PKCS #9 v2.0 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

Slides:



Advertisements
Similar presentations
A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Advertisements

PKCS-11 Protocol for Enterprise Key Management
Hash Function Firewalls in Signature Schemes Burt Kaliski, RSA Laboratories IEEE P1363 Working Group Meeting June 2, 2000 (Rev. June 8, 2000)
XML Encryption and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
LDAP / HPD mapping to Provider Directory Data Elements
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006.
PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Web Data Management XML Schema. 2 In this lecture XML Schemas Elements v. Types Regular expressions Expressive power Resources W3C Draft:
Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;
RFC 3039 bis Qualified Certificates Profile Changes from RFC 3039.
C++ Object Oriented 1. Class and Object The main purpose of C++ programming is to add object orientation to the C programming language and classes are.
LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.
S/MIME Freeware Library IETF S/MIME WG 13 December 2000 Getronics Government Solutions.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Abstract Syntax Notation ASN.1 Week-5 Ref: “SNMP…” by Stallings (Appendix B)
Initial Keying for KeySec John Viega, Russ Housley
HTTP Extension Framework Name: Qin Zhao Id:
IS511 Introduction to Information Security Lecture 4 Cryptography 2
RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.
LDAP Items
Computer Science and Engineering The Ohio State University  Widely used, especially in the opensource community, to track all changes to a project and.
XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
Operating Systems COMP 4850/CISG 5550 File Systems Files Dr. James Money.
AuthenticationAccess Management Developer Solutions Digital Signatures The profile of PKCS #11 v2.11 for mobile devices Magnus Nyström PKCS Workshop April.
Ken Asnes RSA Laboratories July 2001
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
29 October 2001Terena TF-LSD1 Certificate Retrieval With OpenLDAP David Chadwick.
Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.
PKCS #5: Password-Based Cryptography Standard
Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
KeyProv PSKC Specification Philip Hoyer Mingliang Pei Salah Machani 74 nd IETF meeting, San Francisco Nov
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
PKCS #5 v2.0: Password-Based Cryptography Standard
Creating Java Applications (Software Development Life Cycle) 1. specify the problem requirements - clarify 2. analyze the problem - Input? Processes? Output.
SCVP-28 Tim Polk November 8, Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.
SCEP Simple Certificate Enrollment Protocol.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Protection of Personal Information Act An Analysis on the impact.
1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.
1 Data Organization Example 1: A simple text editor –Store the text buffer as a list of lines. –How would we implement the UNDO operation? Example 2: Parsing.
Jaringan Telekomunikasi, Sukiswo ST, MT Sukiswo
RSA Laboratories’ PKCS Series - a Tutorial
RSA Laboratories’ PKCS Series - a Tutorial
ERS to XML Introduction to ERS syntax in XML format
Cryptography and Network Security
Magnus Nystrom RSA Laboratories PKCS Workshop, 1999
Dept. of Computer Science and Engineering
Security Services for
S/MIME T ANANDHAN.
RSA Laboratories’ PKCS Series - a Tutorial
Stephen Burke egi.eu EGI TF Prague September 20th 2012
Presentation transcript:

PKCS #9 v2.0 Magnus Nyström RSA Laboratories PKCS Workshop, 1999

Background Historically, PKCS #9 has specified selected attributes They have been used in PKCS #6, PKCS #7 and PKCS #10 With increasing popularity for LDAP-accessible directories, more attributes (and a supporting object class) were needed

Overview of differences from v1: Two new (auxiliary) object classes: –pkcsEntity –naturalPerson New attributes for use with these classes (e.g. “pseudonym”) Some other new attributes: –Random nonce –Sequence number

Overview of differences, cont.. Some older attributes have been updated (DirectoryString, internationalization) “Compilable” ASN.1 module included Collected undocumented OIDs and attributes defined elsewhere BNF Schema summary included for easier integration in LDAP services

The pkcsEntity object class pkcsEntity OBJECT-CLASS ::= { SUBCLASS OF {top} KIND auxiliary MAY CONTAIN {PKCS9AttributeSet} ID pkcs-9-oc-pkcsEntity }

The PKCS9AttributeSet PKCS9AttributeSet ATTRIBUTE ::= { userPKCS12 | pKCS15Token | encryptedPrivateKeyInfo, …}

The userPKCS12Attribute Intended to store PKCS #12 PFX PDUs in directories Multi-valued

The pKCS15Token attribute Intended for storage of PKCS #15 soft-tokens in directories (once such tokens are defined in PKCS #15…) Multi-valued

The encryptedPrivateKeyInfo attribute Intended for storage of simple encrypted private keys in directories Note: No (explicit) integrity check! Multi-valued

The naturalPerson object class naturalPerson OBJECT-CLASS ::= { SUBCLASS OF {top} KIND auxiliary MAY CONTAIN {NaturalPersonAttributeSet} ID pkcs-9-oc-naturalPerson }

The NaturalPersonAttributeSet NaturalPersonAttributeSet ATTRIBUTE ::= { Address | unstructuredName | unstructuredAddress | pseudonym | dateOfBirth | placeOfBirth | gender | countryOfCitizenship | countryOfResidence, …}

The pseudonym attribute Useful attribute in distinguished names for anonymous (at least in some sense) certificates Intended to be used in IETF’s qualified certificates Multi-valued (?)

The dateOfBirth attribute Specifies the date of birth Intended to be used in IETF’s qualified certificates Single-valued...

The placeOfBirth attribute DirectoryString Intended to be used in IETF’s qualified certificates Single-valued...

The gender attribute Printable string (‘M’ or ‘F’) Intended to be used in IETF’s qualified certificates Single-valued

The countryOfCitizenship and countryOfResidence attributes Printable strings (ISO 3166) Intended to be used in IETF’s qualified certificates Multi-valued

Other new attributes randomNonce: For use in conjunction with signatures to prevent replay attacks. Especially when no signingTime is available. sequenceNumber: For the same use. Similar to numbering your checks.

Modified (extended) old attributes unstructuredName, unstructuredAddress, challengePassword, signingDescription: Syntax now extended to allow internationalization (implementations SHOULD use old syntax if possible) signingTime: updated to be in accordance with S/MIME

Time schedule If you have any comments - please give them on or before October 25th. Expect third draft early in November, for a short (2 w) review period (unless major changes) v2.0 to be published in late November /early December 1999.

Comments & Suggestions Please send comments to or