Presentation is loading. Please wait.

Presentation is loading. Please wait.

The role of Identity in TLS certificates

Published byMervyn Clarke Modified over 7 years ago

Similar presentations

Presentation on theme: "The role of Identity in TLS certificates"— Presentation transcript:

1 The role of Identity in TLS certificates
Buypass CA Who should be represented in the “O” field?

2 Summary from Ryan S – nov 2015
Buypass CA Recognize we don't have consensus yet for what the O field should present as Recognize that the VWG proposals provide many wonderful security benefits that we shouldn't let them get hungup on resolving 1) Take a pass at the BRs, in their entirety, to find places where the language may be inconsistent with respect to the (unresolved) status quo, and update that language to reflect the present reality Longer term, if this is a topic members are passionate about, which I think we have evidence that some CAs are, work to build consensus as to those goals

3 Who should be represented in the ”O” field?
Buypass CA None – ”Identity is not important” A (well) defined set of entities satisfying some requirements All entities that are allowed according to the current BR/EVG Kirk Hall, author of the content and logical operator of the kirk.example.com origin Example.com, provider of hosting services for Kirk Hall CDN Corp, a CDN that provides SSL/TLS front-end services for example.com, which does not offer them directly Marketing Inc, the firm responsible for designing and maintaining the website on behalf of Kirk Hall Payments LLC, the payment processing firm responsible for handling orders and financial details on kirk.example.com DNS Org, the company who operates the DNS services on behalf of Kirk Hall Mail Corp, the organization who handles the MX records that kirk.example.com responds to

4 Summary from Phenix Ownership Control Authorization
Buypass CA Ownership The Applicant is the owner of the Domain, the Domain Registrant Control The Applicant controls the Domain Authorization The Applicant is authorised to use the Domain

5 Summary from Phenix – and VWG
Buypass CA Ownership The Applicant is the owner of the Domain, the Domain Registrant Validating the Applicant as Domain Contact , Fax, SMS, or Postal Mail to Domain Contact Phone Contact with Domain Contact Control The Applicant controls the Domain Constructed to Domain Contact Agreed-Upon Change to Website DNS Change IP Address Test certificate TLS Using a Random Number Authorization The Applicant is authorised to use the Domain Domain Authorization Document

6 Who should be in the O-field?
Buypass CA Kirk Hall, author of the content and logical operator of the kirk.example.com origin Controls the Content of the Domain (Content Owner) - OK Example.com, provider of hosting services for Kirk Hall The Domain Registrant - OK CDN Corp, a CDN that provides SSL/TLS front-end services for example.com, which does not offer them directly Controls what? Why should they be represented in the O-field? Marketing Inc, the firm responsible for designing and maintaining the website on behalf of Kirk Hall Controls the Content on behalf of the Content Owner. Why should they be represented in the O-field? Payments LLC, the payment processing firm responsible for handling orders and financial details on kirk.example.com N/A by current requirements - OK DNS Org, the company who operates the DNS services on behalf of Kirk Hall Controls the DNS – Why should they be in the O-field? Mail Corp, the organization who handles the MX records that kirk.example.com responds to Controls the service – Why should they be in the O-field? Other Other entities authorized (by Domain Contact) to use the Domain – Examples?

7 Next steps Decide on who should be in the O-field (and who should not)
Buypass CA Decide on who should be in the O-field (and who should not) Define different categories of entities Domain Owner, Content Owner Etc….. Define acceptable methods for verification for each category E.g by ownership, by control using method A, B or C

8

Download ppt "The role of Identity in TLS certificates"

Similar presentations

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms
RTÉ eCommissioning A Guide to the Supplier Registration Process.

RTÉ eCommissioning A Guide to the Supplier Registration Process.
ESOS COMPLIANCE PROCESS 26 FEBRUARY 2015. REGULATORY APPROACH.

ESOS COMPLIANCE PROCESS 26 FEBRUARY REGULATORY APPROACH.
IRTP-C: Handling of Email Address Changes IRTP-C Implementation Review Team Discussion 8 January 2015.

IRTP-C: Handling of Address Changes IRTP-C Implementation Review Team Discussion 8 January 2015.
Craig J. Nichols, Secretary 1. Mainframe and Other Software Florida State Term Contract Mainframe and Other Software 252-500-09-1 July 22, 2013 2.

Craig J. Nichols, Secretary 1. Mainframe and Other Software Florida State Term Contract Mainframe and Other Software July 22,
Modelica Users‘ Group Rules The following slides summarize the decisions of the Modelica Association from the 82nd Modelica Design Meeting in Lund, March.

Modelica Users‘ Group Rules The following slides summarize the decisions of the Modelica Association from the 82nd Modelica Design Meeting in Lund, March.
High-class document management for small and medium businesses. Let effective and easy document handling become reality at your company.

High-class document management for small and medium businesses. Let effective and easy document handling become reality at your company.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
Become an Account Executive Increase Your Income.

Become an Account Executive Increase Your Income.
Dedicated to preserving the central coordinating functions of the global Internet for the public good. John L. Crain, Chief Technical Officer, ICANN

Dedicated to preserving the central coordinating functions of the global Internet for the public good. John L. Crain, Chief Technical Officer, ICANN
U.S. General Services Administration Office of Governmentwide Policy GSA EXPO May 4, 2010 Lee Ellis U.S. General Services Administration Office of Governmentwide.

U.S. General Services Administration Office of Governmentwide Policy GSA EXPO May 4, 2010 Lee Ellis U.S. General Services Administration Office of Governmentwide.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.

Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
Supervision SICOR Securities, Inc.. Why? NASD 3110 requires the firm to “…establish and maintain a system to supervise the activities of each registered.

Supervision SICOR Securities, Inc.. Why? NASD 3110 requires the firm to “…establish and maintain a system to supervise the activities of each registered.
1 Conveying Water Rights Division of Water Rights By Randy Tarantino Title Program Specialist Telephone: (801) 538-7387 April 2013.

1 Conveying Water Rights Division of Water Rights By Randy Tarantino Title Program Specialist Telephone: (801) April 2013.
Welcome to EDUC 2110, 2120, & 2130 Field Experience Julie Gray Certification Office University Hall Room 340 Augusta State University.

Welcome to EDUC 2110, 2120, & 2130 Field Experience Julie Gray Certification Office University Hall Room 340 Augusta State University.
1 Conveying Water Rights Division of Water Rights By Randy Tarantino Title Program Specialist Telephone: (801) 538-7387 March 2012.

1 Conveying Water Rights Division of Water Rights By Randy Tarantino Title Program Specialist Telephone: (801) March 2012.
Letter of Authorization and Line of Credit Date: To:Debbie Lemmon Information Technology Management Office Division of the State CIO From:Company Contact.

Letter of Authorization and Line of Credit Date: To:Debbie Lemmon Information Technology Management Office Division of the State CIO From:Company Contact.
1 UK Link Security Policy Review January 2013. 2 UK Link Security Policy UK Link Security Policy requires review –Administrative changes Amendment of.

1 UK Link Security Policy Review January UK Link Security Policy UK Link Security Policy requires review –Administrative changes Amendment of.
Validation Working Group: Proposed Revisions to 3.2.2.4.

Validation Working Group: Proposed Revisions to
Gilda certificates. Certification Authority https://gilda-security.ct.infn.it/CA/

Gilda certificates. Certification Authority

Similar presentations

Ads by Google