Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.

Slides:



Advertisements
Similar presentations
DIGITAL CERTIFICATES Prof. Ravi Sandhu. 2 © Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs.
Advertisements

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
X.509 Certificate management in.Net By, Vishnu Kamisetty
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
1 Lecture 11 Public Key Infrastructure (PKI) CIS CIS 5357 Network Security.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Certificate revocation list
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Symmetric Encryption Mom’sSecretApplePieRecipe Mom’sSecretApplePieRecipe The same key is used to encrypt and decrypt the data. DES is one example. Pie.
Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
1 SeGW Certificate profile (Revised) 3GPP2 TSG-S WG4 /TSG-X WG5 (PDS) S X xx Source: QUALCOMM Incorporated Contact(s): Anand.
IST E-infrastructure shared between Europe and Latin America ULAGrid Certification Authority Vanessa Hamar Universidad de Los.
Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.
15 May 2001© 2001 University of Salford1 Deficiencies in LDAP when used to support Public Key Infrastructures David W Chadwick
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas
1 Certification Issue : how do we confidently know the public key of a given user? Authentication : a process for confirming or refuting a claim of identity.
LDAP for PKI Problems Cannot search for particular certificates or CRLs Cannot retrieve particular certificates or CRLs.
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
CCSDS Security Working Group Fall 2015 Meeting Certificate Management 9 November – 13 November 2015 Darmstadt Germany Charles Sheehe NASA/Glenn.
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM
GRID-FR French CA Alice de Bignicourt.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.
Cryptography and Network Security
کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)
زير ساخت كليد عمومي و گواهي هويت
Public-Key Certificates
APNIC Trial of Certification of IP Addresses and ASes
Resource Certificate Profile
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
PKI (Public Key Infrastructure)
Presentation transcript:

Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston

Fed/Ed PKI 2008, June 3 CN=William A. Weems, OU=" Incorp. by Ref.,LIAB.LTD(c)99", OU=Health Science Center at Houston CA, O=The University of Texas System Subject Distinguish Name

Fed/Ed PKI 2008, June 4 Certificate Version Serial Number Algorithm ID Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Issuer Unique Identifier (Optional) Subject Unique Identifier (Optional) Extensions (Optional)... Certificate Signature Algorithm Certificate Signature X509 Structure

Fed/Ed PKI 2008, June 5 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile Unique Identifiers These fields MUST only appear if the version is 2 or 3 (Section ). These fields MUST NOT appear if the version is 1. The subject and issuer unique identifiers are present in the certificate to handle the possibility of reuse of subject and/or issuer names over time. This profile RECOMMENDS that names not be reused for different entities and that Internet certificates not make use of unique identifiers. CAs conforming to this profile MUST NOT generate certificates with unique identifiers. Applications conforming to this profile SHOULD be capable of parsing certificates that include unique identifiers, but there are no processing requirements associated with the unique identifiers. RFC 5280

Fed/Ed PKI 2008, June 6 Applications (commerce or anything else) will use the subject identity to make authorization decisions. Since names cannot be reused, new names will become more and more unnatural and hard to comprehend and memorize, and different people will have different ways in addressing the uniqueness. I believe it is natural and should be encouraged, if not required, to always associate the subject name with a unique identifier. Without this requirement, privacy and protection of subject's internet resources, financial assets, etc, can be all at risk. Shyh-Wei Luan, 23 May 1997

Fed/Ed PKI 2008, June 7 You can always achieve the effect of a unique identifier by adding an attribute value assertion into the distinguished name for that purpose. For example, if Common Name is not assigned so as to be inherently unique, you can add another attribute that carries Employee Number or Customer Number, which is arranged to be unique. Warwick Ford, VeriSign, Inc.Fri, 23 May 1997

Fed/Ed PKI 2008, June 8 What to Do?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.