1 / 18

Extended Validation Models in PKI

Marc Branchaud marcnarc@rsasecurity.com. John Linn jlinn@rsasecurity.com. Extended Validation Models in PKI. Alternatives and Implications. Overview. Existing PKI practices Delegated path processing Cross-domain delegated validation Implications and future directions Conclusions.

lazaro
Download Presentation

Extended Validation Models in PKI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Marc Branchaud marcnarc@rsasecurity.com John Linn jlinn@rsasecurity.com Extended Validation Modelsin PKI Alternatives and Implications

  2. Overview • Existing PKI practices • Delegated path processing • Cross-domain delegated validation • Implications and future directions • Conclusions

  3. Existing PKI Practice: CRLs • Original assumptions • Online, untrusted Directory as repository • Intermittent inter-site connectivity • Trusted authorities (CAs) kept off-line • Path discovery & validation is client-based, using data from repository and messages • Limitations include timeliness, large volumes of data to manage and transport

  4. PathOK? FindPath Certs CertOK? Path Y/N TrustedCAs Certstatus? CRLs Yes / No Y/N Policies Traditional PKI • Clients do all the work Client Repository Certificate Processing Path Discovery PKI Client Application Path Verification Status Resolution

  5. Existing PKI Practice: OCSP • OCSP is seeing widespread adoption • CAs delegate to OCSP responders that provide signed revocation information • Designed to enable migration from CRLs • Preserves client-based processing model, many semantics • Allows improved timeliness • Scope constrained to revocation status, not full validation of certificates or paths

  6. Online Certificate Status • Clients no longer have to manage status Client Repository FindPath CertificateProcessing Path Discovery Certs TrustedCAs Path CertOK? Path OK? PKI Client Application Path Verification Y/N Yes / No Status? Policies Status Resolution CRLs Good / not OCSP Server

  7. Delegated Path Discovery • Clients no longer have to discover paths Repository Client DPD Server Cert +CAs, policies Certificate Processing Path Discovery TrustedCAs Certs CertOK? PKI Client Application Path Verification Good /not Status? CRLs Yes / No Status Resolution Path + Statusevidence Policies OCSPServer OCSPreplies

  8. RealTrustedCAs RealPolicies TrustedCAs Policies Delegated Path Validation • Current DPV proposals are to offload verification too Repository Client DPV Server Certificate Processing Path Discovery Certs DPV Server Key Cert OK? PKI Client Application Path Verification Yes / No CRLs Status Resolution OCSPServer OCSPreplies

  9. Delegated Path Validation • Advantages of DPV model: • Vastly simpler client applications • Centralized domain administration • Disadvantages of DPV model: • Online  availability & security issues • Convenient monitoring point (privacy)

  10. Trust and DPV • The DPV server is the trust anchor • Easier to manage authority compromise • The DPV server is the trust dictator • Clients do not validate the server’s “correctness” • Client inputs are merely hints • Still useful for client to identify context

  11. Delegating Trust Across Domain Boundaries • DPV servers consult other domains’ services to build responses to queries • Clients rely on their DPV server to select the right sources to validate arbitrary certificates • Different DPV servers’ views may differ • Validation combines issuer domain information (certificates and status) with RP domain policies

  12. Delegated Validation Across “Trust Fronts” Issuer B control B’s DPV Issuer B CA Relying Party RP’s DPV A’s DPV Issuer A CA Relying Party control A’s OCSP Issuer A control

  13. Forms of Delegated Validation • Chained: • Client gets authoritative reply via intermediary • Intermediaries on path may be included • Referred: • Clients redirected to authoritative server • Responses may be traceable to it • Recursive: • Each server aggregates data and generates its own responses • Limited traceability

  14. DPV Implications forCross-Certificates • Domains can consider inter-domain trust relationships in formulating their DPV responses • Fine-grain activation of trust relationships • Available only for some clients • Available only in some circumstances • Like having multiple cross-certificates between domains

  15. DPV Implications for Revocation • Path construction actively involves intermediate domains • Domains can consider status in formulating their responses • No need to explicitly query for status • Status is simply another factor in the availability of certain paths • There is no path to a revoked certificate

  16. DPV Implications for Certificates • Queries eventually reach the issuer • Necessary to obtain certificate status • Issuer can assert more than just status • Could respond with individual certificate elements, e.g.: • Subject’s DN changes after cert is issued • Can return new DN in DPV response • Could even return subject’s public key No revocation publishing at all

  17. DPV Implications for Certificates • In the limit, certificates become obsolete • Certificate-free PKI: • Authorities assign identifiers to entities’ public keys • Entities present identifiers instead of certs • RPs resolve identifiers to public keys via fully-delegated DPV • XKMS already supports URLs for keys • Active assertions are a new paradigm for PKI – X.509 didn’t consider them

  18. Conclusions • Current trend towards simplifying PKI clients challenges basic assumptions • Delegating trust & distributing validation creates active authorities and intermediaries • Introduces new issues: availability, latencies • Facilities to constrain trust gain prominence • Implications for revocation, certification • Caveat adopter!

More Related