Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificate revocation list https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html.

Published byPrudence Violet Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "Certificate revocation list https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html."— Presentation transcript:

1 certificate revocation list https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

2 strongSwan - Overview 1 It supports certificate revocation lists and the Online Certificate Status Protocol (OCSP) https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

3 Digital signature - Non-repudiation 1 checking a "Certificate Revocation List" or via the "Online Certificate Status Protocol" https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

4 Verisign - 2001 Code Signing Certificate Mistake 1 Because Verisign code-signing certificates do not specify a Certificate Revocation List Distribution Point however, there was no way for them to be automatically detected as having been revoked, placing Microsoft's customers at risk https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

5 Pretty Good Privacy - Certificates 1 PGP versions have always included a way to cancel ('revoke') identity certificates. A lost or compromised private key will require this if communication security is to be retained by that user. This is, more or less, equivalent to the certificate revocation lists of centralised PKI schemes. Recent PGP versions have also supported certificate expiration dates. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

6 X.509 1 In cryptography, 'X.509' is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

7 X.509 - History and usage 1 In fact, the term X.509 certificate usually refers to the IETF's PKIX Certificate and Certificate revocation list|CRL Profile of the X.509 v3 certificate standard, as specified in RFC 5280, commonly referred to as PKIX for 'Public Key Infrastructure (X.509'). https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

8 X.509 - Certificates 1 X.509 also includes standards for certificate revocation list (CRL) implementations, an often neglected aspect of PKI systems. The IETF- approved way of checking a certificate's validity is the Online Certificate Status Protocol (OCSP). Firefox 3 enables OCSP checking by default along with versions of Windows including Vista and later. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

9 X.509 - Architectural weaknesses 1 * Use of blacklisting invalid certificates (using Certificate revocation list|CRLs and Online Certificate Status Protocol|OCSP) instead of whitelisting, https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

10 X.509 - PKI standards for X.509 1 * Online Certificate Status Protocol (OCSP) / Certificate Revocation List (CRL) - this is for validating proof of identity https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

11 Certificate authority - Authority revocation lists 1 An authority revocation list (ARL) is a form of certificate revocation list|CRL containing certificates issued to certificate authorities, contrary to CRLs which contain revoked end-entity certificates. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

12 Revocation list 1 In the operation of some cryptosystems, usually public key infrastructures (PKIs), a 'certificate revocation list (CRL)' is a list of identity certificate|certificates (or more specifically, a list of serial numbers for certificates) that have been revoked, and therefore, entities presenting those (revoked) certificates should no longer be trusted. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

13 Online Certificate Status Protocol 1 It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI) https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

14 Online Certificate Status Protocol - Comparison to CRLs 1 * Since an OCSP response contains less information than a typical CRL (certificate revocation list), OCSP can use networks and client resources more efficiently. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

15 Digital signing - Non-repudiation 1 checking a Certificate Revocation List or via the Online Certificate Status Protocol https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

16 Entrust - History 1 Prior to it becoming a private-equity company Entrust was included on the Russell 3000 Index in July 2008. In July 2007, Entrust contributed PKI technology to the open- source community through Sun Microsystems| Sun Microsystems, Inc. and the Mozilla Foundation. Specifically, Entrust supplied certificate revocation list distribution points (CRL-DP), Patent 5,699,431, to Sun under a royalty-free license for incorporation of that capability into the Mozilla open-source libraries. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

17 Certificate server - X.509 Description 1 The Internet Engineering Task Force RFC 2459, entitled Internet X.509 Public Key Infrastructure Certificate and CRL Profile, describes the protocols for the X.509|X.509 v3 certificate and Certificate revocation list|X.509 v2 Certificate revocation list as a part of the Internet PKI https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

18 Certificate server - Implementation using Apache + mod_ssl 1 Mod_ssl features support for Secure Sockets Layer|SSLv2, Secure Sockets Layer|SSLv3, and Transport Layer Security|TLSv1, with X.509 client/server based authentication and Certificate revocation list|certificate revocation https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

19 Security and safety features new to Windows Vista - Cryptography 1 Revocation improvements include native support for the Online Certificate Status Protocol (OCSP) providing real-time certificate validity checking, Certificate revocation list|CRL prefetching and CAPI2 Diagnostics https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

20 CAdES (computing) - Description 1 * RFC 3280 Internet X.509 Public Key Infrastructure (PKIX) Certificate and Certificate Revocation List (CRL) Profile https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

21 List of cryptographic key types 1 * 'revoked key' - a public key that should no longer be used, typically because its owner is no longer in the role for which it was issued or because it may have been compromised. Such keys are placed on a certificate revocation list or 'CRL'. https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

22 DigiNotar - Issuance of fraudulent certificates 1 Opera (browser)|Opera always checks the certificate revocation list of the certificate's issuer and so they initially stated they did not need a security update https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

23 OCSP stapling - Motivation 1 OCSP has several advantages over older Certificate Revocation List (CRL)-based certificate revocation-checking approaches https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

24 Cryptlib - Features 1 cryptlib provides other capabilities including full X.509/PKIX certificate handling (all X.509 versions from X.509v1 to X.509v4) with support for Secure Electronic Transaction|SET, AuthentiCode|Microsoft AuthentiCode, Identrus, SigG, S/MIME, SSL, and Qualified certificates, PKCS #7 certificate chains, handling of certification requests and CRLs (certificate revocation lists) including automated checking of certificates against CRLs and online checking using RTCS and OCSP, and issuing and revoking certificates using CMP and SCEP https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html

25 For More Information, Visit: https://store.theartofservice.co m/the-certificate-revocation- list-toolkit.html https://store.theartofservice.co m/the-certificate-revocation- list-toolkit.html The Art of Service https://store.theartofservice.com

Download ppt "Certificate revocation list https://store.theartofservice.com/the-certificate-revocation-list-toolkit.html."

Similar presentations

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.

Slide 1 Many slides from Vitaly Shmatikov, UT Austin Public-Key Infrastructure CNS F2006.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 11: Active Directory Certificate Services

Chapter 11: Active Directory Certificate Services
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.

CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Similar presentations

Ads by Google