Presentation is loading. Please wait.

Presentation is loading. Please wait.

December 13, 2000 Robert Moskowitz

Published byNorma Shelton Modified over 7 years ago

Similar presentations

Presentation on theme: "December 13, 2000 Robert Moskowitz"— Presentation transcript:

1 December 13, 2000 Robert Moskowitz rgm@icsa.net
CMP Interop Project December 13, 2000 Robert Moskowitz A Division of TruSecure Corporation

2 CMP Interop Goals Establish the baseline of mandatory CMP functions
Done! Establish the optional, but important CMP functions Expose any deficiencies or difficulties with the specification and provide needed feedback to the IETF on recommended changes to the specification Done! (we think :)

3 Variables in CMP Interop
DSA and RSA algorithms in certificate templates and for use in PKI Protection and POP (Proof of Possession) digitalSignature and dataEncipherment in keyUsage separately and together in certificates PKI Protection and POP CMP Transport Method TCP direct (port 829) and HTTP

4 Variables CMP Interop cont.
CMP Transactions ir, cr, rr, kur, and ccr (CA implementations only) ir with one or two certificate requests Transaction sequence Req/rep (ImplicitConfirm) Req/err (bad request) Req/rep/certconf/pkiconf Req/rep/err/pkiconf (bad certificate) Req/rep/certconf/err (bad confirmation) PKI Protection MAC (shared secret for ir) SIG (using a signing cert.)

5 Variables CMP Interop cont.
Over 80 testing combinations! Not all need be supported by all vendors All need to be supported by some vendors Or specification changed Yes CMP can be as complex as you wish But it does not have to be so for all implementations!

6 Active Interop Participants
Baltimore Certicom (Trustpoint) Cylink Cryplib (open source) Entegrity Entrust IBM TC Trustcenter RSA Research SSH Sun (Java) Now inactive ICSA Labs is coordinating/running Interop efforts

7 Lessons Learned CA policy has a major impact on EE use of CMP
Need to collect basic policy items A few areas in specs are unclear Need list ‘lore’ to implement Believe we picked these up in latest draft Changes to Internet Drafts published

8 Conclusions CMP Interop WAS achieved this year
EE to CA, not CA to CA, or EE to RA to CA Later 2 do not add any mandatory testing draft-ietf-pkix-rfc2510bis-02.txt ready to move to draft standard and draft-ietf-pkix-rfc2511bis-00.txt

9 Pending Work Items Next year to finish up Interop
CMP Transport polling draft-ietf-pkix-cmp-transport-protocols-03.txt QC 'protection' of transactions 2510bis-02 appendix C7 More participation needed

Download ppt "December 13, 2000 Robert Moskowitz"

Similar presentations

SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
PKI Forum Application Cert Interop Project David Crowe

PKI Forum Application Cert Interop Project David Crowe
PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al.

PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.

13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Chapter 8 Web Security.

Chapter 8 Web Security.
VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Similar presentations

Ads by Google