SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
SlideShare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Successfully reported this slideshow.
Activate your 14 day free trial to unlock unlimited reading.
5.
PKI Trust Models
The fundamental purpose of PKI is to represent
the trust relationship between participating
parties.
The verifier verifies the chain of trust.
Four models exist:
• Subordinate Hierarchy
• Cross Certified Mesh
• Bridge CA
• Trusted List
6.
Subordinate Hierarchy
• Two or more CAs in a hierarchical relationship
• Good for single enterprise applications
• Hard to implement between enterprises
7.
Cross Certified Mesh
• Each internal CA signs the other PKI’s public verification keys
• Good for dynamically changing enterprise PKI applications
• Scalability is a major issue. Need to support n(n-1) cross certifications
8.
Bridge CA
• Only the Root CAs participate in the cross certification
• Solves the issues with the mesh model
9.
Trusted List
• Uses a set of publicly trusted root
certificates
• Ex: Internet Browsers
10.
Traditional CRLs
Relying party checks the certificate against the latest published
CRLs
Disadvantage:
Long CRLs and the number the users directly proportional to the
performance of the network.
12.
OCSP
Online Certificate Status Protocol
• Client – Server model
• Client requests status of a certificate
• Server sends a signed response back
• Advantages
• Very small request and response
• Disadvantages
• All responses need to be signed increasing the load on the server
• Clients must be online/connected to check the status
13.
SSLAuditor3 Preview
Report generation code needs few fixes
14.
Next Presentations
PKI Applications
SSL
S/MIME
PGP
IKE
SSLAuditor3 demo
PKI Architecture Weakness / Audit
Architecture Weaknesses
Auditing
Mitigation Procedure
Best Practices
15.
UK Offices
Manchester - Head Office
Cheltenham
Edinburgh
Leatherhead
London
Thame
North American Offices
San Francisco
Atlanta
New York
Seattle
Australian Offices
Sydney
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland