Download Computer and Network Security Group

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Lag wikipedia , lookup

Transport Layer Security wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
EuroPKI
Antonio Lioy
< lioy @ polito.it >
Politecnico di Torino
Dip. Automatica e Informatica
The Copernican revolution
secure
Web
secure
e-mail
secure
remote
access
secure
VPN
secure
boot
X.509
certificate
secure
DNS
Win2000
security
no viruses
& Trojan horses
secure
routing
IP
security
Background

ICE-TEL project (1997-1998)
ICE-CAR project (1999-2000)
various national projects (1996-2000)

since January 1, 2000: EuroPKI


EuroPKI
EuroPKI
Norway
EuroPKI
Slovenia
EuroPKI TLCA
EuroPKI
Italy
people
servers
Politecnico di
Torino CA
EETIC CA
City of
Rome CA
Current status

root +
 AT (IAIK)
 IE (TCD)
 IT (POLITO)




NO will retire on Dec 31, 2000
SI (IJS)


Italian tree, with 4 City Halls
integration with the Italian identity chip-card
Slovenian tree
UK (UCL)
EuroPKI services

certification
revocation
publication
data validation

competence centre



Certification

X.509v3 certificates

global CP (Certification Policy)

local CPS (Certification Practice Statement)
Certification policy


current draft:
 28 pages
 based on RFC-2527 (with extensions)
basic idea:
 be as little restrictive as possible to allow
anybody to join ...
 ... while retaining a level of security
useful for practical applications
CP requirements

personal identification of the subject

secure management of the CA

periodic publication of CRL
Applications supported





Web:
 SSL/TLS
 signed applets
SSL-based applications:
 telnet, FTP, SMTP, POP, IMAP, ...
e-mail:
 S/MIME
IPsec (via SCEP)
DNS (?)
Publication

certificates and CRLs

Web servers:
 for humans

directory server:
 for applications
 LDAP (local) directories
 X.500 (global) directory
 X.521 schema
Revocation

CRL (Certificate Revocation List)
 cumulative list of revoked certificates
 issued periodically
 updated as needed

OCSP (On-Line Certificate Status
Protocol):
 “is this cert valid now?”
 unknown, valid, invalid
Time-stamping




proof of data existence at a given date
IETF-PKIX-TSP-draft-12
TSP server (Win32, Unix)
TSP client (GUI for Win32, shell for Unix)
TSP server
Attribute certificate
where should
I put additional
infos related
to a certificate?
inside the certificate, in order
to keep all data together
in a directory, or
in an attribute certificate
(draft-ietf-pkix-ac509prof)
Next steps

GARR PKI

European digital signature law

CDSA

automatic policy negotiation
Future

I have a dream ...

... a pan-european
open and public PKI
to enable network security
EuroPKI?
Related documents
Slides - TERENA Networking Conference 2001
Slides - TERENA Networking Conference 2001
Association for Molecular Pathology Certificate of
Association for Molecular Pathology Certificate of
Webinar - Association for Molecular Pathology
Webinar - Association for Molecular Pathology
Networking Support Certificate C25340B
Networking Support Certificate C25340B
Association for Molecular Pathology Certificate of Attendance
Association for Molecular Pathology Certificate of Attendance
Social Media Marketing Certificate
Social Media Marketing Certificate
Natural Resource Conservation and Management
Natural Resource Conservation and Management
Natural Language Processing Graduate Level Academic Credit
Natural Language Processing Graduate Level Academic Credit
Upon successful completion of this course, students will be eligible
Upon successful completion of this course, students will be eligible
Associate of Science in Computer Information Technology Program
Associate of Science in Computer Information Technology Program
Word version - Byron Shire Council
Word version - Byron Shire Council
MEDICAL DEVICES SECTOR
MEDICAL DEVICES SECTOR