Скачать презентацию KISTI Grid CA Status Report 5 th APGrid Скачать презентацию KISTI Grid CA Status Report 5 th APGrid

4e931bf81ce3e62a91792d182f816858.ppt

  • Количество слайдов: 9

KISTI Grid CA Status Report 5 th APGrid PMA Meeting September 16 2008 Biopolis, KISTI Grid CA Status Report 5 th APGrid PMA Meeting September 16 2008 Biopolis, Singapore Korea Institute of Science and Technology Information Sangwan Kim (sangwan@kisti. re. kr) Jae-Hyuck Kwan (jhkwak@kisti. re. kr)

Contents • History of KISTI Grid CA Operation • KISTI Grid CA Overview • Contents • History of KISTI Grid CA Operation • KISTI Grid CA Overview • Statistics • Future Works

History of KISTI Grid CA Operation • K*Grid Project started from 2002 in Korea. History of KISTI Grid CA Operation • K*Grid Project started from 2002 in Korea. • Experimental CA System (2002 ~ June 2004) ▶ Statistics • # of users (subscribers) : more than 390 users • # of issued certificates : more than 3, 000 certificates • Production Level CA System (June 2004 ~ June 2007) ▶ Statistics • # of users (subscribers) : more than 60 users • # of issued certificates : more than 400 certificates • Production CA v 2. 0 (June 2007~) ▶ Statistics • # of users (subscribers) : 27 • # of issued certificates : 66 certificates

KISTI Grid CA Overview • Web Site (online certificates repository) ▶ http: //ca. gridcenter. KISTI Grid CA Overview • Web Site (online certificates repository) ▶ http: //ca. gridcenter. or. kr/ • CA cert ▶ http: //ca. gridcenter. or. kr/certs/certificates/722 e 5071. 0 ▶ Valid : Jul 12, 2007 – Aug 1, 2017 (10 years) ▶ Key size: 2048 bits • Certificate Policy & Practice Statement: ▶ http: //ca. gridcenter. or. kr/cps/KISTI-CPCPS-2. 0. html ▶ Based on RFC 3647 ▶ X. 509 OID: 1. 3. 6. 1. 4. 1. 14305. 1. 1. 1. 2. 0 • CRL ▶ http: //ca. gridcenter. or. kr/CRL/722 e 5071. crl ▶ X 509 Version 2, CRL life time: 30 days (new CRL 7 days before expiration of the previous one)

KISTI Grid CA Overview • Certificate Profile: X 509 v 3 Extensions ▶ CA KISTI Grid CA Overview • Certificate Profile: X 509 v 3 Extensions ▶ CA certificate • Basic Constraints: CA: TRUE • Key Usage: critical, Certificate Sign, CRL Sign • Certificate Policies: 1. 3. 6. 1. 4. 1. 14305. 1. 1. 1. 2. 0 ▶ User certificates • Basic Constraints: CA: FALSE • Key Usage: critical, Digital Signature, Non Repudiation, Key Encipherment, Data Enciperment • Extended Key Usage: TLS Web Client Authentication • Issuser Alternative Name, CRL Distribution Point, Policies OID ▶ Host certificates • • • Basic Constraints: CA: FALSE Key Usage: critical, Digital Signature, Key Encipherment, Data Enciperment Extended Key Usage: TLS Web Server/Client Authentication Issuser Alternative Name, CRL Distribution Point, Policies OID Subject Alternative Name: DNS:

KISTI Grid CA Overview • Name forms ▶Issuer: • C=KR, O=KISTI, O=GRID, CN=KISTI Grid KISTI Grid CA Overview • Name forms ▶Issuer: • C=KR, O=KISTI, O=GRID, CN=KISTI Grid Certificate Authority ▶User DN: • C=KR, O=KISTI, O=GRID, O=[applicant's organization], CN=[the name of applicant] ▶Host DN: • C=KR, O=KISTI, O=GRID, O=[applicant's organization], CN=[FQDN of the hostname]

Statistics • # of Applicants : 78 • # of Certificates ▶User certificates • Statistics • # of Applicants : 78 • # of Certificates ▶User certificates • 68 valid, 4 revoked, 3 expired ▶Host certificates • 162 valid, 4 revoked, 3 expired

Future Works • Some improvement of web system (user interfaces, design, etc. . ) Future Works • Some improvement of web system (user interfaces, design, etc. . ) • Self-auditing of KISTI CA

Thank You For Your Attention Thank You For Your Attention