PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981
2 Outline Background Privilege Management Certification Status Management Protocols Legal and Policy Applications
3 Digital Signing A one-way hash function is used to create a hash of the data to be signed A digital signature is cryptographic transformation of the hash value and the signer’s private key Original Message Originator Private Key Hash Hash Value Sign Signature Value
4 X.509 Certificate Format SERIAL NUMBER v1 or v2 or v3 C=US, S=VA, O=RSA Labs VERSION SIGNATURE ALGORITHM RSA with SHA-1 ISSUER VALIDITY 1/1/01 - 1/1/02 SUBJECT C=US, S=VA, O=RSA Labs CN=Russell Housley SUBJECT PUBLIC KEY INFO RSA, ISSUER UNIQUE ID ACBDEFGH SUBJECT UNIQUE ID RSTUVWXY EXTENSIONS SIGNATURE
5 X.509 CRL Format VERSION SIGNATURE ALGORITHM RSA with SHA-1 v1 or v2 C=US, S=VA, O=RSA Labs ISSUER LAST UPDATE 11/25/01 NEXT UPDATE 12/2/01 REVOKED CERTIFICATES CRL EXTENSIONS SIGNATURE SEQUENCE OF SERIAL NUMBER REVOCATION DATE 9/27/01 CRL ENTRY EXTENSIONS
6 Privilege Management Extensions allow arbitrary information to be bound to the subject identity Should only include an attribute in the identity certificate if it meets two criteria –The CA is authoritative for the attribute –The expected lifetime of the attribute will not increase the likelihood of revocation When these criteria cannot be met, then an attribute certificate should be used instead
7 Attribute Certificate HOLDER v1 or v2 VERSION ISSUER RSA with SHA-1 SIGNATURE ALGORITHM SERIAL NUMBER 11/29/ /30/01 VALIDITY C=US, S=VA, O=RSA Labs ATTRIBUTES ISSUER UNIQUE ID EXTENSIONS SIGNATURE C=US, S=VA,O=RSA Labs, OU=IT SEQUENCE OF ATTRIBUTE TYPE { } (role) SET OF ATTRIBUTE VALUES Administrator
8 Linking Identity Certificates and Attribute Certificates The attribute certificate holder field is a pointer to an identity certificate Two techniques: –Matching subject – Links to any identity certificate for that subject –Matching issuer / serial number pair – Links to a particular certificate
9 Certificate Status Certificate Revocation Lists (CRLs) –Delta CRLs –Sliding Window Delta CRLs –Indirect CRLs Online Certificate Status Protocol (OCSP) –RFC 2560 –Client must build certification path –Irrevocable trust in OCSP responder Delegated Path Validation –Simple Certificate Validation Protocol (SCVP) draft-ietf-pkix-scvp-06, July 2001 –Server builds path and validates it for the client –Irrevocable trust in SCVP responder
10 Sliding Window Delta CRLs In this example, one can fetch the smaller Delta CRL if the cache is current within 36 hours.
11 Indirect CRLs Hierarchical PKI In this example, one can validate the Indirect CRL once, caching information about all of the CAs in the hierarchy. Each certificate issued to a CA contains a CRL Distribution Points extension that points to the Indirect CRL.
12 OCSP Response RESPONDER ID v1 C=US, O=RSA, CN=OCSP1 VERSION PRODUCED AT Z CERTIFICATE ID CERTIFICATE STATUS Good THIS UPDATE Z Z RESPONSE EXTENSIONS SIGNATURE id-MD5, A5CF3378E4BB0012, ED3556A790CC34FF, 2560 NEXT UPDATE SINGLE EXTENSIONS Nonce = 48
13 SCVP Architecture Client SCVP Responder OCSP Responder X.500 Directory LDAP Directory Other … Certificate Yes / No
14 Management Protocols Too many choices … –PKCS #10 [RFC 2314] –Certificate Request Message Format [RFC 2511] –Certificate Management Protocol (CMP) [RFC 2510] –Certificate Management using CMS (CMC) [RFC 2797] –Simple Certificate Enrollment Protocol (SCEP) [Cisco] Need simple, straightforward enrollment –Enable your grandparents to get a certificate and send digitally signed electronic mail … Yet, allow face-to-face registration for high-value electronic commerce –Qualified Certificates [RFC 3039]
15 Legal and Policy Electronic Signatures in Global and National Commerce Act (E-Sign) Health Insurance Portability and Accountability Act (HIPAA) Government Paperwork Elimination Act (GPEA) European Directive 1999/93/EC –Qualified certificates required American Bar Association is updating RFC 2527 –Certificate Policy and Certification Practices Framework
16 Applications Signed documents –ETSI Electronic Signature Format [RFC 3126] –Electronic signature policies [RFC 3125] –XML Digital Signatures [RFC 3075] Time stamping servers –Time-Stamp Protocol (TSP) [RFC 3161] Wireless Applications Protocol (WAP)
17 For More Information Russ Housley