Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMP Presentation Stephen Farrell Baltimore Technologies.

Published byHoward Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "CMP Presentation Stephen Farrell Baltimore Technologies."— Presentation transcript:

1 CMP Presentation Stephen Farrell Baltimore Technologies

2 Outline u Provide historical perspective u Highlight major features of the protocol u Provide a status update and expected future direction u Thanks to: –Steve Lloyd and Carlisle Adams who prepared the initial version of these slides

3 Historical Perspective u Discussed within IETF PKIX working group since early 1996 u RFC 2510 (March 1999), update in draft stage u Editors: –Carlisle Adams (Entrust Technologies) –Stephen Farrell (Baltimore Technologies) u Reflects all aspects of comprehensive certificate/key life cycle management u Based on earlier experience with EU SESAME Project and Nortel’s (later Entrust’s) SEP u Major CMC/CMP kefuffle -> CRMF (RFC2511)

4 Certificate/Key Life Cycle Management u Key pair generation u Certificate creation u Key pair distribution to end-entity as required u Encryption/decryption key pair backup u Encryption/decryption key pair recovery u Key update/renewal u Certificate revocation u Certificate and revocation information retrieval u Cross-certification u CA Key rollover u Certificate/key archival

5 Noteworthy Features/Options u Accommodates multiple PKI-component variations (i.e., CA-CA, CA-RA, EE-CA, EE-RA, even EE-RA-RA-CA!) u Supports both hierarchical and networked trust models u Supports explicit POP when signing keys not available u Supports secure, in-band installation of PKI trust anchor u Supports generic message structure to convey additional operational aspects/information u Supports two-way, three-way and four-way protocol exchanges u RFC2511 (CRMF) common to CMC & CMP

6 What about Interoperability? u As with any feature rich, flexible protocol, functional subsets are expected to be defined u Minimum interoperability profiles already specified (CMP Appendix B) –CA-TALK list (ICSA driven interop) has been working through this set of operations –Now a PKI Forum activity u Other profiles expected to be defined based on target domain requirements

7 CMP 2000 (Version 2) –draft-ietf-pkix-rfc2510bis-00.txt –Nearing completion (“speak now or…”) –Main differences from RFC2510: text is clarified based on experience with CMP interoperability trials and mail list feedback confirmation for selected certificates added additional acknowledgement message from CA to EE has been added to trigger EE operation (when req’d) transport-specific issues removed (due to re-use elsewhere, e.g. TSP, LAAP,…) POP simplified

8 Conclusions u A widening range of PKI vendors are now involved with implementations u CMP supports all facets of comprehensive certificate/key life cycle management u CMP offers maximum flexibility to accommodate different requirements u Transport aspects being re-used elsewhere u Subsets of CMP can be implemented as required (e.g. TSP use of transports/headers)

9 www.PKIForum.org

Download ppt "CMP Presentation Stephen Farrell Baltimore Technologies."

Similar presentations

Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Dynamic Symmetric Key Provisioning Protocol (DSKPP)
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al.

PKIF TWG Report 29 June 2000 Mark Davis Andrew Nash et al.
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.

13 Sept 00 Token Interoperability and Portability Project status report John Hughes Montreal - 14 September 00.
Understanding Active Directory

Understanding Active Directory
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.

Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.
Security Management.

Security Management.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Key Management in Cryptography

Key Management in Cryptography

Similar presentations

Ads by Google