Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Slides:

Advertisements

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

Advertisements

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

A responsibility based model EDG CA Managers Meeting June 13, 2003.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

1 Lecture 13: Public Key Infrastructure terms PKI trust models –monopoly with registration authorities with delegated certificate authorities –oligarchy.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Report on Attribute Certificates By Ganesh Godavari.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Configuring Active Directory Certificate Services Lesson 13.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

1 Lecture 11 Public Key Infrastructure (PKI) CIS CIS 5357 Network Security.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Bridge Certification Architecture A Brief Demo by Tim Sigmon and Yuji Shinozaki June, 2000.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Security in ebXML Messaging CPP/CPA Elements. Elements of Security P rivacy –Protect against information being disclosed or revealed to any entity not.

Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Building trust on the internet Extending Attribute Protocols for Status Management and “Other Things” Patrick Richard, Xcert International.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

Creating and Managing Digital Certificates Chapter Eleven.

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004 Stefan Kotes, Engineering Manager.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Document update - what has happened since GGF11

Cryptography and Network Security

Authentication Applications

Security in ebXML Messaging

CS 465 Certificates Last Updated: Oct 14, 2017.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

Presentation transcript:

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

2 Overview Existing PKI practices Delegated path processing Cross-domain delegated validation Implications and future directions Conclusions

3 Existing PKI Practice: CRLs Original assumptions Online, untrusted Directory as repository Intermittent inter-site connectivity Trusted authorities (CAs) kept off-line Path discovery & validation is client- based, using data from repository and messages Limitations include timeliness, large volumes of data to manage and transport

4 Traditional PKI Clients do all the work Client PKI Client Application Path Discovery Status Resolution Certificate Processing Cert OK? Find Path Path Certs Cert status? Y/N Yes / No CRLs Trusted CAs Policies Path Verification Path OK? Y/N Repository

5 Existing PKI Practice: OCSP OCSP is seeing widespread adoption CAs delegate to OCSP responders that provide signed revocation information Designed to enable migration from CRLs Preserves client-based processing model, many semantics Allows improved timeliness Scope constrained to revocation status, not full validation of certificates or paths

6 Online Certificate Status Clients no longer have to manage status Client PKI Client Application Certificate Processing Cert OK? Yes / No Trusted CAs OCSP Server Repository Certs CRLs Policies Path Discovery Status Resolution Find Path Path Status? Good / not Path Verification Path OK? Y/N

7 DPD Server Delegated Path Discovery Clients no longer have to discover paths Client PKI Client Application Cert OK? Yes / No Repository Certs CRLs Path Discovery Status Resolution Cert + CAs, policies Path Verification Certificate Processing Trusted CAs Policies Path + Status evidence OCSP Server OCSP replies Status? Good / not

8 DPV Server Delegated Path Validation Current DPV proposals are to offload verification too Client PKI Client Application Certs CRLs Path Discovery Status Resolution Cert OK? Certificate Processing DPV Server Key Yes / No Path Verification Repository OCSP Server OCSP replies Policies Trusted CAs Real Trusted CAs Real Policies

9 Delegated Path Validation Advantages of DPV model: Vastly simpler client applications Centralized domain administration Disadvantages of DPV model: Online  availability & security issues Convenient monitoring point (privacy)

10 Trust and DPV The DPV server is the trust anchor Easier to manage authority compromise The DPV server is the trust dictator Clients do not validate the server’s “correctness” Client inputs are merely hints Still useful for client to identify context

11 Delegating Trust Across Domain Boundaries DPV servers consult other domains’ services to build responses to queries Clients rely on their DPV server to select the right sources to validate arbitrary certificates Different DPV servers’ views may differ Validation combines issuer domain information (certificates and status) with RP domain policies

12 Delegated Validation Across “Trust Fronts” Relying Party RP’s DPV B’s DPV A’s OCSP Relying Party control Issuer A control Issuer B CA A’s DPV Issuer B control Issuer A CA

13 Chained: Client gets authoritative reply via intermediary Intermediaries on path may be included Referred: Clients redirected to authoritative server Responses may be traceable to it Recursive: Each server aggregates data and generates its own responses Limited traceability Forms of Delegated Validation

14 DPV Implications for Cross-Certificates Domains can consider inter-domain trust relationships in formulating their DPV responses Fine-grain activation of trust relationships Available only for some clients Available only in some circumstances Like having multiple cross-certificates between domains

15 DPV Implications for Revocation Path construction actively involves intermediate domains Domains can consider status in formulating their responses No need to explicitly query for status Status is simply another factor in the availability of certain paths There is no path to a revoked certificate

16 DPV Implications for Certificates Queries eventually reach the issuer Necessary to obtain certificate status Issuer can assert more than just status Could respond with individual certificate elements, e.g.: Subject’s DN changes after cert is issued Can return new DN in DPV response Could even return subject’s public key  No revocation publishing at all

17 DPV Implications for Certificates In the limit, certificates become obsolete Certificate-free PKI: Authorities assign identifiers to entities’ public keys Entities present identifiers instead of certs RPs resolve identifiers to public keys via fully-delegated DPV XKMS already supports URLs for keys Active assertions are a new paradigm for PKI – X.509 didn’t consider them

18 Conclusions Current trend towards simplifying PKI clients challenges basic assumptions Delegating trust & distributing validation creates active authorities and intermediaries Introduces new issues: availability, latencies Facilities to constrain trust gain prominence Implications for revocation, certification Caveat adopter!