Resource Certificate Provisioning Protocol - PowerPoint PPT Presentation

About This Presentation
Title:

Resource Certificate Provisioning Protocol

Description:

How to automate the process of certificate issuance such that the issued ... Simple Client / Server protocol using a request ... Current (unsubmitted) draft is: ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 15
Provided by: gih
Category:

less

Transcript and Presenter's Notes

Title: Resource Certificate Provisioning Protocol


1
Resource Certificate Provisioning Protocol
  • Geoff Huston
  • IETF 70
  • December 2007

2
Problem Statement
  • How to automate the process of certificate
    issuance such that the issued certificate
    accurately tracks the current resource allocation
    status
  • Avoid situations where
  • the issued certificate overclaims resources
  • The issued certificate underclaims resources

3
Scenario
Certificate Issuer
Internet Registry
Issues Resource Certificates
Allocates / Assigns Addresses
Certificate Subject
Resource Holder
4
Scenario
Certificate Issuer
Internet Registry
Issues Resource Certificates
Allocates / Assigns Addresses
Resource Certificate Provisioning Protocol
Certificate Subject
Resource Holder
5
Protocol Characteristics
  • Simple Client / Server protocol using a request /
    response interaction over a secure reliable
    channel

HTTPS POST
Client
Server
HTTPS RESPONSE
6
Protocol Payload
  • Cryptographic Message Syntax (CMS)
  • SignedData object type
  • Include Signing Time in the CMS wrapper
  • Include CMS signing cert in the CMS wrapper
  • XML Data Objects
  • Carried as CMS payload

7
XML Message Structure
lt?xml version"1.0" encoding"UTF-8"?gt ltmessage
xmlns"http//www.apnic.net/specs/rescerts/up-down
/" version"1"
sender"sender name" recipient
"recipient name"
type"message type"gt payload
lt/messagegt
8
Messages
  • Query
  • Issue
  • Revoke

9
Query Message
  • Request typelist
  • Response
  • List of Resource classes
  • List of allocated / assigned Number Resources
    within this class
  • Issued certificate(s) for this class

10
Issue Message
  • Request typeissue
  • Payload Resource class name
  • PKCS10 Certificate Request
  • Response
  • Payload Issued certificate

11
Revoke Message
  • Request typerevoke
  • Payload Resource class name
  • Subjects public key
  • Response
  • Payload confirmation of revocation

12
Error Responses
  • Error status returned when the request could not
    be performed

13
Protocol Specification
  • Current (unsubmitted) draft is
  • http//www.potaroo.net/drafts/draft-ietf-sidr-resc
    erts-provisioning-00.html

14
Next Steps
  • Adoption of the specification of this
    provisioning protocol as a SIDR WG Document?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Resource Certificate Provisioning Protocol" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!