mutually endorsing ca infrastructure
play

Mutually Endorsing CA Infrastructure Don't treat Symptoms: Improve - PowerPoint PPT Presentation

Jul 21, 2023 •404 likes •481 views

Mutually Endorsing CA Infrastructure Don't treat Symptoms: Improve the PKI System Combine PKI with Web-Of-Trust / Notary ideas Each CA should run a dynamic Vouching Service Vouching for network visibility of: DNS information:

  1. Mutually Endorsing CA Infrastructure ● Don't treat Symptoms: Improve the PKI System ● Combine PKI with Web-Of-Trust / Notary ideas ● Each CA should run a dynamic Vouching Service ● Vouching for network visibility of: ● DNS information: Hostname <=> IP ● Certificate in use: IP/Port <=> Certificate ● Current Revocation information (OCSP) ● Vouching Service combines network information, current timestamp and adds a digital signature

  2. Vouching architecture ● Twice a day, each server requests a current voucher from each CA and will use it for the next 24 hours ● Client picks two acceptable candidate Vouching Authorities (either by random or based on region) ● Clients request vouchers from servers as part of the SSL/TLS protocol handshake ● Server certificate and voucher: From different CAs ● Clients verify voucher signature and freshness ● Clients compare own network view with voucher information

  3. Benefits related to Hacking ● Hacking a single CA will no longer be sufficient ● Hacking two CAs give you success only in a small number of connections, everyone else will be alarmed, allowing quick detection of compromises ● Ability to globally revoke trust from CAs within one day: Inform the Vouching Authorities about the compromise, and they will stop issuing vouchers for related certificates. As soon as clients can no longer obtain vouchers, they will stop trusting the servers that use compromised certificates.

  4. Additional Benefits / Properties ● Clients could anonymously submit statistics about certificate mismatches ● Information about mismatches could be centrally evaluated to learn about regional attacks ● Reduced uptime requirements of OCSP servers (outages of a couple of hours are acceptable) ● Limited performance requirements for Vouching Servers, because only servers connect to them ● As with OCSP stapling: no OCSP privacy issue; works at captive portals / hotspots prior to login

  5. Additional Idea: Automatic Failover ● Introduce optional redundancy into SSL/TLS ● Instead of always using a single server certificate, enhance the SSL/TLS protocol to allow a list of two alternative server certificates ● Servers could be configured to use two certificates from two different CAs (same keypair for both?) ● If a root CA gets revoked because of a compromise, and clients fail to validate a server's certificate (e.g. no valid voucher), clients can fall back to use the alternative certificate

  6. Mutually Endorsing CA Infrastructure kuix.de/mecai Kai Engert Red Hat employee Mozilla contributor

Recommend

MUTUALLY REINFORCING INSTITUTIONS MUTUALLY REINFORCING INSTITUTIONS EAPC/PFP MONACO THE

MUTUALLY REINFORCING INSTITUTIONS MUTUALLY REINFORCING INSTITUTIONS EAPC/PFP MONACO THE

NATO HQ - POLITICAL AFFAIRS DIVISION MUTUALLY REINFORCING INSTITUTIONS MUTUALLY REINFORCING INSTITUTIONS EAPC/PFP MONACO THE HOLY SEE BELARUS NATO KAZAKHSTAN CANADA KYRGYZSTAN UNITED STATES TAJIKISTAN 2) TURKMENISTAN UZBEKISTAN

529 views • 5 slides
Finite Projective Planes http://math.uwyo.edu/moorhouse/pub/planes/ Eric Moorhouse Mutually

Finite Projective Planes http://math.uwyo.edu/moorhouse/pub/planes/ Eric Moorhouse Mutually

Finite Projective Planes http://math.uwyo.edu/moorhouse/pub/planes/ Eric Moorhouse Mutually Unbiased Bases Mutually Unbiased Bases Mutually Unbiased Bases Mutually Unbiased Bases Mutually Unbiased Bases Mutually Unbiased Bases In order to

884 views • 50 slides
Yes, G-CAN! Endorsing Food Security With Gender- Responsive and Climate-Resilient Agriculture

Yes, G-CAN! Endorsing Food Security With Gender- Responsive and Climate-Resilient Agriculture

Yes, G-CAN! Endorsing Food Security With Gender- Responsive and Climate-Resilient Agriculture Speakers: Meredith Soule, USAID Bureau for Food Security; Claudia Ringler, Tim Thomas, Elizabeth Bryan, IFPRI; Jessica Fanzo, Johns Hopkins University

452 views • 41 slides
Yes, G-CAN! Endorsing Food Security With Gender- Responsive and Climate-Resilient Agriculture

Yes, G-CAN! Endorsing Food Security With Gender- Responsive and Climate-Resilient Agriculture

Yes, G-CAN! Endorsing Food Security With Gender- Responsive and Climate-Resilient Agriculture Speakers: Meredith Soule, USAID Bureau for Food Security; Claudia Ringler, Tim Thomas, Elizabeth Bryan, IFPRI; Jessica Fanzo, Johns Hopkins University

434 views • 40 slides
Mutually algebraic structures and automatic quantifier elimination Chris Laskowski

Mutually algebraic structures and automatic quantifier elimination Chris Laskowski

Mutually algebraic structures and automatic quantifier elimination Chris Laskowski University of Maryland Antalya Algebra Days XIV C e sme, Turkey 20 May, 2012 Chris Laskowski University of Maryland Mutually algebraic structures

351 views • 18 slides
Endorsing Good Practice Harpreet Chana Head of Pricing PSNC Head of Pricing role involves:

Endorsing Good Practice Harpreet Chana Head of Pricing PSNC Head of Pricing role involves:

Prescription Pricing Errors and Endorsing Good Practice Harpreet Chana Head of Pricing PSNC Head of Pricing role involves: Negotiating changes to the Drug Tariff with the Department of Health Lead for prescription pricing accuracy

472 views • 33 slides
Constraints on credences in two not mutually exclusive propositions: the search for the best

Constraints on credences in two not mutually exclusive propositions: the search for the best

Constraints on credences in two not mutually exclusive propositions: the search for the best belief update function. . . Leszek Wroski Institute of Philosophy Jagiellonian University Krakw, Poland Full and Partial Belief Workshop

512 views • 29 slides
Mutually orthogonal Latin Squares and LSECC Duncan Prince, Jenny Zhang January 19, 2015 Author:

Mutually orthogonal Latin Squares and LSECC Duncan Prince, Jenny Zhang January 19, 2015 Author:

Mutually orthogonal Latin Squares and LSECC Duncan Prince, Jenny Zhang January 19, 2015 Author: Duncan Prince Mutually Orthogonal Latin Squares A Latin Square is an n by n array filled with n unique symbols. Each symbol appears once in each row

153 views • 4 slides
Mutually mutuallyindependent Independent whentheprobabilitythat A i occurs Events

Mutually mutuallyindependent Independent whentheprobabilitythat A i occurs Events

MathematicsforComputerScience MutualIndependence MIT 6.042J/18.062J EventsA 1 ,A 2 ,,A n are Mutually mutuallyindependent Independent whentheprobabilitythat A i occurs Events AlbertRMeyer, May3,2013 AlbertRMeyer,

287 views • 5 slides
Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing

Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing

Mutually Assured Pwnage (Yes, this slide is meant to be ironic) We believe we're seeing something a little like a cyber Cold War. -- Dmitri Alperovitch, VP Threat Research, McAfee How Cyberwar is like the Cold War Its not a war.

744 views • 43 slides
Fundraising and Advocacy: A Mutually Beneficial Relationship Tim Gibbs ! Director, Campaign

Fundraising and Advocacy: A Mutually Beneficial Relationship Tim Gibbs ! Director, Campaign

Fundraising and Advocacy: A Mutually Beneficial Relationship Tim Gibbs ! Director, Campaign Initiatives ! American Cancer Society ! California Division ! Advocates = Higher Donations Relay'For'Life'Team'Members'who'are'

580 views • 10 slides
Microstructure, mutually exciting processes Delattre, A. Iuga, M.H., and market impact J.F.

Microstructure, mutually exciting processes Delattre, A. Iuga, M.H., and market impact J.F.

Microstructure, mutually exciting processes and market impact E. Bacry, S. Microstructure, mutually exciting processes Delattre, A. Iuga, M.H., and market impact J.F. Muzy Introduction: inference across scales E. Bacry, S. Delattre, A.

892 views • 55 slides
Forest Carbon Partnership Facility ERPA General Conditions FCPF Carbon Fund Meeting (CF7) Paris,

Forest Carbon Partnership Facility ERPA General Conditions FCPF Carbon Fund Meeting (CF7) Paris,

Forest Carbon Partnership Facility ERPA General Conditions FCPF Carbon Fund Meeting (CF7) Paris, June 24-25, 2013 Overview I. Process of Endorsing ERPA General Conditions II. Critical Remaining Issues for Discussion 2 Process of Endorsing

330 views • 8 slides
Loss and Other-Regarding Preferences: Mutually Exclusive or Exclusively Mutual? Evidence From

Loss and Other-Regarding Preferences: Mutually Exclusive or Exclusively Mutual? Evidence From

Loss and Other-Regarding Preferences: Mutually Exclusive or Exclusively Mutual? Evidence From Loss-Framed Dictator Games ArmenakAntinyan ArmenakAntinyan 2 nd Year PhD Student University of Venice Department of Business Economics and Management

366 views • 19 slides
Complete characterization of perfectly secure stego-systems with mutually independent embedding

Complete characterization of perfectly secure stego-systems with mutually independent embedding

Complete characterization of perfectly secure stego-systems with mutually independent embedding operation Tom Filler and Jessica Fridrich Dept. of Electrical and Computer Engineering SUNY Binghamton, New York IEEE ICASSP 2009, Taipei,

396 views • 21 slides
Breaking Dichotomies Are Civil Rights and Black Na8onalism Mutually Exclusive? *Dr. Devyn

Breaking Dichotomies Are Civil Rights and Black Na8onalism Mutually Exclusive? *Dr. Devyn

Breaking Dichotomies Are Civil Rights and Black Na8onalism Mutually Exclusive? *Dr. Devyn Spence Benson Professor of Africana &amp; La8n American Studies TwiIer @bensondevyn Who said it? It is a historical fact that privileged groups

625 views • 37 slides
Natural Resources Utilization, Sustainability and Development in Guyana: Mutually Exclusive?

Natural Resources Utilization, Sustainability and Development in Guyana: Mutually Exclusive?

Natural Resources Utilization, Sustainability and Development in Guyana: Mutually Exclusive? Suresh S. Narine Outline Carbon: The fulcrum of our World Major Resource Challenges in the World FOOD CLIMATE CHANGE Caribbean

667 views • 48 slides
Mutually supportive implementation of the Plant Treaty and Nagoya Protocol Michael Halewood, Ana

Mutually supportive implementation of the Plant Treaty and Nagoya Protocol Michael Halewood, Ana

Mutually supportive implementation of the Plant Treaty and Nagoya Protocol Michael Halewood, Ana Bedmar June 15, 2016 Genetic Resources Policy Initiative (GRPI) 2012 present with 8 countries: Bhutan, Nepal, Uganda, Rwanda, Cote DIvoire,

401 views • 29 slides
https://evdress.com The main advantage of casual and elegant dresses from RicaMare mutually

https://evdress.com The main advantage of casual and elegant dresses from RicaMare mutually

https://evdress.com The main advantage of casual and elegant dresses from RicaMare mutually beneicial relationships with customers. We pay great following fashion trends and caring about their own style. Business, active and conident

409 views • 6 slides
Prosody-Based Unsupervised Speech Summarization with Two-Layer Mutually Reinforced Random Walk

Prosody-Based Unsupervised Speech Summarization with Two-Layer Mutually Reinforced Random Walk

Prosody-Based Unsupervised Speech Summarization with Two-Layer Mutually Reinforced Random Walk Sujay Kumar Jauhar {sjauhar, yvchen, fmetze}@cs.cmu.edu Yun-Nung (Vivian) Chen The 6th International Joint Conference on Natural Florian Metze

768 views • 38 slides
Iso-entangled Mutually Unbiased Bases and mixed states t designs Karol Zyczkowski

Iso-entangled Mutually Unbiased Bases and mixed states t designs Karol Zyczkowski

Iso-entangled Mutually Unbiased Bases and mixed states t designs Karol Zyczkowski Jagiellonian University, Cracow, &amp; Polish Academy of Sciences, Warsaw in collaboration with Jakub Czartowski (Cracow) Dardo Goyeneche (Antofagasta)

775 views • 40 slides
Mutually Beneficial Industry Partnerships Casey K. Sacks, Ph.D. Deputy Assistant Secretary for

Mutually Beneficial Industry Partnerships Casey K. Sacks, Ph.D. Deputy Assistant Secretary for

Earn, Learn, Succeed: The Role of Postsecondary Education in Driving Mutually Beneficial Industry Partnerships Casey K. Sacks, Ph.D. Deputy Assistant Secretary for Community Colleges Office of Career, Technical and Adult Education U.S.

468 views • 20 slides
Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department

Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department

Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department of Computer Science &amp; Engineering University of Washington August 15th, 2003 Foundations of Software Engineering, Microsoft Research 1

688 views • 36 slides
Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department

Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department

Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department of Computer Science &amp; Engineering University of Washington, Seattle, WA Oct. 6th, 2003 FATES 2003, Montreal, Canada 1 Synopsis Need

476 views • 19 slides

More recommend