Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stroeder.COM TF-LSD Meeting 2001-10-29 - 1 - S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion.

Published byBonnie Flynn Modified over 9 years ago

Similar presentations

Presentation on theme: "Stroeder.COM TF-LSD Meeting 2001-10-29 - 1 - S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion."— Presentation transcript:

1 Stroeder.COM TF-LSD Meeting 2001-10-29 - 1 - S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion

2 Stroeder.COM TF-LSD Meeting 2001-10-29 - 2 - Situation Today LDAP directories accepted as PKIX repository but...  no globally working directory infrastructure 1 LDAP hidden behind organizational boundaries  different ways for storing certificates in directory 1 E-Mail certificates are usually distributed via S/MIME (in-band) or HTTP (out-of-band) 1 no easy-to-use standard way for search & retrieval

3 Stroeder.COM TF-LSD Meeting 2001-10-29 - 3 - Situation Today

4 Stroeder.COM TF-LSD Meeting 2001-10-29 - 4 - S/MIME Cert Collector

5 Stroeder.COM TF-LSD Meeting 2001-10-29 - 5 - Dealing With Local Directories Accept existence of organizational directories as is:  Local naming conventions 1 Naming transformation subject DN to LDAP DN 1 Plug-ins  Access control (administration and firewalls) 1 use widely accepted transport protocol crossing org. boundaries 1 SMTP  Storage schemes (often depending on PKI products) 1 Plug-ins

6 Stroeder.COM TF-LSD Meeting 2001-10-29 - 6 - Why S/MIME e-mails?  SMTP is widely deployed protocol and crosses organizational boundaries like firewalls easily  S/MIME implemented in commonly deployed MUAs  Signed S/MIME e-mails contain sender's certificate (if configured)  Sender "publishes" his/her certificate by sending signed e-mail to certain e-mail address

7 Stroeder.COM TF-LSD Meeting 2001-10-29 - 7 - Privacy  Adding his/her certificate has to be intention of user  User himself/herself publishes by sending e-mail to a certain address  Signature has to be validated, maybe From: header in the signed body  Privacy requirements have to be met by organizational directory

8 Stroeder.COM TF-LSD Meeting 2001-10-29 - 8 - Access Control  Possibly data is reviewed by local directory administrator before being added  Signature has to be validated against trusted root certificate  Access control within organizational directory is subject of directory's configuration

9 Stroeder.COM TF-LSD Meeting 2001-10-29 - 9 - Directory Access  Directly write to LDAP directory  Add new entries if necessary  Modify existing entries (e.g. search by e-mail address)  Write data for review and bulk upload (LDIF, DSML)  Write replication log  How's data removed?

10 Stroeder.COM TF-LSD Meeting 2001-10-29 - 10 - What it is, what it is not It is a  practical solution for a common problem  a flexible tool It's not a  complete replacement for a global directory infrastructure  mail2ldap gateway  coffee machine

11 Stroeder.COM TF-LSD Meeting 2001-10-29 - 11 - Discussion  User acceptance?  Required features?  Security aspects?  Privacy aspects?

Download ppt "Stroeder.COM TF-LSD Meeting 2001-10-29 - 1 - S/MIME Certificate Collector  Motivation  Proposed Solution  Discussion."

Similar presentations

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Sonnenglanz Consulting BV 28 September 20101 CPA Management Idea’s for large-scale deployments E.J. Van Nigtevecht Sonnenglanz Consulting BV.

Sonnenglanz Consulting BV 28 September CPA Management Idea’s for large-scale deployments E.J. Van Nigtevecht Sonnenglanz Consulting BV.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.
Internet Messaging in 60 Minutes Terry Gray -University of Washington Policy Issues Mission Critical Messaging Goals Relevant Standards Standards Update.

Internet Messaging in 60 Minutes Terry Gray -University of Washington Policy Issues Mission Critical Messaging Goals Relevant Standards Standards Update.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet.

Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
14 May 2002© 2000-02 TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
TechEd 2013 4/20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;

VDA Security Services Freeware Libraries Update IETF S/MIME WG 29 March 2000 John Pawling J.G. Van Dyke & Associates (VDA), Inc;
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google