Presentation is loading. Please wait.

Presentation is loading. Please wait.

Framework on Key Compromise, Key Loss & Key Rollover

Published by侧 凌 Modified over 7 years ago

Similar presentations

Presentation on theme: "Framework on Key Compromise, Key Loss & Key Rollover"— Presentation transcript:

1 Framework on Key Compromise, Key Loss & Key Rollover
PKIX WG Denis Pinkas. Bull SAS.

2 PKIX New Work Item Proposal
The goal is to develop an Informational RFC to address cases of : key compromise, key loss, and key rollover.

3 Detailed scope (1 / 2) One goal of the document is to present a framework to assist the writers of policy or practice statements and the designers of a Public Key Infrastructure to prepare disaster recovery plans in case of a private key compromise or a private key loss. The framework will provide a comprehensive list of potential key compromise or key loss conditions that (at the discretion of policy or practice statements writers) should be considered so that it is possible to nicely recover from situations which normally should not happen, but might happen.

4 Detailed scope (2 / 2) Since keys do not last for ever, key rollover should be planned in advance and guidance is also necessary. The keys to be considered as the keys from: end-users, Certification Authorities, Revocation Authorities, Attribute Authorities, and Time Stamping Units.

5 Relationship with RFC 4210 There is no intent to develop any new protocol. RFC 4210 already contains a protocol for key rollover (“old by new”, “new by old” and “new by new”). However the text from RFC 4210 describes only what a CA should do, but does not say how a relying party should use the information issued by a CA. The proposed wor item would yield a document providing more details and guidance, by explaining how to achieve root key rollover using the information specified in RFC 4210.

6 The Way Forward If the work item is accepted by the PKIX WG, then an editing team is ready to progress the document. It would be composed of: Denis Pinkas (lead editor), Arshad Noor (co-editor), Joel Kazin (co-editor).

Download ppt "Framework on Key Compromise, Key Loss & Key Rollover"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Presented by YOUR NAME THE DATE

Presented by YOUR NAME THE DATE
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.

CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.
CLUE Framework IETF 84 July 30 – Aug 3, 2012 Mark Duckworth Allyn Romanow Brian Baldino Andy Pepperell.

CLUE Framework IETF 84 July 30 – Aug 3, 2012 Mark Duckworth Allyn Romanow Brian Baldino Andy Pepperell.
SIP working group status Keith Drage, Dean Willis.

SIP working group status Keith Drage, Dean Willis.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Standards and Guidelines for IS Auditing (ISACA).

Standards and Guidelines for IS Auditing (ISACA).
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
1 PKI Disaster Recovery and Key Rollover Bull S.A.S.

1 PKI Disaster Recovery and Key Rollover Bull S.A.S.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Similar presentations

Ads by Google