Online Certificate Status Protocol ‘OCSP’ Dave Hirose July 15 2004 Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects.

Slides:

Advertisements

Similar presentations

An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

A Framework for Distributed OCSP without Responders Certificate

Chapter 14 – Authentication Applications

Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?

Public Key Infrastructure (PKI)

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Public Key Management and X.509 Certificates

Report on Attribute Certificates By Ganesh Godavari.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Josh Benaloh Brian LaMacchia Winter Side-Channel Attacks Breaking a cryptosystem is a frontal attack, but there may be easier access though a side.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

SAML Conformance Sub-Group Report Face-to-face meeting August 29, 2001 Bob Griffin.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT By Alexander Beck Jens Graupmann Frank Ortmeier.

Certificate revocation list

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Building trust on the internet Extending Attribute Protocols for Status Management and “Other Things” Patrick Richard, Xcert International.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

Comments on draft-ietf-pkix-rfc3280bis-01.txt IETF PKIX Meeting Paris - August 2005 Denis Pinkas

Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER.

Submission doc.: IEEE 11-13/0338r0 March 2013 IEEE 802 Working Group, IEEE 802Slide 1 IEEE 802 Response to 6N15523 Date: Authors:

and File Security With GnuPG Matt Brodeur

TLS authentication using ETSI TS and IEEE certificates

Document update - what has happened since GGF11

Cryptography and Network Security

Information Security message M one-way hash fingerprint f = H(M)

Voucher and Voucher Revocation Profiles for Bootstrapping Protocols draft-kwatsen-netconf-voucher-00 NETCONF WG IETF 97 (Seoul)

Information Security message M one-way hash fingerprint f = H(M)

Information Security message M one-way hash fingerprint f = H(M)

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Public-Key Certificates

بعض النقاط التي تؤخذ في الحسبان عند تقييم الاستثمارات الزراعية

Information Security message M one-way hash fingerprint f = H(M)

Digital Certificates and X.509

Cryptographic Usage Mask

Certificate Revocation

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

OCSP Requirements GGF13.

Presentation transcript:

Online Certificate Status Protocol ‘OCSP’ Dave Hirose July Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects of OCSP Types of OCSP Conclusions

OCSP & Digital Signatures OCSP is a protocol used to verify the status of digital signatures Digital Signatures

Certificate Status Certificate Revocation Lists & OCSP

Technical details of OCSP Request Protocol version Service request Target certificate identifier Optional extensions which may be processed by the OCSP Response Version Responder’s name Responses for each of the certificates in the request Possible Responses: Good Revoked Unknown

Types of OCSP Trusted Distributed

Conclusion Can be useful in certain situations. Suitable for highly sensitive or high valued information Weigh the risk of not using real time verification against the cost of using and implementing it Should consider checking the CRL directly for revoked certifications. OCSP is not infallible. Since the revocation lists are not locked. If real time verification of certificates is imperative and you have a high volume complicated system, you should consider using a vendor specializing in digital certificate validation

Online Certificate Status Protocol Questions?