1 / 13

Using Personal Certificates

Using Personal Certificates. Jeff D’Angelo Jeremy Hill Network of People, Jan 6, 2005. Our role. Not a formal ITS or Penn State project No support from ITS helpdesks We present this material today not as an authority but as peer Personal Certificate programs are global

ulysses-miller
Download Presentation

Using Personal Certificates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Personal Certificates Jeff D’AngeloJeremy Hill Network of People, Jan 6, 2005

  2. Our role • Not a formal ITS or Penn State project • No support from ITS helpdesks • We present this material today not as an authority but as peer • Personal Certificate programs are global • We are selfish – we want more points • Our selfishness helps you

  3. What types of certificates exist? • Server • Personal • Code-signing • Others (client, etc.)

  4. How are certificates useful? • Certificates are a means of placing trust in an unknown/unverified party • Can validate authenticity of peer/server in SSL/TLS communication (HTTPS, etc) • Can encrypt/sign email (S/MIME) • Can sign (validate) documents (PDF) • Can sign executable code • Client Authentication (VPN, HTTP, etc)

  5. Methods of assuring identity • Single assurance from Certificate Authority • PGP Web of Trust (WoT) model • Hybrid CA + Web of Trust model

  6. How hybrid model works • Community based effort assuring identity of peers • Web-based point system keeps track of assurances received and given • No single point of assurance failure • Single path to verify new certificates

  7. Hybrid Web of Trust CAs • Thawte • Trusted in most clients today • FREE for personal certificates • CAcert • Server and Code-signing also FREE • Requires root certificate installation in most clients today

  8. Getting started • 1) Apply for account with Thawte (or CAcert) • 2) Get points via assurances • At 50 points, your certificates are trusted • At 100 points, you become a WoT notary • 3) Give assurances to help the community • The more you give, the more points you can give • Start at giving max 10 points and work towards 35 max

  9. Assurance process • Meet notary/assuror in person • Provide proof(s) of identity matching account information (e.g., driver’s license #, passport #) • Notary/assuror makes copy of id proofs • Both sign a document attesting assurance • Notary/assuror grants points to the assertion online • Notary/assuror keeps documentation secure and may produce to CA if audited

  10. Demos • Jeff • Applying for Thawte Personal Certificates • Downloading certificate into email client • Signing, verifying email • Jeremy • Installing certificate into Adobe PDF • Signing PDF documents

  11. S/MIME E-Mail client support • Mozilla Mail and derivatives (e.g., Thunderbird) – Good • MS Outlook and Outlook Express – Good • Eudora – Poor • Pine – Poor • Apple Mail – Decent

  12. Conclusion • Summary • Q & A • Thawte and CAcert assurances given during break

  13. References • Thawte Personal Certificates: http://thawte.com/email/ • CAcert Personal Certificates: http://cacert.org/

More Related