1 Update on draft-ietf-smime-cades-02. 2 Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during.

Slides:

Advertisements

Similar presentations

Chapter 14 – Authentication Applications

Advertisements

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Cryptography and Network Security Chapter 14

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CRL Processing Rules Santosh Chokhani November 2004.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

PIV Data Model Testing Ketan Mehta March 3, 2006.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Henric Johnson1 Electronic mail security Henric Johnson Blekinge Institute of Technology, Sweden

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Chapter 31 Network Security

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

TLS 1.2 and NIST SP A Tim Polk November 10, 2006.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Configuring Directory Certificate Services Lesson 13.

IDESG Security Committee Charter Update. Objectives The Security Committee is responsible for defining a Security Model for the Identity Ecosystem Framework.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

1 Electronic Mail Security Outline Pretty good privacy S/MIME Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

1 Authentication Algorithm Document Discussions CCSDS Security Working Group Fall 2007 Meeting 3-5 October 2007 ESA/ESOC, Darmstadt Germany (Hotel am Bruchsee,

Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.

1 PKI Disaster Recovery and Key Rollover Bull S.A.S.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

EAP-PSK v8 IETF 63 – Paris, France August EAP-PSK: an independent submission to IESG Requested EAP method type number allocation Reviewed June 2005.

XML Evidence Record Syntax

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.

SonOf3039 Status Russ Housley Security Area Director.

1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.

Secure Multipart Internet Mail (S/MIME) Working Group Tuesday, July 24, 2007 Afternoon Session III

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

DHCP-DNS Interaction Bernie Volz IETF-61, DHC WG.

SCVP-28 Tim Polk November 8, Current Status Draft -27 was submitted in June ‘06 –AD requested a revised ID 8/11 –No related discussion on list –Editors.

SCVP 18 Tim Polk. Mea Culpa ● Draft -19 omits some promised changes from the March IETF meeting – Document management problems compounded by ID submission.

Cryptography and Network Security

Authentication Applications

Formats for long term signatures

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Public-Key Certificates

Instructor Materials Chapter 5: Ensuring Integrity

BPSec: AD Review Comments and Responses

National Trust Platform

Presentation transcript:

1 Update on draft-ietf-smime-cades-02

2 Current Status Completed last call. Under review by IESG. Comments to be incorporated: –From Pavel Smirnov (during last call) 6.3.5: Hash calculation for CAdES-C timestamp –From Tim Polk (Security Area Director) Expand on procedures for zero hash of SigPolicy Clarify note

3 Proposed Comment resolution PS1 Main Comment – Calculation of hash unclear (Following exchange with originator) 6.3.5:Hash calculation for CAdES-C timestamp: 1) Add "NOTE 1: It is recommended that the attributes being time-stamped are encoded in DER. If DER is not employed then the binary encoding of the ASN.1 structures being time-stamped should be preserved to ensure that the recalculation of the data hash is consistent.“ (Note also to be added to 6.3.6)

4 Proposed Comment resolution PS :Hash calculation for CAdES-C timestamp: 2) Add "NOTE 2: Each attribute is included in the hash with the attrType and attrValues (including type and length) but without the type and length of the outer SEQUENCE” (Note also to be added to 6.3.6)

5 Proposed Comment resolution PS :Hash calculation for CAdES-C timestamp: 3) No change: Inclusion of type and length or not is a matter of style and and provided it is explicit this is not considered to be an issue.

6 Proposed comment resolution TP1 In Comment (1)In section 5.8.1, I am not clear what the expected behavior of a conformant client will be if it encounters a sigPolicyHash with a hashValue of zero. I recognize that it won't crash in the ASN.1 decoding, so that is a real improvement over the original submission. However, I think the expected results should be clear so a system generating this value understands the ramifications of choosing not to include a policy hash value. I suggest expanding the Note in Proposed resolution: Add to existing text: “The hashValue within the sigPolicyHash may be set to zero to indicate that the policy hash value is not known. NOTE: The use of zero policy hash value is to ensure backward compatibility with earlier versions of the current document.” The following: “If hashValue is zero then the hash value should not be checked against the calculated hash value of signature policy.”

7 Proposed Resolution TP2 Comment I do not understand Note 1 in section I lose the thread when I hit "as long as the CAs are trusted such that". I think this is an important note, but it isn't obvious what the point is... Proposed resolution Replace: NOTE 1: The CAdES-X Long provides long term proof of a valid electronic signature as long as the CAs are trusted such that these keys cannot be compromised or the cryptographic algorithms that were initially used are broken. With: NOTE 1: The CAdES-X-Long signature provides long term proof of the validity of the signature for as long as the CA keys, CRL Issuers keys and OCSP responder keys are not compromised and resist to cryptographic attacks.

8 Next Steps New Internet Draft to be posted after the meeting on the web site incorporating change identified above.