Presentation is loading. Please wait.

Presentation is loading. Please wait.

CDB-041110-1 Chris Bonatti (IECA, Inc.) Tel: (+1) 301-548-9569 Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working.

Published byAlan Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "CDB-041110-1 Chris Bonatti (IECA, Inc.) Tel: (+1) 301-548-9569 Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working."— Presentation transcript:

1 CDB-041110-1 Chris Bonatti (IECA, Inc.) Tel: (+1) 301-548-9569 Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working Group 10 November 2004 – Washington, DC

2 CDB-041110-2 Status of Draft Publication history: –draft-dploy-requirements-002002-MAR –draft-bonatti-pki4ipsec-profile-reqts-002004-JAN-30 –draft-bonatti-pki4ipsec-profile-reqts-012004-JUL-19 –draft-ietf-pki4ipsec-mgmt-profile-rqts-002004-AUG-4 –draft-ietf-pki4ipsec-mgmt-profile-rqts-012004-OCT-25 August 4 version was substantially the same as July 19 version. October 25 version addresses text comments identified around IETF #60. We’re not nearly finished.

3 CDB-041110-3 Document Structure 1.Introduction 2.Architecture –VPN System (VPN Peers & VPN Admin) –PKI System (CA, RA, Repository) –VPN-PKI interaction (steps in certificate life cycle) 3.Requirements –Subsections address different requirement areas 4.Security Considerations Annexes A. References B. Acknowledgements C. Editor's Address D. Summary of Requirements Plan to include a summary table similar to those in RFCs 1122, 1123, and 2975. E. Change History

4 CDB-041110-4 Section 3 Subsections 3.1 General Requirements 3.2 Authorization Transactions 3.3 Key Generation and PKC Request Construction 3.4 Enrollment (Sending Request and PKC Retrieval) 3.5 PKC Profile for PKI Interaction 3.6 PKC Renewals and Changes 3.7 Finding PKCs in Repositories 3.8 Revocation Action 3.9 Revocation Checking and Status Information

5 CDB-041110-5 Changes to Draft Numerous editorial changes: –Acronym fixes –Clarification of PKC Change definition –Rearranged and consolidated references –Clarified what “off-line” communication (out of band) entails.

6 CDB-041110-6 Issues Need to add more clarity on the makeup of the registration “template”. Should the VPN Peer be able to cancel a pre- authorization in addition to the Admin. Need to clarify error handling for the pre- enrollment process. Lots of editorial holes to be filled, but the issues are less granular.

7 CDB-041110-7 Way Forward Issue log was created previously. This is more of an editorial work list than technical issues. New issue tracker: –http://rt.psg.com/ Work through issue log, discussing open issues on the list. Issues will gradually migrate to the tracker.

8 CDB-041110-8 Questions?

Download ppt "CDB-041110-1 Chris Bonatti (IECA, Inc.) Tel: (+1) 301-548-9569 Proposed PKI4IPSEC Certificate Management Requirements Document IETF #61 – PKI4IPSEC Working."

Similar presentations

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.

EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,

PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean,
Biller Direct Getting Started

Biller Direct Getting Started
1 September 2003 IEEE 802.17 Draft 2.5 OAM Comment Resolution Las Vegas, NV - September 2003 Section Editor: Glenn Parsons Technical Editors: Leon Bruckman,

1 September 2003 IEEE Draft 2.5 OAM Comment Resolution Las Vegas, NV - September 2003 Section Editor: Glenn Parsons Technical Editors: Leon Bruckman,
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
John Gallagher Manager, Data Acquisition and Management State Government of Victoria 03 8636 2337 SSI Victorial Summit 2008.

John Gallagher Manager, Data Acquisition and Management State Government of Victoria SSI Victorial Summit 2008.
Public Key Infrastructure Ben Sangster February 23, 2006.

Public Key Infrastructure Ben Sangster February 23, 2006.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer
Home Network Models Vijay Devarapalli draft-ietf-nemo-home-network-models-02 NEMO WG, IETF 62.

Home Network Models Vijay Devarapalli draft-ietf-nemo-home-network-models-02 NEMO WG, IETF 62.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
AD description template definition Marián Mlynarovič FIIT Lectures 2006.

AD description template definition Marián Mlynarovič FIIT Lectures 2006.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
The future of interoperability for ILL and resource sharing by Clare Mackeigan Relais International.

The future of interoperability for ILL and resource sharing by Clare Mackeigan Relais International.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
SIP working group status Keith Drage, Dean Willis.

SIP working group status Keith Drage, Dean Willis.
Best Practices Working Group June 19-21, 2001 Munich, Germany.

Best Practices Working Group June 19-21, 2001 Munich, Germany.
Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Active Directory ® Certificate Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Similar presentations

Ads by Google