1 / 12

Web-based Integrated CA services Protocol, ICAP draft-sakurai-pkix-icap-00.txt

Web-based Integrated CA services Protocol, ICAP draft-sakurai-pkix-icap-00.txt. Mine Sakurai (NEC) Hiroaki Kikuchi (Tokai Univ) Hiroyuki Hattori (Meiji Univ) Yoshiki Sameshima (ICAT) Hitoshi Kumagai (ICAT). Summary. ICAP provides typical CA services for applications online

rupert
Download Presentation

Web-based Integrated CA services Protocol, ICAP draft-sakurai-pkix-icap-00.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web-based Integrated CA services Protocol, ICAPdraft-sakurai-pkix-icap-00.txt Mine Sakurai (NEC) Hiroaki Kikuchi (Tokai Univ) Hiroyuki Hattori (Meiji Univ) Yoshiki Sameshima (ICAT) Hitoshi Kumagai (ICAT) 42nd IETF PKIX WG

  2. Summary • ICAP provides typical CA services for applications online • We propose the ICAP as a CA service protocol, because it is; • compact and easy to implement and use • based on HTTP and adaptable to the existing network environment • includes CA-CA communication on the supposition of a CA hierarchy and is scalable 42nd IETF PKIX WG

  3. ICAP features • subset of typical CA services for applications online • certificate issuing • certificates retrieval • CA certificates retrieval • CRLs retrieval • certificate validation checks • certificate revocation • certificate updating 42nd IETF PKIX WG

  4. ICAP features (2) • based on HTTP • based on an original CA model • including CA-CA protocols • an application just throws a query to a neighboring CA then gets a response • the neighboring CA forwards the query to another CA as required • assuming CA hierarchy for certificates retrieval • using X.509 V3 extension fields for CRLs retrieval, CA certificate retrieval and certificate validation checks 42nd IETF PKIX WG

  5. CA model and services certreq revokereq updatereq CA RA IA lookupreq calookupreq crlreq verifyreq VA PA VA PA 42nd IETF PKIX WG

  6. ICAP implementation • ICAT has both ICAP-compliant CA software and ICAP-compliant S/MIME E-mail system software • Supporting RSA and Matsushita’s Elliptic Curve Cryptosystems, My-Ellty, for public key algorithm • ICAP is used by the medical community in a S/MIME E-mail system 42nd IETF PKIX WG

  7. Correspondence to existing PKIX drafts ICAP Certificate Management Protocol certreq lookupreq calookupreq crlreq verifyreq revokereq updatereq CMP OPP(HTTP) Operational Protocols WebCAP WEB based CA Access Protocol OPP(LDAP) Online Certificate Status Protocol OCSP 42nd IETF PKIX WG

  8. What is the goal? • New PKIX draft ? • Partial contribution to existing PKIX drafts? 42nd IETF PKIX WG

  9. Additional slides 42nd IETF PKIX WG

  10. Example % telnet cahost1 80 Trying 123.16.5.41 … Connected to cahost1. Escape character is ‘^]’. POST /cgi-bin/lookupreq HTTP/1.0 Content-length: 41 EmailAddress=alpha@abc.nec.co.jp&Latest=1 HTTP/1.1 200 OK Date: Sat, 25 Oct 1997 09:34:17 GMT Content-Type: text/plain lookupreq 200 accept your request MIIDmTCCA….. request response 42nd IETF PKIX WG

  11. What is ICAT ? • Initiatives for Computer Authentication Technology(1995--1998) • Industry-university cooperative research project • The purpose is to establish a technology of authentication adopting cryptography • especially focused on CA • development for experiment 42nd IETF PKIX WG

  12. Background • Conclusion of the ICAT activities • development of a protocol between CA and application, including CA-CA communication • Second proposal from ICAT to PKIX WG • initial draft, draft-kikuchi-web-repository-00.txt (1997) has expired • improvement of the specification through a sample implementation 42nd IETF PKIX WG

More Related