Presentation is loading. Please wait.

Presentation is loading. Please wait.

Allowed uses of Public Keys Jim Schaad Soaring Hawk Consulting.

Published byMorris Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Allowed uses of Public Keys Jim Schaad Soaring Hawk Consulting."— Presentation transcript:

1 Allowed uses of Public Keys Jim Schaad Soaring Hawk Consulting

2 Usage Question RSA Key is a data structure independent of how it is used –DH and DSA OAEP – PSS – PKCS v1.5 are all different usage schemes for that data Should usage restrictions be specified? How should usage be restricted?

3 Possible Answers Never restrict usage –Use rsaEncryption as public key OID Tie to the public key structure –Would do a single usage restriction –Use schema OID as public key OID Use a certificate extension –Allows for multiple usages –Parallels Key Usage Extension –Schema OID restricts key usage

4 OAEP/PSS Complications RSA-OAEP and RSA-PSS specify additional cryptographic parameters (i.e. Mask Generation Function) RSA-OAEP and RSA-PSS specify additional non-cryptographic parameters (i.e. saltLength)

5 Complications (2) Need to specify which are significant –Currently saltLength is specified as a default value Can owner specify multiple items –Can say MFG1 and not MFG1 or MFG2 Can owner make no specification –Requires use of OPTIONAL rather than default

6 Solutions Do nothing Change DEFAULT to OPTIONAL Use separate structures for signature/encryption and public key Create extension to specific this information

7 Solutions (2) Nothing –Requires text to state which items are significant for checking –Allows only a single item to be specified DEFAULT -> OPTIONAL –Those items specified MUST match –Allows only a single item to be specified

8 Solutions (3) Different structure in Public Key field –Allows each OID to specify what they want –Requires different OIDs to be specified for public key vs usage Certificate Extension –Allows for more global specifications Bulk algorithms, hash algorithms –Separates usage information from key data

9 Solutions (4) Nothing Change DEFAULT to OPTIONAL Use separate structures for signature/encryption and public key Create extension to specific this information DISCUSSION

Download ppt "Allowed uses of Public Keys Jim Schaad Soaring Hawk Consulting."

Similar presentations

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
RRSIG:“I certify that this DNS record set is correct” Problem: how to certify a negative response, i.e. that a record doesn’t exist? NSEC:“I certify that.

RRSIG:“I certify that this DNS record set is correct” Problem: how to certify a negative response, i.e. that a record doesn’t exist? NSEC:“I certify that.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Position Paper W3C Workshop Mountain View

Position Paper W3C Workshop Mountain View
Cryptography and Network Security

Cryptography and Network Security
JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.

JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.

Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
S/MIME v3.2 draft-ietf-smime-3850bis-00.txt draft-ietf-smime-3851bis-00.txt Sean Turner Blake Ramsdell.

S/MIME v3.2 draft-ietf-smime-3850bis-00.txt draft-ietf-smime-3851bis-00.txt Sean Turner Blake Ramsdell.
1 Introduction to Information Security 0368-3065, Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.

1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.
Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.
Key Management in Cryptography

Key Management in Cryptography
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.

Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.

Similar presentations

Ads by Google