Presentation is loading. Please wait.

Presentation is loading. Please wait.

IGTF Risk Assessment Team

Published byJustus Helmuth Sternberg Modified over 6 years ago

Similar presentations

Presentation on theme: "IGTF Risk Assessment Team"— Presentation transcript:

1 IGTF Risk Assessment Team

2 Cable Severance Severance of three (out of four) undersea cables in the Mediterranean basin on December 19th, 2008. Affected retrieval of CRLs.

3 MD5 MD5 hash collisions in X.509 certificates
Risk for new certificates issued using MD5 IGTF should not have any of these… Also concern about MD5 weakness in general: CA certificates (and subordinates) CNRS subordinate using MD5 will change to SHA1 shortly CRLs Proxy certificates (Globus, VOMS, MyProxy) Globus discussed proxy certificate issue

4 (EC)DSA EE Keys OpenSSL client vulnerability
Unlikely that IGTF CAs have certified (EC)DSA keys RAT will request CAs to audit

5 Querying CAs Email Online repositories of issued certificates
Privacy issues? Certificates are public? Ex. Public phone number versus publish in phone book Restrict access to RAT members? Decided: Will not require this for now Goal: Gather information to assess the risk Must always tell CAs to modify practice in the future based on new risk/threat

6 Sanity Checking Requests
RSA Exponent < 65537 Hardware tokens (pkcs11-tool) tend to generate exponents 3 & 5 by default Known-weak (Debian OpenSSL) keys MD5 (EC)DSA Transient issue? OpenSSL will be patched. Relying parties should patch in any case!

7 IGTF RAT Risk assessment is difficult Additional members welcome!
Contact:

Download ppt "IGTF Risk Assessment Team"

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.

Ing. Ondřej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint | Smart card.
OSG Security Review Mine Altunay June 19, 2008. June 19, 2008 2 Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Blueprint Meeting Notes Feb 20, 2009. Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:

Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
OSG Security Review Mine Altunay December 4, 2008.

OSG Security Review Mine Altunay December 4, 2008.
Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.

Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.
Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.
Chapter 7: Cryptographic Systems

Chapter 7: Cryptographic Systems
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Lessons Learned from disaster recovery Jinny Chien April 20, 2009 6 th APGridPMA in Taipei.

Lessons Learned from disaster recovery Jinny Chien April 20, th APGridPMA in Taipei.

Similar presentations

Ads by Google