9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

Slides:



Advertisements
Similar presentations
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Advertisements

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Higher Ed Certificate Authority by CREN October 12, 2000 TERENA Meeting/Paris.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
RPKI Certificate Policy Stephen Kent, Derrick Kong, Ronald Watro, Karen Seo July 21, 2010.
Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
SAFE BioPharma Association CONFIDENTIAL1 SAFE Public Key Infrastructure (PKI) 2005 EDUCAUSE/Dartmouth PKI Deployment Summit.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
David L. Wasley Office of the President University of California Higher Ed PKI – Draft Certificate Policy David L. Wasley University of California Common.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August
1 PKI Update September 2002 CSG Meeting Jim Jokl
PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.
David L. Wasley Office of the President University of California Higher Ed PKI Certificate Policy David L. Wasley University of California I2 Middleware.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
CREN Certificate Authority Project: Update from Georgia Tech Ron Hutchins 28 March 2000.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Configuring Directory Certificate Services Lesson 13.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Higher Ed Certificate Authority by CREN: Update CSG February 2, 2000.
Cryptography and Network Security Chapter 14
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK
1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.
MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.
Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;
CAISO Public Key Infrastructure: Supporting Secure ICCP Leslie DeAnda Senior Information Security Analyst, Information Security, CAISO EMS Users Group.
Cryptography and Network Security
Fed/ED December 2007 Jim Jokl University of Virginia
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99

9/20/2000www.cren.net2 Certificate Authority Update  Institutional certificates issued and accepted l MIT, Georgia Tech, Princeton l U of Minnesota, UT-Austin  Testing with JSTOR is underway l Frank G has update on this

9/20/2000www.cren.net3 Applications  Registration process complete - U Tenn & U Mass - Amherst  Other applications in various stages of process l Penn State l Johns Hopkins University l Florida State University

9/20/2000www.cren.net4 What’s Happening - Since May 2000  Issues with the certificate profile. l Validity Period of CREN Root Certificate l Domain Component Naming (DC Naming) l Extensions in Certificates (CREN, Institutions’)  Technical Issues l Roots, trust paths and revocation  Policy and Campus Issues l Private key Policies l Campus implementations l Trust model with higher ed and FBCA

9/20/2000www.cren.net5 Certificate Profile Issues  Validity Period - Issued for five years for institutions; CREN root valid to 11/17/07 l Upgraded to Version 3 cert with extensions  DC Naming in certificates - l Can include in “Subject Field” of IC with x.509 l CREN cert “Subject field” will be x.509 only l HEPKI Recommendation - Jim Jokl paper  Other attributes in the Basic Constraints and Key usage fields -- gathering input until January l Now have an OID from IANA

9/20/2000www.cren.net6 Continuing Issue /Question  How to achieve overall goal of interoperability  Ambiguity about the specific goal: find a CRL or other means to verify certificate validity or to find LDAP directory  IETF PKIX Working Group has defined an extension for the purpose of finding a CRL  Agreed on a six month period to “aggregate” recommended changes  Fog will clear … as we move forward

9/20/2000www.cren.net7 Other Issues  Jeff completed first version of repository available at  Working Groups l Protecting private keys: Co-Chairs are Jeff Schiller and Ariel Glenn l Vendor Offering Group- Chair Kevin Unrue l Groups just formed Interest in joining? Contact chairs or Patty Gaul. l Coordinating with HEPKI groups

9/20/2000www.cren.net8 CPs and CPSs: How are they Different?  A Certificate Policy (CP) is a “named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements.” RFC 2527  A Certificate Practice Statement (CPS) “A CPS is a statement of the practices which a certification authority employs in issuing certificates.” ABA Guidelines, RFC 2527  Each campus will probably need both a CP and a CPS l CP - Tells what, where and for what purpose certificates are to be used for, building a common security framework or umbrella l CPS - Tells how a campus issues certificates - details the operational procedures

9/20/2000www.cren.net9 CREN CA Documents  CREN currently has CPS version 3.0 dated 1/27/00 which details the operations and practices for the CREN CA.  CREN does not have a CP setting forth the the larger framework, although sections of the CPS are a good beginning. Work on this will parallel or follow the generic Higher Ed CP development by D Wasley  Note: CREN has a Step by Step document detailing each step of the Registration Authority process and the CA issuance of an Institutional Certificate.  In process of obtaining an OID from IANA.

9/20/2000www.cren.net10 CPs and CPSs: Principle and example  Procedure for revocation request (EuroPKI CP)  The entity requesting the revocation SHALL be properly authenticated. The authentication method SHOULD be as strong as the one used in the issuing procedure. Conforming CA MUST accept as a revocation request a message digitally signed with a not expired and not previously revoked certificate issued under this policy.  An alternative procedure MAY require the entity to visit RA or CA and to present a viable identity document.  If the entity is a CA, the CA SHALL in addition: (1) Inform subscribers and cross-certifying CAs, and (2) Terminate the certificate and CRL distribution service for certificates/CRLs issued using the compromised private key.

9/20/2000www.cren.net11 CPs and CPSs: Principle and example  CRL issuance frequency (if applicable)  CRLs MUST be issued at least every 40 days by a conforming CA.  Principle:  Exact boundaries between CP and CPS will be malleable for now.

9/20/2000www.cren.net12 Overview of What’s Next? Fall, 2000  Continue working the issues  Work with groups on building community awareness and expertise via scenarios, FAQs and workshops plus support of HEPKI activities  FAQ on Basic Directory Information is in review  CA Schools meeting in October with Internet2 in Atlanta

9/20/2000www.cren.net13 Overview of What’s Next? Fall 2000 and Spring 2001  CAs/Directories Workshops  Work with Michael and others on browsers  Explore with Jeff feasibility of issuing server certificates to institutions with institutional certificates  Plan the next group of content providers and how to work with them

9/20/2000www.cren.net14 Continuing Issues/Questions  Should CREN Be a Bridge Certificate Authority? What trust model(s) make sense?  What else should CREN do to support, move forward the browser question?  Deployment strategies for the CREN root?  How do we move forward with content providers? What content providers are ready?  How do campuses get ready? What is the first step?

9/20/2000www.cren.net15 For More Information and to Participate  CA List—send request to  -- HEPKI groups, etc  - for HEPKI web site  Call Ken … or Jim or Chairs of other working groups or me

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.