OCSP https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Lightweight OCSP Profile for High Volume Environments November 10, 2004 Ryan M. Hurst Alex Deacon.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Chapter 9 Deploying IIS and Active Directory Certificate Services
© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. A tutorial on how you can host multiple SSL Certificates on a single IP.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements Presented by: Zhengyang Qu.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
Configuring Active Directory Certificate Services Lesson 13.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Introduction to Information Security SSL & TLS Story of a protocol Itamar Gilad (infosec15 at modprobe dot net)
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. WEB.
IGMP
Configuring Directory Certificate Services Lesson 13.
Certificate revocation list
OPML
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
POP3
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Module 9: Fundamentals of Securing Network Communication.
1 Robust Defenses for Cross-Site Request Forgery Adam Barth, Collin Jackson, John C. Mitchell Stanford University 15th ACM CCS.
Online Certificate Status Protocol ‘OCSP’ Dave Hirose July Outline: What is OCSP? Digital Signatures Certificate Revocation List Technical aspects.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.
Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
EMU and DANE Jim Schaad August Cellars. EMU TLS Issues Trust Anchor Matching PKIX cert to EMU Server Name Certificate Revocation Checking – CRLs – OCSP.
SHAREPOINTEXCHANGELYNCOFFICE WEB APPS Server to Server Authentication Site Mailboxes High Resolution Photos Task Synchronization Unified Contact.
JavaScript and Ajax (Internet Background) Week 1 Web site:
SSH/SSL Attacks not on tests, just for fun. SSH/SSL Should Be Secure Cryptographic operations are secure SSL uses certificates to authenticate servers.
The Internet What is the Internet? The Internet is a lot of computers over the whole world connected together so that they can share information. It.
Revocation in WebPKI Phill Hallam-Baker Comodo. Standards intersection PKIX OTHER.
Web Cache. What is Cache? Cache is the storing of data temporarily to improve performance. Cache exist in a variety of areas such as your CPU, Hard Disk.
Server-Side JavaScript
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
WEB TESTING
Key management issues in PGP
CRLite: A Scalable System for Pushing All TLS Revocations to All Browsers By Kartik Patel.
Setting and Upload Products
SSL Certificates for Secure Websites
Lesson 4: Web Browsing.
Data and Applications Security Developments and Directions
Practical Censorship Evasion Leveraging Content Delivery Networks
Whether you decide to use hidden frames or XMLHttp, there are several things you'll need to consider when building an Ajax application. Expanding the role.
How to Check if a site's connection is secure ?
Client-Server Computing
Using SSL – Secure Socket Layer
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
HyperText Transfer Protocol
Lesson 4: Web Browsing.
Certificate Revocation
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
Electronic Payment Security Technologies
Q/ Compare between HTTP & HTTPS? HTTP HTTPS
OCSP Requirements GGF13.
Presentation transcript:

OCSP

Solar thermal - MicroCSP 1 MicroCSP references solar thermal technologies in which concentrating solar power (CSP) collectors are based on the designs used in traditional Concentrating Solar Power systems found in the Mojave Desert but are smaller in collector size, lighter and operate at lower thermal temperatures usually below 315 °C (600 °F)

Solar thermal - MicroCSP 1 MicroCSP is used for community-sized power plants (1MW to 50MW), for industrial, agricultural and manufacturing 'process heat' applications, and when large amounts of hot water are needed, such as resort swimming pools, water parks, large laundry facilities, sterilization, distillation and other such uses.

OCSP stapling 1 'OCSP stapling', formally known as the TLS 'Certificate Status Request' extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing OCSP responses, instead of the issuing certificate authority (CA).

OCSP stapling - Motivation 1 When the certificate is issued to a legitimate high traffic web site, for instance, this can result in enormous volumes of OCSP request traffic, all of which serves to indicate that the certificate is valid and can be trusted.

OCSP stapling - Motivation 1 OCSP checking also creates a privacy impairment, since it requires the client to contact a third party (the CA) to confirm certificate validity. A way to verify validity without disclosing browsing behavior would be desirable for some groups of users.

OCSP stapling - Solution 1 Also, an invalid stapled response (or no stapled response) will just cause the client to ask the OCSP server directly

OCSP stapling - Solution 1 As a result, clients continue to have verifiable assurance from the certificate authority that the certificate is presently valid (or was quite recently), but no longer need to individually contact the OCSP server. This means that the brunt of the resource burden is now placed back on the certificate holder. It also means that the client software no longer needs to disclose users' browsing habits to any third party.

OCSP stapling - Solution 1 Overall performance is also improved: When the client fetches the OCSP response directly from the CA, it usually involves the lookup of the domain name of the CA's OCSP server in the DNS as well as establishing a connection to the OCSP server. When OCSP stapling is used, the certificate status information is delivered to the client through the established channel, which improves performance.

OCSP stapling - Specification 1 Hallam-Baker, [ hallambaker-muststaple-00 X.509v3 Extension: OCSP Stapling Required] TLS developer Adam Langley discussed the extension in an April 2014 article following the repair of the Heartbleed OpenSSL bug.A

OCSP stapling - Deployment 1 OCSP stapling has not seen broad deployment to date, however this is changing. The OpenSSL project included support in their 0.9.8g release with the assistance of a grant from the Mozilla Foundation.

OCSP stapling - Deployment 1 Apache HTTP Server supports OCSP stapling since version 2.3.3,[ d_ssl.html#sslusestapling Apache HTTP Server mod_ssl documentation - SSLUseStapling directive] the nginx web server since version 1.3.7,[ announce/2012/ html nginx-announce mailing list - nginx-1.3.7] LiteSpeed Web Server since version 4.2.4,[ eed-web-server/release-log Release Log - Litespeed Tech]

OCSP stapling - Deployment 1 On the browser side, OCSP stapling was implemented in Firefox 26[ 7/29/ocsp-stapling-in-firefox/ OCSP Stapling in Firefox], retrieved mozillawiki:CA:ImprovingRevocation#O CSP_Stapling|Improving Revocation - MozillaWiki, retrieved and in Internet Explorer since Windows Vista.

OCSP stapling - Limitations 1 However, OCSP stapling supports only one OCSP response at a time, which is insufficient for sites which use several different certificates for a single page.[ g.cgi?id=360420#c10 Mozilla NSS Bug ], Comment by Adam Langley[ bug.cgi?id= Mozilla NSS Bug Implement multiple OCSP stapling extension]

For More Information, Visit: m/itil-2011-foundation- complete-certification-kit- fourth-edition-study-guide- ebook-and-online-course.html m/itil-2011-foundation- complete-certification-kit- fourth-edition-study-guide- ebook-and-online-course.html The Art of Service

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.