Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000.

Published byChristian Strickland Modified over 9 years ago

Similar presentations

Presentation on theme: "IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000."— Presentation transcript:

1 IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000

2 2 Outlines  Interoperability at the EU side  Private Key Storage (software, hardware, etc)  Certificate Management (expiration, renewal, revocation, etc)  Products Limitations (web, mail, etc)  Interoperability at the CA side  Accreditation Schemes (EESSI vs...)  Products Compliance & Interoperability (RA, CA, etc)  Common Trust Levels (Cross-certification, etc)

3 3 Interoperability at the EU side  Interoperability at the EU side  Private Key Storage (software, hardware, etc)  Certificate Management (expiration, renewal, revocation, etc)  Products Limitations (web, mail, etc)  Interoperability at the CA side  Accreditation Schemes (EESSI vs...)  Products Compliance & Interoperability (RA, CA, etc)  Common Trust Levels (Cross-certification, etc)

4 4 Private Key Storage  Software (Disk)  Various Certificate Store (Microsoft, Netscape, Opera, etc...)  Key protection (pin code, token, etc...)  PC lost? / upgraded? (backup, import/export, etc...)  Hardware (SmartCard)  Key-pair generation  Reader Installation & Costs  Compatibility (ship + OS + Data)

5 5 Certificate Management  Certificate Lifecycle (history)  Certificate History (Expiration/Renewal)  Certificate Revocation (Status Checking)  Key Usage (key protection)  One certificate for every key usage  Multiple certificates (Encryption, Authentication, Non- Repudiation, etc)  Certificate Usage (public vs private)  One certificate (ID-card) for every application/domain  Multiple certificates (one for each application/domain)

6 6 Products Limitations  Certificate Chaining  Deliver the complete chain  No cross-certification support  Certificate Extensions  Basic Constraints (the only one supported)  Naming Constraints (not supported)  Policy Constraints & Mappings (not supported)  Certificate Status  CRLs (no check)  OCSP (not yet available)

7 7 Interoperability at the CA side  Interoperability at the EU side  Private Key Storage (software, hardware, etc)  Certificate Management (expiration, renewal, revocation, etc)  Products Limitations (web, mail, etc)  Interoperability at the CA side  Accreditation Schemes (EESSI vs...)  Products Compliance & Interoperability (RA, CA, etc)  Common Trust Levels (Cross-certification, etc)

8 8 Accreditation Schemes  Step1: EC Directive adoption  A common framework for electronic signature... defines: Electronic Signature Qualified Certificate TTP requirements  Step2: Local Laws adaptation  Germany (BSI)  UK (T-Scheme)  France (MEFI)  Netherlands (TTP.NL)  Etc...  Step3: EESSI  Standards... but very complex (and not accepted yet)  A lawyers and lobbying world

9 9 Products Interoperability  Component Interoperability  Ability to mix and match PKI products  Depends on messages exchanged between components to support: Certificate request Certificate renewal Certificate revocation  Enterprise Interoperability  Ability to connect PKI s into a larger P functional PKI  Cross-certification  Repositories/Directories

10 10 Common Trust Levels  Hierarchical Model  Root Signing (a signle hierarchy of certificates)  Proprietary accreditation rules  Not flexible and irrealistic  Non-hierarchical Model  Cross-certification (multiple hierarchies of certificates)  Opened cross-certification rules  Very flexible but irrealistic  Meshed Model  CA bridge (multiple hierarchies per business domain)  Opened bridging rules  Very flexible but need for an independant organization (EC?)

Download ppt "IDA Security Experts Workshop Olivier LIBON Vice President – GlobalSign November 2000."

Similar presentations

© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC
Planning a Public Key Infrastructure

Planning a Public Key Infrastructure
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
PKI -An Industry Perspective Lisa Pretty Executive Director.

PKI -An Industry Perspective Lisa Pretty Executive Director.
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation 23-25 May 2012, Kish Island, I.R.IRAN.

1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl

HEPKI-TAG Activities January 2002 CSG Meeting Jim Jokl
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Administration Using EJBCA and OpenCA

PKI Administration Using EJBCA and OpenCA
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Similar presentations

Ads by Google