b586b22564d81eb3fe372c279094da9f.ppt
- Количество слайдов: 12
Web-based Integrated CA services Protocol, ICAP draft-sakurai-pkix-icap-00. txt Mine Sakurai (NEC) Hiroaki Kikuchi (Tokai Univ) Hiroyuki Hattori (Meiji Univ) Yoshiki Sameshima (ICAT) Hitoshi Kumagai (ICAT) 98/08 42 nd IETF PKIX WG
Summary z. ICAP provides typical CA services for applications online z. We propose the ICAP as a CA service protocol, because it is; xcompact and easy to implement and use xbased on HTTP and adaptable to the existing network environment xincludes CA-CA communication on the supposition of a CA hierarchy and is scalable 98/08 42 nd IETF PKIX WG
ICAP features zsubset of typical CA services for applications online y certificate issuing y certificates retrieval y CA certificates retrieval y CRLs retrieval y certificate validation checks y certificate revocation y certificate updating 98/08 42 nd IETF PKIX WG
ICAP features (2) zbased on HTTP zbased on an original CA model zincluding CA-CA protocols yan application just throws a query to a neighboring CA then gets a response ythe neighboring CA forwards the query to another CA as required xassuming CA hierarchy for certificates retrieval xusing X. 509 V 3 extension fields for CRLs retrieval, CA certificate retrieval and certificate validation checks 98/08 42 nd IETF PKIX WG
CA model and services certreq revokereq updatereq verifyreq CA RA VA IA PA VA 98/08 lookupreq calookupreq crlreq PA 42 nd IETF PKIX WG
ICAP implementation z. ICAT has both ICAP-compliant CA software and ICAP-compliant S/MIME Email system software z. Supporting RSA and Matsushita’s Elliptic Curve Cryptosystems, My-Ellty, for public key algorithm z. ICAP is used by the medical community in a S/MIME E-mail system 98/08 42 nd IETF PKIX WG
Correspondence to existing PKIX drafts ICAP CMP OPP(HTTP) certreq lookupreq calookupreq crlreq verifyreq revokereq updatereq 98/08 Certificate Management Protocol Operational Protocols Web. CAP OPP(LDAP) OCSP 42 nd IETF PKIX WG WEB based CA Access Protocol Online Certificate Status Protocol
What is the goal? z. New PKIX draft ? z. Partial contribution to existing PKIX drafts? 98/08 42 nd IETF PKIX WG
z. Additional slides 98/08 42 nd IETF PKIX WG
Example % telnet cahost 1 80 Trying 123. 16. 5. 41 … Connected to cahost 1. Escape character is ‘^]’. POST /cgi-bin/lookupreq HTTP/1. 0 Content-length: 41 request Email. Address=alpha@abc. nec. co. jp&Latest=1 HTTP/1. 1 200 OK Date: Sat, 25 Oct 1997 09: 34: 17 GMT Content-Type: text/plain lookupreq 200 accept your request MIIDm. TCCA…. . 98/08 42 nd IETF PKIX WG response
What is ICAT ? z. Initiatives for Computer Authentication Technology(1995 --1998) z. Industry-university cooperative research project z. The purpose is to establish a technology of authentication adopting cryptography yespecially focused on CA ydevelopment for experiment 98/08 42 nd IETF PKIX WG
Background z. Conclusion of the ICAT activities ydevelopment of a protocol between CA and application, including CA-CA communication z. Second proposal from ICAT to PKIX WG yinitial draft, draft-kikuchi-web-repository 00. txt (1997) has expired yimprovement of the specification through a sample implementation 98/08 42 nd IETF PKIX WG
b586b22564d81eb3fe372c279094da9f.ppt