Presentation is loading. Please wait.

Presentation is loading. Please wait.

KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan

Published byMaximilian Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan"— Presentation transcript:

1 KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim (sangwan@kisti.re.kr) Jae-Hyuck Kwan (jhkwak@kisti.re.kr) 5th APGrid PMA Meeting September 16 2008 Biopolis, Singapore

2 Contents History of KISTI Grid CA Operation KISTI Grid CA Overview Statistics Future Works

3 History of KISTI Grid CA Operation K*Grid Project started from 2002 in Korea. Experimental CA System (2002 ~ June 2004) ▶ Statistics # of users (subscribers) : more than 390 users # of issued certificates : more than 3,000 certificates Production Level CA System (June 2004 ~ June 2007) ▶ Statistics # of users (subscribers) : more than 60 users # of issued certificates : more than 400 certificates Production CA v2.0 (June 2007~) ▶ Statistics # of users (subscribers) : 27 # of issued certificates : 66 certificates

4 KISTI Grid CA Overview Web Site (online certificates repository) ▶ http://ca.gridcenter.or.kr/ CA cert ▶ http://ca.gridcenter.or.kr/certs/certificates/722e5071.0 ▶ Valid : Jul 12, 2007 – Aug 1, 2017 (10 years) ▶ Key size: 2048 bits Certificate Policy & Practice Statement: ▶ http://ca.gridcenter.or.kr/cps/KISTI-CPCPS-2.0.html ▶ Based on RFC 3647 ▶ X.509 OID: 1.3.6.1.4.1.14305.1.1.1.2.0 CRL ▶ http://ca.gridcenter.or.kr/CRL/722e5071.crl ▶ X509 Version 2, CRL life time: 30 days (new CRL 7 days before expiration of the previous one)

5 KISTI Grid CA Overview Certificate Profile: X509 v3 Extensions ▶ CA certificate Basic Constraints: CA: TRUE Key Usage: critical, Certificate Sign, CRL Sign Certificate Policies: 1.3.6.1.4.1.14305.1.1.1.2.0 ▶ User certificates Basic Constraints: CA: FALSE Key Usage: critical, Digital Signature, Non Repudiation, Key Encipherment, Data Enciperment Extended Key Usage: TLS Web Client Authentication Issuser Alternative Name, CRL Distribution Point, Policies OID ▶ Host certificates Basic Constraints: CA: FALSE Key Usage: critical, Digital Signature, Key Encipherment, Data Enciperment Extended Key Usage: TLS Web Server/Client Authentication Issuser Alternative Name, CRL Distribution Point, Policies OID Subject Alternative Name: DNS:

6 KISTI Grid CA Overview Name forms ▶ Issuer: C=KR, O=KISTI, O=GRID, CN=KISTI Grid Certificate Authority ▶ User DN: C=KR, O=KISTI, O=GRID, O=[applicant's organization], CN=[the name of applicant] ▶ Host DN: C=KR, O=KISTI, O=GRID, O=[applicant's organization], CN=[FQDN of the hostname]

7 Statistics # of Applicants : 78 # of Certificates ▶ User certificates 68 valid, 4 revoked, 3 expired ▶ Host certificates 162 valid, 4 revoked, 3 expired

8 Future Works Some improvement of web system (user interfaces, design, etc..) Self-auditing of KISTI CA

9 Thank You For Your Attention

Download ppt "KISTI Grid CA Status Report Korea Institute of Science and Technology Information Sangwan Kim Jae-Hyuck Kwan"

Similar presentations

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
S/MIME Email and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.

S/MIME and PKI Dartmouth College PKI Lab. What Is S/MIME? RFC 2633 (S/MIME Version 3)RFC 2633 Extensions to MIME Uses PKI certificates, keys, and.
9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.

9/20/2000www.cren.net1 Root Key Cutting and Ceremony at MIT 11/17/99.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
KISTI Grid CA Status Report KISTI Supercomputing Center Sangwan Kim APGridPMA Meeting Mar 8, 2010 Academia Sinica, Taipei, Taiwan.

KISTI Grid CA Status Report KISTI Supercomputing Center Sangwan Kim APGridPMA Meeting Mar 8, 2010 Academia Sinica, Taipei, Taiwan.
HEPKI-TAG UPDATE Jim Jokl University of Virginia

HEPKI-TAG UPDATE Jim Jokl University of Virginia

Similar presentations

Ads by Google