Pki 202 Architechture Models and CRLs

•

Sep. 03, 2013

• •

PKI 202 – Architecture Models and CRLs
Aman Hardikar

Agenda
• Architecture Models
• Subordinate
• Cross certified mesh
• Bridge
• Trusted list
• Revocation
• CRL
• OCSP

Overview
Available at www.amanhardikar.com/mindmaps.html
Mindmap:

Next SlideShares

Upcoming SlideShare

Micro-services architecture

Micro-services architecture

Loading in …3

×

Pki 202 Architechture Models and CRLs

Sep. 03, 2013

• •

Download to read offline

Technology Education

Technology Education

More Related Content

Now What?: How to Move Forward When We're Divided (About Basically Everything) Sarah Stewart Holland

So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer

From Gutenberg to Google: The History of Our Future Tom Wheeler

SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman

Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos

The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis

No Filter: The Inside Story of Instagram Sarah Frier

Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns

Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine

Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein

Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin

Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz

Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder

The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life Mark Manson

The 7 Habits of Highly Effective People Stephen R. Covey

Decluttering at the Speed of Life: Winning Your Never-Ending Battle with Stuff Dana K. White

The unBalanced Life: 10 Principles for a More Balanced Life Pierre Quinn

Golden: The Power of Silence in a World of Noise Justin Zorn

Be the Love: Seven Ways to Unlock Your Heart and Manifest Happiness Sarah Prout

Radical Confidence: 10 No-BS Lessons on Becoming the Hero of Your Own Life Lisa Bilyeu

The Mom Friend Guide to Everyday Safety and Security: Tips from the Practical One in Your Squad Cathy Pedrayes

Plays Well with Others: The Surprising Science Behind Why Everything You Know About Relationships is (Mostly) Wrong Eric Barker

Life Lessons Harry Potter Taught Me: Discover the Magic of Friendship, Family, Courage, and Love in Your Life Jill Kolongowski

Do You Know Who I Am?: Battling Imposter Syndrome in Hollywood Jeremy Fall

Speak: Find Your Voice, Trust Your Gut, and Get From Where You Are to Where You Want To Be Tunde Oyeneyin

Courage and Crucibles: Leadership in Challenging Times Pierre Quinn

One Degree of Connection: Networking Your Network Laura Mignott

Stress and Stressors: Avoiding and Managing Stress and Burnout at Work Brandy Payne

Self-Help for the Helpless: A Beginner's Guide to Personal Development, Understanding Self-care, and Becoming Your Authentic Self Shelley Wilson

Mindset Shifts: Embracing a Life of Personal Growth Tara Omorogbe

Master of Information: Skills for Lifelong Learning and Resisting Misinformation Meredith Butts

How to Host a Viking Funeral: The Case for Burning Your Regrets, Chasing Your Crazy Ideas, and Becoming the Person You're Meant to Be Kyle Scheele

Pki 202 Architechture Models and CRLs

1. PKI 202 – Architecture Models and CRLs Aman Hardikar
2. Agenda • Architecture Models • Subordinate • Cross certified mesh • Bridge • Trusted list • Revocation • CRL • OCSP
3. Overview Available at www.amanhardikar.com/mindmaps.html Mindmap:
4. Topics Today
5. PKI Trust Models The fundamental purpose of PKI is to represent the trust relationship between participating parties. The verifier verifies the chain of trust. Four models exist: • Subordinate Hierarchy • Cross Certified Mesh • Bridge CA • Trusted List
6. Subordinate Hierarchy • Two or more CAs in a hierarchical relationship • Good for single enterprise applications • Hard to implement between enterprises
7. Cross Certified Mesh • Each internal CA signs the other PKI’s public verification keys • Good for dynamically changing enterprise PKI applications • Scalability is a major issue. Need to support n(n-1) cross certifications
8. Bridge CA • Only the Root CAs participate in the cross certification • Solves the issues with the mesh model
9. Trusted List • Uses a set of publicly trusted root certificates • Ex: Internet Browsers
10. Traditional CRLs Relying party checks the certificate against the latest published CRLs Disadvantage: Long CRLs and the number the users directly proportional to the performance of the network.
11. Modified CRLs • Overissued CRLs • Segmented CRLs • Delta CRLs • Sliding window (overissued delta) CRLs
12. OCSP Online Certificate Status Protocol • Client – Server model • Client requests status of a certificate • Server sends a signed response back • Advantages • Very small request and response • Disadvantages • All responses need to be signed increasing the load on the server • Clients must be online/connected to check the status
13. SSLAuditor3 Preview Report generation code needs few fixes
14. Next Presentations PKI Applications SSL S/MIME PGP IKE SSLAuditor3 demo PKI Architecture Weakness / Audit Architecture Weaknesses Auditing Mitigation Procedure Best Practices
15. UK Offices Manchester - Head Ofﬁce Cheltenham Edinburgh Leatherhead London Thame North American Offices San Francisco Atlanta New York Seattle Australian Offices Sydney European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland