1 / 15

UTF8String Deployment Status and Migration Plan

UTF8String Deployment Status and Migration Plan. Akira KANAOKA < a-kanaoka@secom.co.jp> Challenge PKI Project Japan Network Security Association Sponsored by IT Promotion Agency, Japan. Agenda. Problem statement Project : Survey of UTF8String Problem in PKI Certificates

italia
Download Presentation

UTF8String Deployment Status and Migration Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. UTF8String Deployment Status and Migration Plan Akira KANAOKA <a-kanaoka@secom.co.jp> Challenge PKI Project Japan Network Security Association Sponsored by IT Promotion Agency, Japan

  2. Agenda • Problem statement • Project : Survey of UTF8String Problem in PKI Certificates • UTF8String Deployment Status in Asia • Ongoing Works • Migration plan for UTF8String • Test case design for UTF8String implementation UTF8String Deployment Statement and Migration Plan

  3. Problem statement • Deadline for migration in RFC 3280 • 31st Dec. 2003 • Canceled in 3280bis • Lack of description to migrate in 3280. • Detailed string matching • Migration Plan • Certificate and CRL/ARL issuance during migration • Gap between CA and client implementation UTF8String Deployment Statement and Migration Plan

  4. Survey of UTF8String Problem in PKI Certificates • Explanation of the problem • Proposal for UTF8String migration • Survey • Product implementation • UTF8String deployment status in Asia • IETF activity around UTF8String • Test case design for UTF8String implementation • Migration Plan for UTF8String UTF8String Deployment Statement and Migration Plan

  5. UTF8String Deployment Status in Asia • Examined whether they use UTF8String for directoryName in certificates • Examined whether they use local characters in UTF8String • Local character : e.g. CJK (Chinese, Japanese, Korean) • Asked by the prepared questionnaire • Asked to “the Asia PKI Forum (APKI-F)” members. • 9 Countries and Regions UTF8String Deployment Statement and Migration Plan

  6. Sent to 9 countries and regions Replies from 3 countries and regions (11 CAs) Replies to the Questionnaire Countries and Regions CA Type UTF8String Deployment Statement and Migration Plan

  7. Encoding Used in Each Field *U:UTF8String (except country. P:PrintableString, I:IA5String, B:BMPString -:not used *CRLDP/iDP: use directoryName with U or P and URI with I to describe distributionPoint :local character used ) UTF8String Deployment Statement and Migration Plan

  8. Encoding Use in Each Field (cont.) *U:UTF8String (except country. P:PrintableString, I:IA5String, B:BMPString -:not used *CRLDP/iDP: use directoryName with U or P and URI with I to describe distributionPoint :local character used ) • Most CAs already use UTF8String. • Most CAs use local character. UTF8String Deployment Statement and Migration Plan

  9. Compliance with RFC 3280 and its Migration Plan UTF8String Deployment Statement and Migration Plan

  10. Additional Survey • UTF8String use in MS Windows Root Certificate Store • OS:Windows XP (Japanese) • as of January 2005 • No certificate use UTF8String. • 107 certificates in the certificate store • No certificate issued after 31st Dec. 2003 UTF8String Deployment Statement and Migration Plan

  11. Conclusion : UTF8String Deployment Status in Asia • Contrast between Government CAs and Commercial CAs • Most Government CAs use UTF8String (by Questionnaire) • No Commercial CA use UTF8String (by MS Windows Certificate Stores) • Asian Government CAs hope to use local character. • Most governments use local character for register information. UTF8String Deployment Statement and Migration Plan

  12. Conclusion (cont.) :UTF8String Deployment Status in Asia • Few CA has a Migration Plan to UTF8String • Most Government CAs use UTF8String from the beginning. • There is only one case having a migration plan. • Deadline of the case : November, 2005 • Best Practice for using/migration to UTF8String is needed. • We don’t have any guideline. UTF8String Deployment Statement and Migration Plan

  13. Ongoing Project • Migration Plan • CA certificate • Re-issue or re-build • CRL encoding after migration of CA certs • ‘Keeping legacy encoding’ or ‘Using UTF8String’ • Need to publish this as informational RFC? • Test Case Designing • Typical case of: • path building (‘different encoding’ and ‘comparison rules’) • Revocation checking • Providing the Test data of: • Sample Certificate and CRL • Available by the end of this month on our web site UTF8String Deployment Statement and Migration Plan

  14. Reference • JNSA Challenge PKI Project • http://www.jnsa.org/mpki/ • RFC 3454 - Preparation of Internationalized Strings ("stringprep") • http://www.ietf.org/rfc/rfc3454.txt • 3280bis • http://csrc.nist.gov/pki/documents/PKIX/draft-ietf-pkix-rfc3280bis-00.txt UTF8String Deployment Statement and Migration Plan

  15. Appendix :Questionnaire outline • Certificate and CRL/ARL • Kind of local character (e.g. CJK) • Kind of encoding for directoryName • Kind of CCS • Difference between CA self-signed certificate and EE certificate • Migration Plan to UTF8String • Plan existence • Migration deadline, reason • Migration reference existence UTF8String Deployment Statement and Migration Plan

More Related