Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMU and DANE Jim Schaad August Cellars. EMU TLS Issues Trust Anchor Matching PKIX cert to EMU Server Name Certificate Revocation Checking – CRLs – OCSP.

Published byBlake Harvey Modified over 9 years ago

Similar presentations

Presentation on theme: "EMU and DANE Jim Schaad August Cellars. EMU TLS Issues Trust Anchor Matching PKIX cert to EMU Server Name Certificate Revocation Checking – CRLs – OCSP."— Presentation transcript:

1 EMU and DANE Jim Schaad August Cellars

2 EMU TLS Issues Trust Anchor Matching PKIX cert to EMU Server Name Certificate Revocation Checking – CRLs – OCSP

3 DANE Review Use DNS as alternative or secondary trust framework New Records for cert/public key information – Naming: _._. – Matching: Trust Anchor (Root) CA EE

4 DANE Stapling Addresses Trust Anchor Issue Addresses matching Certificate Name Create a new _teap._emu. DNS record set Use existing TLSA records Build list of DNSSEC records and pass in TLS extension If necessary – new record for name matching

5 OCSP Stapling Addresses certificate chain validation Pass OCSP responses in TLS extension Need to establish trust in OCSP responder – Maybe fix with DANE record – Maybe fix by returning CRLs – Maybe fix by making the Trust Anchor the OCSP responder

6 Work List Need DANE naming convention done in EMU Need DANE stapling TLS extension – Probably done in DANE Need OCSP stapling TLS extension done in TLS – Draft-pettersen-tls-ext-multiple-ocsp-03.txt

7 Questions?

Download ppt "EMU and DANE Jim Schaad August Cellars. EMU TLS Issues Trust Anchor Matching PKIX cert to EMU Server Name Certificate Revocation Checking – CRLs – OCSP."

Similar presentations

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
+1 (801) 877-2100 Everything in PKI but the Kitchen Sink (in 30 minutes or less) Jeremy Rowley.

+1 (801) Everything in PKI but the Kitchen Sink (in 30 minutes or less) Jeremy Rowley.
Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?

Certificate Revocation Serge Egelman. Introduction What is revocation? Why do we need it? What is currently being done?
Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn
Dane?. Enough said? No? The Longer Version… https://www.flickr.com/photos/hyper7/7287993694.

Dane?. Enough said? No? The Longer Version…
CRL Processing Rules Santosh Chokhani November 2004.

CRL Processing Rules Santosh Chokhani November 2004.
COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.

COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Assuring e-Trust always www.certiver.com 1 Guaranteeing Electronic Trust at all times.

Assuring e-Trust always 1 Guaranteeing Electronic Trust at all times.
CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.
2/29/2004Profile-04 open issues draft-ietf-ipsec-pki-profile-04.txt (Potentially) Open Issues Gregory M Lebovitz

2/29/2004Profile-04 open issues draft-ietf-ipsec-pki-profile-04.txt (Potentially) Open Issues Gregory M Lebovitz
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukPKI1 Public Key Infrastructures CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements Presented by: Zhengyang Qu.

SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements Presented by: Zhengyang Qu.

Similar presentations

Ads by Google