Stroeder.COM TF-LSD Meeting 2001-10-29 - 1 - S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion.

Slides:

Advertisements

Similar presentations

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Advertisements

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Sonnenglanz Consulting BV 28 September CPA Management Idea’s for large-scale deployments E.J. Van Nigtevecht Sonnenglanz Consulting BV.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Lecture 23 Internet Authentication Applications

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

Internet Messaging in 60 Minutes Terry Gray -University of Washington Policy Issues Mission Critical Messaging Goals Relevant Standards Standards Update.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

Public Key Infrastructure from the Most Trusted Name in e-Security.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Understand Active Directory Infrastructure

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

Requirement for Enterprise Directory Services A Customer Influenced Perspective TOG DCE Program Group ® Brian Breton Gradient Technologies, Inc.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Module 12 Integrating Exchange Server 2010 with Other Messaging Systems.

Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.

Lecture 6: Sun: 8/5/1435 Distributed Applications Lecturer/ Kawther Abas CS- 492 : Distributed system & Parallel Processing.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Some Technical Issues in PKI Deployment David Chadwick

SACRED REQUIREMENTS DOCUMENT Stephen Farrell, Baltimore Alfred Arsenault, Diversinet.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.

Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

IETF sec - 1 Security Work in the IETF Scott Bradner Harvard University

1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

July 19, Secure Messaging Models Co-existence and Interoperability Russell W. Chung New York, NY July 19, 2005.

Internet Business Associate v2.0

Cullen Jennings S/MIME Certificates Cullen Jennings

Active Directory Replication (Part 1) Paige Verwolf Support Professional Microsoft Corporation © 1999 Microsoft Corporation. All rights reserved.

DANE: The Future of Transport Layer Security (TLS)

Misc. Security Items.

CS 465 Secure Last Updated: Nov 30, 2017.

S/MIME T ANANDHAN.

Active Directory Stored collection of information about objects

Goals Introduce the Windows Server 2003 family of operating systems

Public Key Infrastructure from the Most Trusted Name in e-Security

Encryption in Office 365 Shobhit Sahay Technical Product Manager

Introduction to Active Directory Directory Services

Module 4 System and Application Security

Presentation transcript:

Stroeder.COM TF-LSD Meeting S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion

Stroeder.COM TF-LSD Meeting Situation Today LDAP directories accepted as PKIX repository but...  no globally working directory infrastructure 1 LDAP hidden behind organizational boundaries  different ways for storing certificates in directory 1 certificates are usually distributed via S/MIME (in-band) or HTTP (out-of-band) 1 no easy-to-use standard way for search & retrieval

Stroeder.COM TF-LSD Meeting Situation Today

Stroeder.COM TF-LSD Meeting S/MIME Cert Collector

Stroeder.COM TF-LSD Meeting Dealing With Local Directories Accept existence of organizational directories as is:  Local naming conventions 1 Naming transformation subject DN to LDAP DN 1 Plug-ins  Access control (administration and firewalls) 1 use widely accepted transport protocol crossing org. boundaries 1 SMTP  Storage schemes (often depending on PKI products) 1 Plug-ins

Stroeder.COM TF-LSD Meeting Why S/MIME s?  SMTP is widely deployed protocol and crosses organizational boundaries like firewalls easily  S/MIME implemented in commonly deployed MUAs  Signed S/MIME s contain sender's certificate (if configured)  Sender "publishes" his/her certificate by sending signed to certain address

Stroeder.COM TF-LSD Meeting Privacy  Adding his/her certificate has to be intention of user  User himself/herself publishes by sending to a certain address  Signature has to be validated, maybe From: header in the signed body  Privacy requirements have to be met by organizational directory

Stroeder.COM TF-LSD Meeting Access Control  Possibly data is reviewed by local directory administrator before being added  Signature has to be validated against trusted root certificate  Access control within organizational directory is subject of directory's configuration

Stroeder.COM TF-LSD Meeting Directory Access  Directly write to LDAP directory  Add new entries if necessary  Modify existing entries (e.g. search by address)  Write data for review and bulk upload (LDIF, DSML)  Write replication log  How's data removed?

Stroeder.COM TF-LSD Meeting What it is, what it is not It is a  practical solution for a common problem  a flexible tool It's not a  complete replacement for a global directory infrastructure  mail2ldap gateway  coffee machine

Stroeder.COM TF-LSD Meeting Discussion  User acceptance?  Required features?  Security aspects?  Privacy aspects?