Pki 202 Architechture Models and CRLs

Post on 22-Nov-2014

582 views 4 download

Preview:

Click to see full reader
Report this document
SHARE

description

 

Transcript of Pki 202 Architechture Models and CRLs

PKI 202 – Architecture Models and CRLs Aman Hardikar

Agenda

• Architecture Models

• Subordinate

• Cross certified mesh

• Bridge

• Trusted list

• Revocation

• CRL

• OCSP

Overview

Available at www.amanhardikar.com/mindmaps.html

Mindmap:

Topics Today

PKI Trust Models

The fundamental purpose of PKI is to represent

the trust relationship between participating

parties.

The verifier verifies the chain of trust.

Four models exist:

• Subordinate Hierarchy

• Cross Certified Mesh

• Bridge CA

• Trusted List

Subordinate Hierarchy

• Two or more CAs in a hierarchical relationship

• Good for single enterprise applications

• Hard to implement between enterprises

Cross Certified Mesh

• Each internal CA signs the other PKI’s public verification keys

• Good for dynamically changing enterprise PKI applications

• Scalability is a major issue. Need to support n(n-1) cross certifications

Bridge CA

• Only the Root CAs participate in the cross certification

• Solves the issues with the mesh model

Trusted List

• Uses a set of publicly trusted root

certificates

• Ex: Internet Browsers

Traditional CRLs

Relying party checks the certificate against the latest published

CRLs

Disadvantage:

Long CRLs and the number the users directly proportional to the

performance of the network.

Modified CRLs

• Overissued CRLs

• Segmented CRLs

• Delta CRLs

• Sliding window (overissued delta) CRLs

OCSP

Online Certificate Status Protocol

• Client – Server model

• Client requests status of a certificate

• Server sends a signed response back

• Advantages

• Very small request and response

• Disadvantages

• All responses need to be signed increasing the load on the server

• Clients must be online/connected to check the status

SSLAuditor3 Preview

Report generation code needs few fixes

Next Presentations

PKI Applications

SSL

S/MIME

PGP

IKE

SSLAuditor3 demo

PKI Architecture Weakness / Audit

Architecture Weaknesses

Auditing

Mitigation Procedure

Best Practices

UK Offices

Manchester - Head Office

Cheltenham

Edinburgh

Leatherhead

London

Thame

North American Offices

San Francisco

Atlanta

New York

Seattle

Australian Offices

Sydney

European Offices

Amsterdam - Netherlands

Munich – Germany

Zurich - Switzerland

Top related

Philippine Churches Architechture
 Spiritual
Art, Architechture & Photography
 Documents
Zope component architechture
 Technology
computer architechture
 Documents
New SpyLOG architechture (Highload 2008)
 Technology
soc architechture uzair
 Documents
internet multimedia architechture
 Documents
Friends of CRLS honorees on Scholarships and Awards Nightfocrls.org/wp-content/uploads/2015/01/FOCRLS_AnnualReport_FY2014.pdf · Friends of CRLS honorees on Scholarships and Awards
 Documents
JVM Internal Architechture
 Education
Computer Architechture & Organization Ch-1
 Documents
ARCHITECHTURE (4)
 Documents
Fusion Enterprise Architechture Overview
 Documents
Breaking the Monorail: Payments & Service Oriented Architechture
 Technology
basic elements of landscape architechture
 Education
Computer Systems Architechture
 Documents
M Arch Architechture
 Documents
CRLS Summer Reading 2014 - Cambridge, Ma
 Documents
!2hl++2008 Restful Architechture
 Technology
Computer Architechture Questions & Solutions
 Documents
Architechture Paris Ck 16 9 7.Ppsפריז
 Art & Photos

Copyright © 2022 FDOCUMENTS