • Matching issuer / serial number pair – Links to a particular certificate

  9. Certificate Status • Certificate Revocation Lists (CRLs) • Delta CRLs • Sliding Window Delta CRLs • Indirect CRLs • Online Certificate Status Protocol (OCSP) • RFC 2560 • Client must build certification path • Irrevocable trust in OCSP responder • Delegated Path Validation • Simple Certificate Validation Protocol (SCVP) • draft-ietf-pkix-scvp-06, July 2001 • Server builds path and validates it for the client • Irrevocable trust in SCVP responder

  10. Sliding Window Delta CRLs In this example, one can fetch the smaller DeltaCRL if the cache is current within 36 hours.

  11. Indirect CRLs Hierarchical PKI In this example, one can validate the Indirect CRL once, caching information about all of the CAs in the hierarchy. Each certificate issued to a CA contains a CRL Distribution Points extension that points to the Indirect CRL.

  12. OCSP Response VERSION v1 C=US, O=RSA, CN=OCSP1 RESPONDER ID 20011129094500Z PRODUCED AT id-MD5, A5CF3378E4BB0012,ED3556A790CC34FF, 2560 CERTIFICATE ID Good CERTIFICATE STATUS 20011129080000Z THIS UPDATE NEXT UPDATE 20011130080000Z http://pki.rsa.com/20011129.crl SINGLE EXTENSIONS Nonce = 48 RESPONSE EXTENSIONS SIGNATURE

  13. SCVP Architecture OCSPResponder X.500Directory Certificate SCVPResponder Client LDAPDirectory Yes / No Other …

  14. Management Protocols • Too many choices … • PKCS #10 [RFC 2314] • Certificate Request Message Format [RFC 2511] • Certificate Management Protocol (CMP) [RFC 2510] • Certificate Management using CMS (CMC) [RFC 2797] • Simple Certificate Enrollment Protocol (SCEP) [Cisco] • Need simple, straightforward enrollment • Enable your grandparents to get a certificate and send digitally signed electronic mail … • Yet, allow face-to-face registration for high-value electronic commerce • Qualified Certificates [RFC 3039]

  15. Legal and Policy • Electronic Signatures in Global and National Commerce Act (E-Sign) • Health Insurance Portability and Accountability Act (HIPAA) • Government Paperwork Elimination Act (GPEA) • European Directive 1999/93/EC • Qualified certificates required • American Bar Association is updating RFC 2527 • Certificate Policy and Certification Practices Framework

  16. Applications • Signed documents • ETSI Electronic Signature Format [RFC 3126] • Electronic signature policies [RFC 3125] • XML Digital Signatures [RFC 3075] • Time stamping servers • Time-Stamp Protocol (TSP) [RFC 3161] • Wireless Applications Protocol (WAP)

  17. For More Information Russ Housleyrhousley@rsasecurity.com+1 703 435 1775 www.rsasecurity.com/rsalabs

More Related