Presentation is loading. Please wait.

Presentation is loading. Please wait.

OCSP https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html.

Published byEustace McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "OCSP https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html."— Presentation transcript:

1 OCSP https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

2 Solar thermal - MicroCSP 1 MicroCSP references solar thermal technologies in which concentrating solar power (CSP) collectors are based on the designs used in traditional Concentrating Solar Power systems found in the Mojave Desert but are smaller in collector size, lighter and operate at lower thermal temperatures usually below 315 °C (600 °F) https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

3 Solar thermal - MicroCSP 1 MicroCSP is used for community-sized power plants (1MW to 50MW), for industrial, agricultural and manufacturing 'process heat' applications, and when large amounts of hot water are needed, such as resort swimming pools, water parks, large laundry facilities, sterilization, distillation and other such uses. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

4 OCSP stapling 1 'OCSP stapling', formally known as the TLS 'Certificate Status Request' extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing OCSP responses, instead of the issuing certificate authority (CA). https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

5 OCSP stapling - Motivation 1 When the certificate is issued to a legitimate high traffic web site, for instance, this can result in enormous volumes of OCSP request traffic, all of which serves to indicate that the certificate is valid and can be trusted. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

6 OCSP stapling - Motivation 1 OCSP checking also creates a privacy impairment, since it requires the client to contact a third party (the CA) to confirm certificate validity. A way to verify validity without disclosing browsing behavior would be desirable for some groups of users. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

7 OCSP stapling - Solution 1 Also, an invalid stapled response (or no stapled response) will just cause the client to ask the OCSP server directly https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

8 OCSP stapling - Solution 1 As a result, clients continue to have verifiable assurance from the certificate authority that the certificate is presently valid (or was quite recently), but no longer need to individually contact the OCSP server. This means that the brunt of the resource burden is now placed back on the certificate holder. It also means that the client software no longer needs to disclose users' browsing habits to any third party. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

9 OCSP stapling - Solution 1 Overall performance is also improved: When the client fetches the OCSP response directly from the CA, it usually involves the lookup of the domain name of the CA's OCSP server in the DNS as well as establishing a connection to the OCSP server. When OCSP stapling is used, the certificate status information is delivered to the client through the established channel, which improves performance. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

10 OCSP stapling - Specification 1 Hallam-Baker, [https://tools.ietf.org/html/draft- hallambaker-muststaple-00 X.509v3 Extension: OCSP Stapling Required] TLS developer Adam Langley discussed the extension in an April 2014 article following the repair of the Heartbleed OpenSSL bug.A https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

11 OCSP stapling - Deployment 1 OCSP stapling has not seen broad deployment to date, however this is changing. The OpenSSL project included support in their 0.9.8g release with the assistance of a grant from the Mozilla Foundation. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

12 OCSP stapling - Deployment 1 Apache HTTP Server supports OCSP stapling since version 2.3.3,[https://httpd.apache.org/docs/trunk/mod/mo d_ssl.html#sslusestapling Apache HTTP Server mod_ssl documentation - SSLUseStapling directive] the nginx web server since version 1.3.7,[http://mailman.nginx.org/pipermail/nginx- announce/2012/000095.html nginx-announce mailing list - nginx-1.3.7] LiteSpeed Web Server since version 4.2.4,[http://www.litespeedtech.com/products/litesp eed-web-server/release-log Release Log - Litespeed Tech] https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

13 OCSP stapling - Deployment 1 On the browser side, OCSP stapling was implemented in Firefox 26[https://blog.mozilla.org/security/2013/0 7/29/ocsp-stapling-in-firefox/ OCSP Stapling in Firefox], retrieved 2013-07- 30mozillawiki:CA:ImprovingRevocation#O CSP_Stapling|Improving Revocation - MozillaWiki, retrieved 2014-04-28 and in Internet Explorer since Windows Vista. https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

14 OCSP stapling - Limitations 1 However, OCSP stapling supports only one OCSP response at a time, which is insufficient for sites which use several different certificates for a single page.[https://bugzilla.mozilla.org/show_bu g.cgi?id=360420#c10 Mozilla NSS Bug 360420], Comment by Adam Langley[https://bugzilla.mozilla.org/show_ bug.cgi?id=611836 Mozilla NSS Bug 611836 - Implement multiple OCSP stapling extension] https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html

15 For More Information, Visit: https://store.theartofservice.co m/itil-2011-foundation- complete-certification-kit- fourth-edition-study-guide- ebook-and-online-course.html https://store.theartofservice.co m/itil-2011-foundation- complete-certification-kit- fourth-edition-study-guide- ebook-and-online-course.html The Art of Service https://store.theartofservice.com

Download ppt "OCSP https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.

Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Chapter 9 Deploying IIS and Active Directory Certificate Services

Chapter 9 Deploying IIS and Active Directory Certificate Services
© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. A tutorial on how you can host multiple SSL Certificates on a single IP.

© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. A tutorial on how you can host multiple SSL Certificates on a single IP.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements Presented by: Zhengyang Qu.

SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements Presented by: Zhengyang Qu.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.

1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Similar presentations

Ads by Google