pki strategy n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
PKI Strategy PowerPoint Presentation
Download Presentation
PKI Strategy

Loading in 2 Seconds...

play fullscreen
1 / 3

PKI Strategy - PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on

PKI Strategy. PKI Requirements Standard Based on e-MARC or other Certificate Policy Statements Specify key aspects that must be met by CA Cert format (X.509) Cert types (server, application, signing, “assurance levels”) CA Root key protection (FIPS level) Identity proofing scheme

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'PKI Strategy' - tasha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
pki strategy
PKI Strategy
  • PKI Requirements Standard
    • Based on e-MARC or other Certificate Policy Statements
    • Specify key aspects that must be met by CA
      • Cert format (X.509)
      • Cert types (server, application, signing, “assurance levels”)
      • CA Root key protection (FIPS level)
      • Identity proofing scheme
      • Key length
      • Key lifetime
      • Key delivery
      • CRL frequency
      • Subject requirements (OU field)
      • Etc.
    • Start from Jim Hansen “Requirements”
pki strategy1
PKI Strategy
  • CA Self-certification – Legal Document
    • Certification Checklist
      • Base of sections of RFC for CPS
      • Enumerate requirements from standard that must be met in CPS
    • CA files affidavit with NAESB certifying compliance
  • CA Declaration/Nomination – Legal Document
    • Identifies Entity’s CA(s) that will be used
    • Agrees to abide by CA’s CPS
    • Attests to implementation of a PKI security program to keep certs secure
    • Agrees to liability for use of certs issued to end-entity provided relying party performs CRL check, Root CA validation, etc.
    • End-Entity files affidavit with NAESB certifying compliance
pki strategy2
PKI Strategy
  • OASIS Application Security Standard
    • Must comply with PKI Standard
    • Must use CA that has executed Self-Certification
    • Must have filed End-Entity CA Declaration/Nomination
    • May require two-factor authentication (token, PIN, etc.)
    • Other?
  • Tagging Application Security Standard
    • Etc.