Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST Path Validation Protection Profiles

Published byKory Brown Modified over 6 years ago

Similar presentations

Presentation on theme: "NIST Path Validation Protection Profiles"— Presentation transcript:

1 NIST Path Validation Protection Profiles
November 10, 2003 Tim Polk

2 Ancient History In 2001, NIST/NSA/Cygnacom/DigitalNet established a test suite for basic path processing “Conformance Testing of Relying Party Client Certificate Path Processing Logic” Technical success Marketing failure

3 Current Efforts NIST/NSA/DigitalNet (and others?) collaborated on a comprehensive test suite for path processing Covers all fields and extensions used in Section 6 of RFC 3280 Goal 1 – support progression of 3280 Goal 2 – to encourage support for path validation in COTS products

4 PKITS Test Suite Another Technical Success
224 objective tests (many with subtests) in 16 functional areas self-issued certificates Delta CRLs Policy mapping Name constraints Etc., etc.

5 Where’s the Carrot? Or, How can I: Hypothesis:
Encourage vendors to use the tests? Educate consumers to ask for tested products? Hypothesis: Third party testing/certification provides Vendors a certificate they can use in marketing Consumers with something to ask for… Result should be better products

6 NIST Strategy Leverage the PKITS test suite, the Common Criteria testing labs (e.g., NIAP) to obtain independent test results with a family of protection profiles Conformance testing only 2 key functional groupings optional functional groups for CRL processing

7 Functional Groupings Enterprise PKI Bridge-Enabled Delta CRLs
Indirect CRLs DSA

8 Enterprise PKI Base certificate fields and the following certificate extensions: Key usage Basic constraints Certificate policies (not anyPolicy) requireExplicitPolicy in policy constraints CRLS segmented by name CRLs segmented by certificate type (e.g., CA certificates)

9 Bridge-Enabled Policy mapping Name constraints Distribution Points
Any Policy

10 Schedule Protection Profiles have been submitted for validation
Hopefully, the profiles will be validated and ready for use by early December

11 For More Information http://csrc.nist.gov/pki/testing/x509paths.html
(tests) (protection profiles)

Download ppt "NIST Path Validation Protection Profiles"

Similar presentations

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.

PKI Strategy PKI Requirements Standard –Based on e-MARC or other Certificate Policy Statements –Specify key aspects that must be met by CA Cert format.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Federal PKI Architecture Update

Federal PKI Architecture Update
Robert D. Walla, Larry A. Hacker, Ph.D. Astrix Technology Group 1090 King Georges Post Rd Edison, NJ 08837 LIMS Selection In A Forensic Toxicology Laboratory.

Robert D. Walla, Larry A. Hacker, Ph.D. Astrix Technology Group 1090 King Georges Post Rd Edison, NJ LIMS Selection In A Forensic Toxicology Laboratory.
1 © Cooley Godward 2001 PKI A SSESSMENT The process of evaluating, verifying, and certifying your PKI Presented by: Randy V. Sabett Vanguard Enterprise.

1 © Cooley Godward 2001 PKI A SSESSMENT The process of evaluating, verifying, and certifying your PKI Presented by: Randy V. Sabett Vanguard Enterprise.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.

Fed/Ed PKI 2008, June Subject Unique Identifier or Equivalent William A. Weems & Mark B. Jones Academic Technology U. Texas Health Science Center at Houston.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Proposed Establishment of Certification Programs for Health Information Technology Notice of Proposed Rulemaking HIT Standards Committee Presentation.

Proposed Establishment of Certification Programs for Health Information Technology Notice of Proposed Rulemaking HIT Standards Committee Presentation.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
The U.S. Federal PKI and the Federal Bridge Certification Authority

The U.S. Federal PKI and the Federal Bridge Certification Authority
1 Memorandum for multi-domain PKI interoperability multidomain-pki-00.txt

1 Memorandum for multi-domain PKI interoperability multidomain-pki-00.txt
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

Similar presentations

Ads by Google