Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al.

Published byRose Stokes Modified over 9 years ago

Similar presentations

Presentation on theme: "PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al."— Presentation transcript:

1 PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al

2 Points of Interest u PKI Bench from Entegrity u Why we are starting at 8:30 …

3 Management Protocols u Intent to give an overview and understanding of protocols u Decision considerations u Presenters: –SCEP – Bob Moskowitz –CMP – Stephen Farrell –CMC – Michael Myers

4 Lifecycle Protocols – SCEP u Put certificates in devices without Web browsers u IETF Draft, no activity u Cisco reference implementation in progress u Q How accurate is implementation to spec? –A interoperation from spec observed

5 Lifecycle Protocols – CMP u PKIX certificate management u Comprehensive for key and lifecycle management (11 operations) u High level of flexibility (EE-RA-RA-CA!) u CRMF split out for reuse with CMC u Version 2 based on Interoperability testing results

6 Lifecycle Protocols – CMC u Reuse as much as possible of S/MIME library –Small footprint for PDAs, phones etc. u Alternative to CMP based on PKCS 7/10 using Cisco work u Uses CRMF u Other requirements: single round trip certificate requests, client side key generation u Server side generation is possible u Similar functionality between between CMC/CMP

7 Lifecycle Protocols – Panel Discussion Summary u Panel Consensus: –SCEP is tactical and targeted at routers –CMP and CMC are functionally equivalent –CMP and CMC are suitable for the same application domains –Applications may choose between CMP and CMC – PKI vendors should support both

8 Interoperability White Paper u Lead: Bob Moskowitz u Abstract Identify barriers to interoperability between PKI components. Provide a framework for future efforts to address these issues. Document issues for implementers. The initial framework will rely on the separation based on applications, components and enterprise relationships.

9 Interoperability White Paper u Authors –Bob Moskowitz, Frederik Loeckx, Francois Rousseau, John Hughes, Steve Lloyd u Work Plan Solicit Inputearly July Divide Workmid July Write Draftlate Summer Review DraftSeptember (Montreal)

10 Path Construction White Paper u Lead: Stephen Farrell u Abstract Applications that make use of public key certificates have to validate certificate paths. Before validating a certificate path, it is first necessary to construct that path. This means finding a set of certificates that appears to chain up to a trust point. This white paper describes issues that implementers of PKI technology have to face when developing certificate path construction code, for example, considering issues with different sources of certificates (LDAP, databases etc) and how to avoid "loops".

11 Path Construction White Paper u Authors: Stephen Farrell, Steve Koehler, Michael Myers, Tim Polk, Steve Lloyd u Work Plan Solicit Inputearly July Divide Workmid July Write Draftlate Summer Review DraftSeptember (Montreal)

12 LDAP White Paper u Lead: Aidan O’Brien u Abstract: Survey the problems associated with PKI interactions with LDAP and directories. Identify issues where existing standards and practices are insufficient and what partial solutions exist. Lay a foundation to assist in prioritizing future work on the use of LDAP within PKI.

13 LDAP White Paper u Authors: Aidan O’Brien, Gordon Buhle, Dave Bachmann, Nada Kapidzic Cicovic, Jean Pawluk u Work plan Solicit ParticipationJune Agree on PurposeJuly Collect issue contributionsJuly Review DraftAugust Publish White PaperSeptember

14 Working Session (1/2) u Report on Business Work Group and Technical Work Group Relationship u Application Certificates –Stay on current script approach –Need volunteer for “standard” certificates library –Data presentation – Sheet per application/PKI pair –An additional Face to Face workshop is desired, but may be difficult to schedule

15 Working Session (2/2) u Certificate Validation –IETF WG revisiting requirements and protocols –Schedule presentation by IETF contributors in Montreal u B2B Protocols –Some standardization work –Deployment may be difficult –Work required by PKIF unclear u LDAP (from CMP interop discussion) –Multiple problems –Varying definition –Address these issues as part of LDAP white paper –Follow definition of work expected

16 Montreal Topics u Review work in progress –Demonstration planning (needs input from BWG) u IETF Remote Path Processing u Review outcomes from LDAP white paper u Further B2B Application discussion

17 Lifecycle Protocols – General Discussion u Smart Card requirements and support u What Domains does each protocol address –SCEP – tactical for in devices now that don’t have browsers SCEP is routers –CMP and CMC similar domains CMC with broad input CMC may have advantage on PDA’s –In IPSEC environment, how do CMC and CMP u Suitability of CMC and CMP for store and forward POP requires multiple round trip u Automatic cross certification of debatable use May need better definition of terms (BWG is working on one) u Implementation status “VeriSign is willing to support any protocol that shows emergence in the marketplace.” Andrew Nash – “An issue of leadership.” u Is storing certificate in LDAP part of the Life Cycle Management protocol May be policy statement outside lifecycle management protocol Must be specified in some terms for implementation of EE Awareness will impact implementation PKIF TWG may want to take this on u What should a PKIF do with SCEP and CMC SCEP not do anything about SCEP Should do CMC interop, scenarios, service providers should provide both, EE select

Download ppt "PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al."

Similar presentations

2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.

2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.

S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
MPKI Interoperability I-D ChangeLog from -00 to -01 Oct 27, 2003 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -00 to -01 Oct 27, 2003 Masaki SHIMAOKA SECOM Trust.net.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Tim Polk, NIST wpolk@nist.gov PKI Overview Tim Polk, NIST wpolk@nist.gov.

Tim Polk, NIST PKI Overview Tim Polk, NIST
13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.

13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.
Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.

Interoperation Between a Conventional PKI and an ID-Based Infrastructure Geraint Price Royal Holloway University of London joint work with Chris Mitchell.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
NextGRID & OGSA Data Architectures: Example Scenarios Stephen Davey, NeSC, UK ISSGC06 Summer School, Ischia, Italy 12 th July 2006.

NextGRID & OGSA Data Architectures: Example Scenarios Stephen Davey, NeSC, UK ISSGC06 Summer School, Ischia, Italy 12 th July 2006.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Clinic Security and Policy Enforcement in Windows Server 2008.

Clinic Security and Policy Enforcement in Windows Server 2008.
The Design Discipline.

The Design Discipline.
Best Practices Working Group June 19-21, 2001 Munich, Germany.

Best Practices Working Group June 19-21, 2001 Munich, Germany.

Similar presentations

Ads by Google