Presentation is loading. Please wait.

Presentation is loading. Please wait.

ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update.

Published bySteven McKnight Modified over 10 years ago

Similar presentations

Presentation on theme: "ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update."— Presentation transcript:

1 ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update

2 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Overview Mandate for change Applying authentication to processes Choosing the first method Make it happen Next steps

3 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Why Change, Why Now? Community has made it clear that mail-from authentication is inadequate and want better options Stewardship principles dictate that ARIN move away from loose security Release of new database clears path for forward progress

4 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Applying Better Authentication Identify use cases for authentication mechanisms: What processes benefit from stronger authentication? Inbound templates and requests Outbound mail Outbound files Web publishing Web transactions

5 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Approach Community has asked for spectrum of authentication choices Password (md5-pw, des, etc.) PGP X.509 Implement one at a time, evaluate, and repeat Consider mail-from deprecation after evaluating adoption progress

6 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Authentication Deployment Precepts Phased, opt-in adoption Permit multiple authentication methods Prohibit a POCs use of mail-from when an improved authentication method is selected by a POC

7 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choosing the First Authentication Method Investigate other RIRs implementations APNIC – using userid/password, PGP, and X.509; running Certificate Authority (CA) LACNIC – using userid/passphrase RIPE NCC – using password and PGP

8 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choosing the First Authentication Method Community input – public policy mtgs. Certificates good When implementing PGP dont use public key servers Engineering evaluation Applicability to processes Strength of security Coordination with other ongoing eng efforts Other RIR implementations

9 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 The choice: X.509 First Permits application of secure authentication to widest array of processes: Can protect (authenticate and encrypt) email templates Can authenticate web transactions Can authenticate data produced by ARIN Provides best combination of: Control Security Utility

10 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 How X.509 Adopters Get Tighter Authentication POC generates Certificate Signing Request (CSR) POC sends CSR in a new template to ARIN ARIN verifies CSR contents ARIN generates certificate, updates database, and returns it to POC POC uses certificate to sign templates POC maintains authentication certificate (rollover) ARIN authenticates templates submitted by that POC

11 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Getting There Identify process touch points Registration template processing (email) Non-template email communication Online processing (future) Establish test bed Propose process changes CSR processing Running the ARIN Certificate Authority (CA) Signed template acceptance & rejection Response to authentication failure

12 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline

13 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline Establish requirements and prerequisites

14 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline Accomplish prerequisites Establish requirements and prerequisites

15 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline Accomplish prerequisites Explore options Establish requirements and prerequisites

16 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Establish requirements and prerequisites

17 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites

18 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed

19 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choose first deployment method Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed

20 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choose first deployment method Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed Develop process changes POC-Auth Template Procedural changes Systematic changes

21 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choose first deployment method Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed Develop process changes Form beta community and test Interested? beta@arin.netbeta@arin.net Perform beta training & testing Refine/respond to beta issues Training (internal/external)

22 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choose first deployment method Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed Develop process changes Form beta community and test Deploy

23 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choose first deployment method Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed Develop process changes Form beta community and test Implement other methods Deploy

24 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Choose first deployment method Timeline Accomplish prerequisites Explore options Understand existing RIR implementations Identify use cases & touch points Establish requirements and prerequisites Establish test bed Develop process changes Form beta community and test Implement other methods Deploy Deprecate Mail-From?

25 ARIN XIMemphis, TNARIN XIMemphis, TNApril 2003 Thank You!

Download ppt "ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update."

Similar presentations

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Work Plan 2000 APNIC Annual Member Meeting Seoul, 3 March 2000.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Work Plan 2000 APNIC Annual Member Meeting Seoul, 3 March 2000.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
NCOAUG Training Day Summer 2008 Presentation Approve and Send Your Purchase Order via E-Mail Possible Configuration Options (11i) Presented by Al Kannan,

NCOAUG Training Day Summer 2008 Presentation Approve and Send Your Purchase Order via Possible Configuration Options (11i) Presented by Al Kannan,
Installation & User Guide

Installation & User Guide
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
26 February 2003 APNIC 15 Taipei, Taiwan RWhois Database SIG Tim Christensen Database Administrator ARIN.

26 February 2003 APNIC 15 Taipei, Taiwan RWhois Database SIG Tim Christensen Database Administrator ARIN.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Paul Vixie APNIC 32 – Busan, Korea ARIN Update. 2011 Focus IPv4 Depletion & IPv6 Uptake Developing, adapting, and improving processes and procedures Working.

Paul Vixie APNIC 32 – Busan, Korea ARIN Update Focus IPv4 Depletion & IPv6 Uptake Developing, adapting, and improving processes and procedures Working.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Tiago Rodrigues Antao. RIPE 45, May 2003, Barcelona. 1 Improved Secure Communication System for RIPE NCC Members Tiago Rodrigues Antao.

Tiago Rodrigues Antao. RIPE 45, May 2003, Barcelona. 1 Improved Secure Communication System for RIPE NCC Members Tiago Rodrigues Antao.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.

File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.
October 1, 2005 (Rev. 10/06) Statewide Electronic Commerce Program (SECP) Electronic Funds Transfer Enrollment Process For agencies and eligible entities.

October 1, 2005 (Rev. 10/06) Statewide Electronic Commerce Program (SECP) Electronic Funds Transfer Enrollment Process For agencies and eligible entities.

Similar presentations

Ads by Google