1 / 10

PKIX Interoperability Workshops

PKIX Interoperability Workshops. Mark C. Davis davismc@us.ibm.com. PKIX. IETF Standard Built on X.509 and previous work Profile Protocols. PKIX Profile. RFC 2459 PKI Architecture What is in a certificate How do you verify it How do you revoke it. D i r e c t o r y. EE. RA.

tejano
Download Presentation

PKIX Interoperability Workshops

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PKIX Interoperability Workshops Mark C. Davis davismc@us.ibm.com

  2. PKIX • IETF Standard • Built on X.509 and previous work • Profile • Protocols

  3. PKIX Profile • RFC 2459 • PKI Architecture • What is in a certificate • How do you verify it • How do you revoke it D i r e c t o r y EE RA CA CA

  4. PKIX Protocols • Request • CMP – Certificate Management Protocol • CMC – Certificate Management using CMS • Operational • LDAP • HTTP, FTP • Verification • OCSP • Algorithm • ECC

  5. Reference Implementations • IBM/Lotus “Jonah” implementation • http://www.mit.edu/pfl • NIST MISPC • Minimum Interoperability Specifications for PKI Components • http://csrc.nist.gov/pki/mispc/refimp/referenc.htm

  6. Interoperability Workshops • This is harder than it looks • Vendor safe atmosphere • Rules or Gentlemen’s agreements • Press and Marketing not invited • Technical focus • Determining test cases first major work • Developers fix code on the spot • Communications • Correct Participants

  7. Workshop Logistics • Face to face communications • Conference room or Hotel meeting room • Local Network LDAP Server Test Machines Internet Network Server

  8. Virtual Workshop Logistics • Chat server supplemented mailing list • LDAP Server on Internet • Traffic on Internet Test Machines LDAP Server Internet Chat (Irc) Server

  9. What we found • Different implementation strategies • Each group had different priorities • Prep work included agreement on common features • Ambiguities in specification • Input to revisions to RFC2459 • Revised CMP underway • Improvements to the protocol • CMP improvements • Virtual Workshops actually work • Based on earlier face to face progress

  10. Questions

More Related