Presentation is loading. Please wait.

Presentation is loading. Please wait.

December 13, 2000 Robert Moskowitz

Similar presentations


Presentation on theme: "December 13, 2000 Robert Moskowitz"— Presentation transcript:

1 December 13, 2000 Robert Moskowitz rgm@icsa.net
CMP Interop Project December 13, 2000 Robert Moskowitz A Division of TruSecure Corporation

2 CMP Interop Goals Establish the baseline of mandatory CMP functions
Done! Establish the optional, but important CMP functions Expose any deficiencies or difficulties with the specification and provide needed feedback to the IETF on recommended changes to the specification Done! (we think :)

3 Variables in CMP Interop
DSA and RSA algorithms in certificate templates and for use in PKI Protection and POP (Proof of Possession) digitalSignature and dataEncipherment in keyUsage separately and together in certificates PKI Protection and POP CMP Transport Method TCP direct (port 829) and HTTP

4 Variables CMP Interop cont.
CMP Transactions ir, cr, rr, kur, and ccr (CA implementations only) ir with one or two certificate requests Transaction sequence Req/rep (ImplicitConfirm) Req/err (bad request) Req/rep/certconf/pkiconf Req/rep/err/pkiconf (bad certificate) Req/rep/certconf/err (bad confirmation) PKI Protection MAC (shared secret for ir) SIG (using a signing cert.)

5 Variables CMP Interop cont.
Over 80 testing combinations! Not all need be supported by all vendors All need to be supported by some vendors Or specification changed Yes CMP can be as complex as you wish But it does not have to be so for all implementations!

6 Active Interop Participants
Baltimore Certicom (Trustpoint) Cylink Cryplib (open source) Entegrity Entrust IBM TC Trustcenter RSA Research SSH Sun (Java) Now inactive ICSA Labs is coordinating/running Interop efforts

7 Lessons Learned CA policy has a major impact on EE use of CMP
Need to collect basic policy items A few areas in specs are unclear Need list ‘lore’ to implement Believe we picked these up in latest draft Changes to Internet Drafts published

8 Conclusions CMP Interop WAS achieved this year
EE to CA, not CA to CA, or EE to RA to CA Later 2 do not add any mandatory testing draft-ietf-pkix-rfc2510bis-02.txt ready to move to draft standard and draft-ietf-pkix-rfc2511bis-00.txt

9 Pending Work Items Next year to finish up Interop
CMP Transport polling draft-ietf-pkix-cmp-transport-protocols-03.txt QC 'protection' of transactions 2510bis-02 appendix C7 More participation needed


Download ppt "December 13, 2000 Robert Moskowitz"

Similar presentations


Ads by Google