Professional Documents
Culture Documents
Authorities and
Public-Key Infrastructures
Ozalp Babaoglu
Certificati digitali
Babaoglu 2001-2014
Sicurezza
Physical Certificates
Photograph
+
Personal data
Seals
=
I certify that
the photo
corresponds to
the personal data
Babaoglu 2001-2014
Sicurezza
PKI Certificates
Babaoglu 2001-2014
Sicurezza
Babaoglu 2001-2014
Sicurezza
Common Name
CN=Calisto Tanzi
OU=Management
City/Locality
L=Parma
State/Province
ST=Emilia Romagna
C=IT
Babaoglu 2001-2014
Sicurezza
Babaoglu 2001-2014
Sicurezza
Certificate servers
Babaoglu 2001-2014
Sicurezza
Registering
Certifying (issuing)
Validating
Revoking certificates
Babaoglu 2001-2014
Sicurezza
Out-of-band authentication:
performed using more traditional methods, such as mail, fax,
over the telephone or physically meeting someone
Babaoglu 2001-2014
Sicurezza
10
Babaoglu 2001-2014
Sicurezza
11
In the future:
Several PKI operating and inter-operating in the Internet
Babaoglu 2001-2014
Sicurezza
12
Babaoglu 2001-2014
Sicurezza
13
Instead:
most PKI enable one CA to certify other CAs
one CA is telling its users that they can trust what a second CA
says in its certificates
Babaoglu 2001-2014
Sicurezza
14
Babaoglu 2001-2014
DN CA Z
PK CA Z
Sig CA Y
Sicurezza
DN Bob
PK Bob
Sig CA Z
15
Babaoglu 2001-2014
Sicurezza
16
PKI CA Hierarchies
CAs can be organized
as a rooted tree (X.509)
as a general graph (PGP)
CA
CA
CA
Babaoglu 2001-2014
CA
CA
Sicurezza
CA
CA
17
Babaoglu 2001-2014
Sicurezza
18
In PGP, any user can act as a CA and sign the public key
of another user
A public key is considered valid only if a sufficient number
of trusted users have signed it
As the system evolves, complex trust relations emerge as
dynamic web
Trust need not be symmetric or transitive
(more on PGP later)
Babaoglu 2001-2014
Sicurezza
19
PKI Validation
Validation
The information in a certificate can change over time
Need to be sure that the information in the certificate is current
and that the certificate is authentic
Sicurezza
20
PKI Revocation
Revocation
the process of informing users when the information in a
certificate becomes unexpectedly invalid
subjects private key becomes compromised
user information changes (e.g., email address, domain name of a server)
On-line
revocation problem becomes trivial
Online Certificate Status Protocol (OCSP) of X.509 describes
how to check validity and revoke certificates
Off-line
Within the validity periods, certificate revocation method is critical
Clients check locally if a certificate has been revoked
Babaoglu 2001-2014
Sicurezza
21
PKI Revocation
Certificate Revocation List (CRL)
a list of revoked certificates that is signed and periodically issued
by a CA
user must check the latest CRL during validation to make sure
that a certificate has not been revoked
X.509 includes a CRL profile, describing the format of CRLs
CRL Problems
CRL time-granularity problem
how often CRLs must be issued?
CRL size
incremental CRL
Babaoglu 2001-2014
Sicurezza
22
Babaoglu 2001-2014
Sicurezza
23
Babaoglu 2001-2014
Sicurezza
24
Babaoglu 2001-2014
Sicurezza
25