130 likes | 251 Views
Using Personal Certificates. Jeff D’Angelo Jeremy Hill Network of People, Jan 6, 2005. Our role. Not a formal ITS or Penn State project No support from ITS helpdesks We present this material today not as an authority but as peer Personal Certificate programs are global
E N D
Using Personal Certificates Jeff D’AngeloJeremy Hill Network of People, Jan 6, 2005
Our role • Not a formal ITS or Penn State project • No support from ITS helpdesks • We present this material today not as an authority but as peer • Personal Certificate programs are global • We are selfish – we want more points • Our selfishness helps you
What types of certificates exist? • Server • Personal • Code-signing • Others (client, etc.)
How are certificates useful? • Certificates are a means of placing trust in an unknown/unverified party • Can validate authenticity of peer/server in SSL/TLS communication (HTTPS, etc) • Can encrypt/sign email (S/MIME) • Can sign (validate) documents (PDF) • Can sign executable code • Client Authentication (VPN, HTTP, etc)
Methods of assuring identity • Single assurance from Certificate Authority • PGP Web of Trust (WoT) model • Hybrid CA + Web of Trust model
How hybrid model works • Community based effort assuring identity of peers • Web-based point system keeps track of assurances received and given • No single point of assurance failure • Single path to verify new certificates
Hybrid Web of Trust CAs • Thawte • Trusted in most clients today • FREE for personal certificates • CAcert • Server and Code-signing also FREE • Requires root certificate installation in most clients today
Getting started • 1) Apply for account with Thawte (or CAcert) • 2) Get points via assurances • At 50 points, your certificates are trusted • At 100 points, you become a WoT notary • 3) Give assurances to help the community • The more you give, the more points you can give • Start at giving max 10 points and work towards 35 max
Assurance process • Meet notary/assuror in person • Provide proof(s) of identity matching account information (e.g., driver’s license #, passport #) • Notary/assuror makes copy of id proofs • Both sign a document attesting assurance • Notary/assuror grants points to the assertion online • Notary/assuror keeps documentation secure and may produce to CA if audited
Demos • Jeff • Applying for Thawte Personal Certificates • Downloading certificate into email client • Signing, verifying email • Jeremy • Installing certificate into Adobe PDF • Signing PDF documents
S/MIME E-Mail client support • Mozilla Mail and derivatives (e.g., Thunderbird) – Good • MS Outlook and Outlook Express – Good • Eudora – Poor • Pine – Poor • Apple Mail – Decent
Conclusion • Summary • Q & A • Thawte and CAcert assurances given during break
References • Thawte Personal Certificates: http://thawte.com/email/ • CAcert Personal Certificates: http://cacert.org/