1 A Community-driven Certification Authority OpenSistemas 29 Abril 2011 Universidad Rey JuanCarlos
2 (cc) 2011 and Wikipedia Some rights reserved. This work licensed under Creative Commons Attribution-ShareAlike License. To view a copy of full license, see or write to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
3 Opensistemas is an international company highly specialized in offering global IT solutions based on Open Source and Linux platforms.
4 Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Our Values: Deliver effective solutiosn to our customers. Corporate social responsibility. Commitment to Open Source. Ethics and Respect for individuals. Research and Innovation. Teamwork. Commitment to the development of a society connected by information and knowledge.
5 Our Markets
6 Our Partners
7 Opensistemas is present in nine locations over five countries: Spain (Madrid, Valencia, Barcelona, Sevilla, Zaragoza), Chile (Santiago), Colombia (Bogotá), United Kingdom (London) and China (Shanghai).
8 Contact Information
9 PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Public keys (person, server and authority certificates) Policies and procedures
10 PKI diagram of a public key infrastructure
11 PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA The certificate chain informs browser about VA Example: Try to get certificate information by using Thawte SSL Ca
12 PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. This is one of first certificates acknowledged for legally identifying people or enterprises in Spain. Example: Import FNMT certificate and then get its information.
13 PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) This is the CA for spanish electronic ID (DNIe). Also acknowledged for legally identifying people. Example: Import DGP certificate and then get its information.
14 Web of Trust Web of trust Concept created by PGP creator. Instead of having a central CA, we can build a trust network of signed public keys. If A signs B, and C trust A, then C could trust B. uses a variant of trust network...
15 PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or address (the CommonName field in X.509 certificates). Web of trust: Meetings, Assurance points, Prospective Assurers and Assures. Assured users can get, for example, certificates with a complete CommonName field.
16 inclusion status Can we use server certificates with some browser? Yes, we can import CA certificate and go... Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. No, my browser does not recognize the certificates and I cannot trust to a strange CA.crt file! (Like a self-signed certificate) Although Mozilla started a process to include the certificate, an audit suspended the process, because needed to improve their management system.
17 web of trust When you create a new account: Only your can be verified By meeting other assurers you can get some points: for including your real name to your account, to generate better certificates, and finally, to be also a assurer.
18 web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured... so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer... but you also need to pass an assurer challenge More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others... When you got 50 experience points, then you can issue to others the maximum per session: 35 points But in any case, you can, if you want, to issue less points than your maximum
19 client certificates A client certificate is used to: Identify yourself to a web site signing... When you create a account, you can get client certificates: Only the is certified (by using -ping) With 6 month expiration When you are assured (50 points) you also get Name and certified 24 month expiration
20 server certificates A server certificate is used to: Secure website: identify a server to you When you create a account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get 24 month expiration In all cases, you need to be able to ping DNS name by receiven a postmaster from DNS owner, and only website DNS name is assured, because assurers are not able verify legal owner.
21 Questions Questions?
22 Exercises Final exercises 1 Creating your account. 2 Creating your certificate, with browser and then with openssl 3 Creating a web certificate, with openssl and apache 4 Want to be assured?
Citi Secure Email Program Receiving Secure Email from Citi For External Customers and Business Partners Protecting the privacy and security of client information is a top priority at Citi. Citi s Secure
RSA Authentication Manager 8.1 Planning Guide Revision 1 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks
CERTIFICATION PRACTICE STATEMENT (CPS) OF SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. Version.0 (CPS) INDEX 1. LEGAL FRAMEWORK... 10 1.1. Legal Base... 10 1.. Validation... 10 1.. Legal Support...
LogMeIn Backup Getting Started Guide Contents Getting Started with LogMeIn Backup...3 About LogMeIn Backup...3 How does LogMeIn Backup Work, at-a-glance?...3 About Security in LogMeIn Backup...3 LogMeIn
MULTI LICENSES The information in this document is subject to change without notice and does not represent a commitment on the part of Propellerhead Software AB. The software described herein is subject
WHITE PAPER: TWO-FACTOR AUTHENTICATION: A TCO VIEWPOINT........................................ Two-Factor Authentication Who should read this paper This whitepaper is directed at IT, Security, and Compliance
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
Choosing IT Service Management Software What to look for in an IT Service Management solution Monitor 24-7 Inc. www.monitor24-7.com email@example.com 1 416 410 2716 1 866 364 2757 Introduction Service
This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description
Getting Started with SharePoint Online for Small Business By Robert Crane Computer Information Agency http://www.ciaops.com Terms This Guide from the Computer Information Agency is provided as is. Every
Certificate Management Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
Liquidware Labs Customer Support Policy Version 2.0 Introduction This guide has been authored by experts at Liquidware Labs in order to provide information and guidance concerning Liquidware Labs Customer
Advantage Security Certification Practice Statement Version 3.8.5 Effective Date: 01/01/2012 Advantage Security S. de R.L. de C.V. Prol. Paseo de la Reforma # 625 Int 402, Col Paseo de las Lomas. Del Alvaro
RSA Authentication Manager 8.1 Help Desk Administrator s Guide Revision 1 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
Qnet Web Site Design and Development Process Your Answer. Your Solution. Your Team. QNET INFORMATION SERVICES (Qnet) is a full service technology solutions provider and value added reseller (VAR) offering
Certification of Competency in Business Analysis (CCBA ) Certification Handbook The IIBA guide to gaining the CCBA designation. April 14, 2014 1 Table of Contents 1. ABOUT THIS HANDBOOK... 3 2. ABOUT INTERNATIONAL
FDA Electronic Submissions Gateway (ESG) Presenter: Michael B. Fauntleroy Program Manager FDA ESG What is the Gateway? FDA ESG - Submission Options WebTrader Gateway Cost ROI for your investment Registration
Siebel Email Administration Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation
Windows Firewall with Advanced Security Design Guide and Deployment Guide Microsoft Corporation Published: October 2008 Author: Dave Bishop Editor: Allyson Adley Reviewers: Bilal Aijazi, Boyd Benson, Shalaka
Semester: Title: Cloud computing - impact on business Project Period: September 2014- January 2015 Aalborg University Copenhagen A.C. Meyers Vænge 15 2450 København SV Semester Coordinator: Henning Olesen
800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com Protect My Ministry websites including www.ministryopportunities.org have the following SSL Certificates and protection:
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis