CAMP PKI UPDATE August 2002 Jim Jokl

Slides:



Advertisements
Similar presentations
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Advertisements

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Digital Certificate Installation & User Guide For Class-2 Certificates.
MyProxy: A Multi-Purpose Grid Authentication Service
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
1 HEPKI-TAG Update EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Jim Jokl University of Virginia.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
PKI Update. Topics Background: Why/Why Not, The Four Planes of PKI, Activities in Other Communities Technical activities update S/MIME Pilot prospects.
Some Common Campus PKI Applications January 2004 CSG Meeting Jim Jokl.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August
Public Key Infrastructure from the Most Trusted Name in e-Security.
Public Key Infrastructure Ammar Hasayen ….
1 Grids and PKI Bridges (Globus Toolkit) EDUCAUSE/Dartmouth PKI Summit July 26, 2005 Shelley Henderson - USC Jim Jokl - Virginia.
Windows 2003 and 802.1x Secure Wireless Deployments.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Technical Issues that Challenge PKI Deployments Jim Jokl University of Virginia PKI Meeting August 12, 2004.
HEPKI-TAG Activities & Globus and Bridges Jim Jokl University of Virginia Fed/ED PKI Meeting June 16, 2004.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Digital Certificate Installation & User Guide For Class - 2 Certificates.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
1 PKI Update September 2002 CSG Meeting Jim Jokl
PKI 150: PKI Parts Policy & Progress Part 2 Jim Jokl University of Virginia David Wasley University of California.
Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Masud Hasan Secue VS Hushmail Project 2.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
1 Personal Digital Certificates at Virginia Tech: Who Are You? Mary Dunker Internet-2 December 4, 2006
Troubleshooting Windows Vista Security Chapter 4.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
1 PKI & USHER/HEBCA Fall 2005 Internet2 Member Meeting Jim Jokl September 21, 2005.
Co Chairs C. W. Goldsmith University of Alabama at Birmingham David L. Wasley University of California Office of the President.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
PKI Activities at Virginia September 2000 Jim Jokl
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
PKI: News from the Front and views from the Back Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of.
PKI Session Overview 1:30 pm edt - Welcome, etiquette, session outline 1:40 pm edt - HEPKI-TAG Update (Jim Jokl, Virginia) 2:00 pm edt - HEPKI-PAG Update.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Day 3 Roadmap and PKI Update. When do we get to go home? Report from the BoFs CAMP assessment, next steps PKI technical update Break Research Issues in.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Product Manager, Keon PKI
Secure Enterprise Technology Initiatives e-Provisioning Group
Public Key Infrastructure from the Most Trusted Name in e-Security
Installation & User Guide
Fed/ED December 2007 Jim Jokl University of Virginia
September 2002 CSG Meeting Jim Jokl
Presentation transcript:

CAMP PKI UPDATE August 2002 Jim Jokl

2 Higher Education PKI Activities - HEPKI Sponsors Internet2, EDUCAUSE, CREN, HEPKI - Technical Activities Group (TAG) Open-source PKI software Certificate profiles Directory / PKI interaction Validity periods Client customization issues Mobility Inter-institution test projects Technical issues with cross-certification

3 PKI-lite Full function but lightweight A normal PKI technical infrastructure  Authenticate users  Issue certificates, perhaps revoke certificates  A comparatively simple certificate profile  Support applications, directories, etc A lightweight administrative/policy structure  Supports applications without high assurance needs  One or two page certification policy  Assurance levels per existing campus practice Campus evolution towards full featured PKI

4 PKI-lite Project Status PKI-lite certificate profiles completed Designed to support web authentication & S/MIME End Entity profile CA certificate profile PKI-lite Policy and Practices Statement Individual documents prepared – then merged Reviewed by many people Template-based fill in the blanks approach HEPKI Demo CA Source code available for examination Certificate repository

5 S/MIME Project Charter Why S/MIME Support in many clients Why not PGP A business driver for PKI Chicken & egg problem Project goals Demonstrate the technology Show intercampus interoperability Leverage the effort of multiple institutions working together

6 S/MIME Project Plan Phase 1 Client interoperability testing Certificate management Documentation for users Phase 2 Real campus users PKI-lite profile certificates & assurance User-to-application trials Application-to-user trials Goal: make S/MIME easy to deploy

7 S/MIME Project: Some Early Results client interoperability testing results Common signing algorithms: SHA-1 & MD5 Common encryption algorithms: DES, 3DES, RC4 Default client configurations basically just work –SHA-1 & 3DES Interesting issues –Messages stored in folders are encrypted Key escrow issues –Opaque signing –Outlook & encryption certificate

8 S/MIME Project Mailing List Software List management software and signatures Strong authentication for private lists – User-to-machine interactions Software library for developers Documentation on website Project plan S/MIME clients Test CA pointers and the start of a FAQ

9 Possible S/MIME-based Applications Travel expense reports Notification of direct deposits Online forms routing – signed workflow Trouble ticket submissions Password resets Library notices – guard circulation data Student debit card statement privacy Timesheet submission Long distance billing privacy FERPA opt-in/opt-out Sysadmin confirmation of batch jobs List server expansion of encrypted messages

10 HEPKI-TAG: next steps The Mobility Problem Private key access in a mobile environment Hardware tokens Smart Cards & USB devices For mobility, enhanced assurance, non-repudiation On-device key generation v.s. memory Pin Protection Schemes –Dual user/admin PIN systems Card locks after x user-pin attempts Fuse opens after y admin pin attempts –Single PIN/Reinitialize systems Card blocks after x user-pin attempts Card can be reset back to factory state and reused

11 HEPKI-TAG: next steps Certificate-based SSH Authentication Motivation Solves the initial key authentication problem Enables use of smart cards/USB devices for two-factor authentication SSH.com (commercial server) Load CA certificate chain Issue cert to server Build file to map Unix users to certificate fields –Fixed fields –Regular expressions and substitution Interoperability SSH.com server & clients, VanDyke SecureCRT

12 HEPKI-TAG: next steps Document and form signing tools The active content problem Web-based Client tools Windows XP bridge functionality Path construction & validation Support for name and policy constraints Applications S/MIME Project continued Browser Issues & Usability

13 HEPKI-TAG Resources PKI-Lite EE certificate profile CA certificate profile Policy and Practices statement Demonstrations HEPKI-CA Client authentication Certificate Repository Certificate profile repository S/MIME client interoperability testing chart Certificate Profile Maker DC Naming Recommendation

14 And, old problems don’t go away …. Trusted Root problem An old issue That isn’t fixed yet Complete with intuitive user interfaces Large support question Get the whole campus to download? Support users one at a time? Other options? Who knows a lot about keystore access?

15 References Main HEPKI Site HEPKI-TAG S/MIME Project Site Demonstration Site Many other links at the above sites

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.