Presentation is loading. Please wait.

Presentation is loading. Please wait.

Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER.

Published byTheresa Day Modified over 8 years ago

Similar presentations

Presentation on theme: "Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER."— Presentation transcript:

1 Revocation in WebPKI Phill Hallam-Baker Comodo

2 Standards intersection PKIX OTHER

3 PKIX but not RFC5280 Semantics of Revocation Reasons – Says what tag to use – Not what tag means or when to use it – [X.509 spec has definitions]

4 Servers Is OCSP stapling supported? – Yes (Apache, IIS, LiteSpeed, ngnix) [Is OCSP stapling on by default?] [Does server check cert status regularly?] [Are frequent certificate updates supported?]

5 Clients Supported Revocation Checking Mechanisms – CRL / OCSP? User Experience for Certificate Status Invalid? User Experience for Certificate Status Valid? What sources are trusted to sign CRLs or OCSP responses? Does this vary for DV/EV?

Download ppt "Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER."

Similar presentations

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,
PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.

Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?

Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?
Survey Results Rick Andrews 6 March 2014, IETF 89 London.

Survey Results Rick Andrews 6 March 2014, IETF 89 London.
Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn
CRL Processing Rules Santosh Chokhani November 2004.

CRL Processing Rules Santosh Chokhani November 2004.
1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
+1 (801) 877-2100 Ultralight OCSP Improving Revocation Checking.

+1 (801) Ultralight OCSP Improving Revocation Checking.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Validity Management in SPKI 24 April 2002 (author) (presentation)

Validity Management in SPKI 24 April 2002 (author) (presentation)
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Similar presentations

Ads by Google