CMP Interop Project December 6, 2000 Robert Moskowitz rgm@icsa. net 1 A Division of Tru. Secure Corporation
CMP Interop Goals l Establish the baseline of mandatory CMP functions ä l Establish the optional, but important CMP functions ä l Progress! Provide the foundation for future product testing so that customers will be able to buy PKI products with confidence ä 2 Done! Expose any deficiencies of difficulties with the specification and provide needed feedback to the IETF on recommended changes to the specification ä l Done! Light at the end of the tunnel! A Division of Tru. Secure Corporation
What is CMP Interop? Mandatory and Desired l Support DSA and RSA algorithms ä l digital. Signature and data. Encipherment in key. Usage ä ä l separately and together in certificates PKI Protection and POP CMP Transport Method ä 3 in certificate templates and for use in PKI Protection and POP (Proof of Possession) TCP direct (port 829) and HTTP A Division of Tru. Secure Corporation
What is CMP Interop cont. l CMP Transactions ä ir, cr, rr, kur, and ccr (CA implementations only) ä ä ir with one or two certificate requests Transaction sequence Req/rep (Implicit. Confirm) ä Req/err (bad request) ä Req/rep/certconf/pkiconf ä Req/rep/err/pkiconf (bad certificate) ä Req/rep/certconf/err (bad confirmation) ä l PKI Protection ä 4 ä MAC (shared secret for ir) SIG (using a signing cert. ) A Division of Tru. Secure Corporation
What is CMP Interop cont. l Over 80 testing combinations! ä ä l Not all need be supported by all vendors All need to be supported by some vendors ä Or specification changed Yes CMP can be as complex as you wish ä But it does not have to be so for all implementations! 5 A Division of Tru. Secure Corporation
Active Interop Participants l l l l 6 Baltimore Certicom (Trustpoint) Cylink Cryplib (open source) Entegrity Entrust IBM TC Trustcenter l l l RSA Research SSH Sun (Java) ä l Now inactive ICSA Labs is coordinating/running Interop efforts A Division of Tru. Secure Corporation
Pending Interop Participants l l l 7 Motus Technologies NIST Open CA Siemens Utimaco A Division of Tru. Secure Corporation
Lessons Learned l CA policy has a major impact on EE use of CMP ä l A few areas in specs are unclear ä l 8 Need to collect basic policy items Need list ‘lore’ to implement Changes to Internet Drafts published A Division of Tru. Secure Corporation
Conclusions l Over the Internet workshops are viable ä l CMP Interop does not currently exist ä l All participants were using pre-production code Basic CMP Interop WAS achieved this year ä 9 Engineers can work around timezone problems easier than getting travel authorizatoin EE to CA, not CA to CA A Division of Tru. Secure Corporation
Pending Work Items l Next year to finish up Interop ä ä ä CMP Transport polling QC 'protection' of transactions application testing ä l l 10 using certificates in real applications ICSA Labs will be able to develop a compliance criteria for CMP More participation needed A Division of Tru. Secure Corporation
Pending Work Items l Next year to finish up Interop ä ä ä CMP Transport polling QC 'protection' of transactions application testing ä l l 11 using certificates in real applications ICSA Labs will be able to develop a compliance criteria for CMP More participation needed A Division of Tru. Secure Corporation
Скачать презентацию CMP Interop Project December 6 2000 Robert Moskowitz
949b378ac916ee7db1a877eb94bb8693.ppt