public key infrastructures evolving approaches. 30-december-1998copyright(c) yale university 19981...
TRANSCRIPT
![Page 1: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/1.jpg)
Public Key InfrastructuresPublic Key Infrastructures
Evolving ApproachesEvolving Approaches
![Page 2: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/2.jpg)
30-December-1998 Copyright(c) Yale University 1998 2
Brief Sordid HistoryBrief Sordid History
X.500 Directory AuthenticationX.500 Directory Authentication– Beginnings of the X.509 StandardBeginnings of the X.509 Standard
PEM - Privacy Enhanced MailPEM - Privacy Enhanced Mail– A Vote of ConfidenceA Vote of Confidence
PGP - A Radical DeparturePGP - A Radical Departure Netscape SSL - First “real” Netscape SSL - First “real”
ApplicationApplication– Make-do ApproachMake-do Approach
![Page 3: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/3.jpg)
30-December-1998 Copyright(c) Yale University 1998 3
We Need a PKI!We Need a PKI!(so what (so what isis it exactly?) it exactly?)
An Open Purchase Order to An Open Purchase Order to Verisign?Verisign?
A Software Package Allowing for A Software Package Allowing for the Creation of Certificates?the Creation of Certificates?
A Detailed Legal Statement A Detailed Legal Statement Indemnifying the Institution Indemnifying the Institution Against Lawsuits?Against Lawsuits?
![Page 4: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/4.jpg)
30-December-1998 Copyright(c) Yale University 1998 4
Enter PKIXEnter PKIXAddressing the Sum Total Angst of the Addressing the Sum Total Angst of the
CommunityCommunity
C erti fica te & C RLProfi les
O pera tiona lProtocols
M anagem entProtocols
PolicyO utl ine
PK IXS cope
![Page 5: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/5.jpg)
30-December-1998 Copyright(c) Yale University 1998 5
Infrastructure TrendsInfrastructure Trends
Increased focus on the Local over Increased focus on the Local over the Globalthe Global– Support for more comprehensive local Support for more comprehensive local
namespacenamespace– Cross certification supportCross certification support
Certificate Policy No Longer Tied to Certificate Policy No Longer Tied to CA “ancestry”CA “ancestry”
![Page 6: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/6.jpg)
30-December-1998 Copyright(c) Yale University 1998 6
Subject Alternate NameSubject Alternate Name
rfc8 2 2 N am en ew m an -an d y@ ya le .ed u
d N S N am eotto .its .ya le .ed u
iP ad d ress1 3 0 .1 3 2 .2 1 .5 0
U R Ih ttp ://w w w .foo .b ar/d oc .h tm l
su b jec tA ltN am eseq u en ce o f
(on e o r m ore)
Provides tagged Provides tagged local namespacelocal namespace– Alternative to Alternative to
overloading DN overloading DN fieldsfields
Allows for more Allows for more common “Internet common “Internet centric” namingcentric” naming
Null DN allowed for Null DN allowed for non-CA certificatesnon-CA certificates
![Page 7: Public Key Infrastructures Evolving Approaches. 30-December-1998Copyright(c) Yale University 19981 Brief Sordid History n X.500 Directory Authentication](https://reader036.vdocuments.us/reader036/viewer/2022083006/56649f2f5503460f94c49599/html5/thumbnails/7.jpg)
30-December-1998 Copyright(c) Yale University 1998 7
Certificate PoliciesCertificate Policies
p o lic yId en tifie r
cP S u ri(o r)
u serN o tice
p o lic yQ u a lifie rsseq u en ce o f
(ze ro o r m ore )
ce rt ifica teP o lic iesseq u en ce o f
(on e o r m ore )
Provides locally Provides locally interpreted OIDinterpreted OID
Optional qualifiers Optional qualifiers provide reference to provide reference to CPS statement & CPS statement & summary textsummary text
PolicyMappings PolicyMappings extend policies to extend policies to cross certified trust cross certified trust treestrees