SlideShare una empresa de Scribd logo

CACert - A Community-driven Certification Authority - OpenSistemas

OpenSistemas
OpenSistemas
Tecnología
1 de 105
Descargar para leer sin conexión
CACert A Community-driven Certification Authority Juanjo Amor jjamor@opensistemas.com OpenSistemas 29 Abril 2011 Juanjo Amor CACert
(cc) 2011 Juanjo Amor and Wikipedia Some rights reserved. This work licensed under Creative Commons Attribution-ShareAlike License. To view a copy of full license, see http://creativecommons.org/licenses/by-sa/3.0/ or write to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Juanjo Amor CACert
Index Juanjo Amor CACert
About Opensistemas Opensistemas is an international company Juanjo Amor CACert
About Opensistemas Opensistemas is an international company highly specialized Juanjo Amor CACert
About Opensistemas Opensistemas is an international company highly specialized in offering global IT solutions Juanjo Amor CACert
About Opensistemas Opensistemas is an international company highly specialized in offering global IT solutionsbased on Open Sourceand Linuxplatforms. Juanjo Amor CACert
About Opensistemas Our Vision: Juanjo Amor CACert
About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Juanjo Amor CACert
About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Juanjo Amor CACert
About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Juanjo Amor CACert
About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Our Values: Juanjo Amor CACert
About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Our Values: Deliver effective solutiosn to our customers. Corporate social responsibility. Commitment to Open Source. Ethics and Respect for individuals. Research and Innovation. Teamwork. Commitment to the development of a society connected by information and knowledge. Juanjo Amor CACert
About Opensistemas Our Markets Juanjo Amor CACert
About Opensistemas Our Partners Juanjo Amor CACert
About Opensistemas Opensistemas is present in nine locations over five countries: Spain (Madrid, Valencia, Barcelona, Sevilla, Zaragoza), Chile (Santiago), Colombia (Bogot´a), United Kingdom (London) and China (Shanghai). Juanjo Amor CACert
About Opensistemas Contact Information www.opensistemas.com info@opensistemas.com +34 902 107 396 Juanjo Amor CACert
Index Juanjo Amor CACert
PKI concepts PKI meaning... Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Public keys (person, server and authority certificates) Juanjo Amor CACert
PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Public keys (person, server and authority certificates) Policies and procedures Juanjo Amor CACert
PKI diagram of a public key infrastructure Juanjo Amor CACert
PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... Juanjo Amor CACert
PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Juanjo Amor CACert
PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA Juanjo Amor CACert
PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA The certificate chain informs browser about VA Juanjo Amor CACert
PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA The certificate chain informs browser about VA Example: Try to get certificate information by using Thawte SSL Ca Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. This is one of first certificates acknowledged for legally identifying people or enterprises in Spain. Juanjo Amor CACert
PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. This is one of first certificates acknowledged for legally identifying people or enterprises in Spain. Example: Import FNMT certificate and then get its information. Juanjo Amor CACert
PKI example 3: The DGP CA Spanish DGP (Police) CA Juanjo Amor CACert
PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters Juanjo Amor CACert
PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices Juanjo Amor CACert
PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) Juanjo Amor CACert
PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) This is the CA for spanish electronic ID (DNIe). Also acknowledged for legally identifying people. Juanjo Amor CACert
PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) This is the CA for spanish electronic ID (DNIe). Also acknowledged for legally identifying people. Example: Import DGP certificate and then get its information. Juanjo Amor CACert
Web of Trust Web of trust Juanjo Amor CACert
Web of Trust Web of trust Concept created by PGP creator. Juanjo Amor CACert
Web of Trust Web of trust Concept created by PGP creator. Instead of having a “central” CA, we can build a trust network of signed public keys. Juanjo Amor CACert
Web of Trust Web of trust Concept created by PGP creator. Instead of having a “central” CA, we can build a trust network of signed public keys. If A signs B, and C trust A, then C could trust B. Juanjo Amor CACert
Web of Trust Web of trust Concept created by PGP creator. Instead of having a “central” CA, we can build a trust network of signed public keys. If A signs B, and C trust A, then C could trust B. CACert uses a variant of trust network... Juanjo Amor CACert
Index Juanjo Amor CACert
CACert PKI What is CACERT? Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Web of trust: Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Web of trust: Meetings, Assurance points, Prospective Assurers and Assures. Juanjo Amor CACert
CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Web of trust: Meetings, Assurance points, Prospective Assurers and Assures. Assured users can get, for example, email certificates with a complete CommonName field. Juanjo Amor CACert
CACert inclusion status Can we use CACert server certificates with some browser? Juanjo Amor CACert
CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Juanjo Amor CACert
CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. Juanjo Amor CACert
CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. No, my browser does not recognize the certificates and I cannot trust to a strange CA.crt file! (Like a self-signed certificate) Juanjo Amor CACert
CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. No, my browser does not recognize the certificates and I cannot trust to a strange CA.crt file! (Like a self-signed certificate) Although Mozilla started a process to include the certificate, an audit suspended the process, because CACert needed to improve their management system. Juanjo Amor CACert
CACert web of trust When you create a new CACert account: Juanjo Amor CACert
CACert web of trust When you create a new CACert account: Only your email can be verified Juanjo Amor CACert
CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: Juanjo Amor CACert
CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: for including your real name to your account, Juanjo Amor CACert
CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: for including your real name to your account, to generate better certificates, and finally, Juanjo Amor CACert
CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: for including your real name to your account, to generate better certificates, and finally, to be also a CACert assurer. Juanjo Amor CACert
CACert web of trust Some rules: Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . When you got 50 experience points, then you can issue to others the maximum per session: 35 points Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . When you got 50 experience points, then you can issue to others the maximum per session: 35 points But in any case, you can, if you want, to issue less points than your maximum Juanjo Amor CACert
CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . When you got 50 experience points, then you can issue to others the maximum per session: 35 points But in any case, you can, if you want, to issue less points than your maximum Juanjo Amor CACert
CACert client certificates A client certificate is used to: Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration When you are assured (50 points) you also get Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration When you are assured (50 points) you also get Name and email certified Juanjo Amor CACert
CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration When you are assured (50 points) you also get Name and email certified 24 month expiration Juanjo Amor CACert
CACert server certificates A server certificate is used to: Juanjo Amor CACert
CACert server certificates A server certificate is used to: Secure website: identify a server to you Juanjo Amor CACert
CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: Juanjo Amor CACert
CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration Juanjo Amor CACert
CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get Juanjo Amor CACert
CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get 24 month expiration Juanjo Amor CACert
CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get 24 month expiration In all cases, you need to be able to ping DNS name by receiven a postmaster email from DNS owner, and only website DNS name is assured, because CACert assurers are not able verify legal owner. Juanjo Amor CACert
Questions Questions? Juanjo Amor CACert
Exercises Final exercises 1 Creating your CACert account. 2 Creating your email certificate, with browser and then with openssl 3 Creating a web certificate, with openssl and apache 4 Want to be assured? Juanjo Amor CACert

Recomendados

Suppers go to San Francisco
Suppers go to San FranciscoSuppers go to San Francisco
Suppers go to San Francisco
Start-Up Chile
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat
Lori Head
 
Open Source in the DoD; Build It
Open Source in the DoD; Build ItOpen Source in the DoD; Build It
Open Source in the DoD; Build It
jstogdill
 
Chochogami
ChochogamiChochogami
Chochogami
Pat Conarro
 
CAParty Madrid October 2011
CAParty Madrid October 2011CAParty Madrid October 2011
CAParty Madrid October 2011
Antonio Peña
 
CAParty Madrid 2010 - Slides
CAParty Madrid 2010 - SlidesCAParty Madrid 2010 - Slides
CAParty Madrid 2010 - Slides
Juanjo Amor
 
Student Persuasive Essay Topics
Student Persuasive Essay TopicsStudent Persuasive Essay Topics
Student Persuasive Essay Topics
Jessica Gefroh
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
Internet Law Center
 

Recomendados

Suppers go to San Francisco
Suppers go to San FranciscoSuppers go to San Francisco
Suppers go to San Francisco
Start-Up Chile
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat
Lori Head
 
Open Source in the DoD; Build It
Open Source in the DoD; Build ItOpen Source in the DoD; Build It
Open Source in the DoD; Build It
jstogdill
 
Chochogami
ChochogamiChochogami
Chochogami
Pat Conarro
 
CAParty Madrid October 2011
CAParty Madrid October 2011CAParty Madrid October 2011
CAParty Madrid October 2011
Antonio Peña
 
CAParty Madrid 2010 - Slides
CAParty Madrid 2010 - SlidesCAParty Madrid 2010 - Slides
CAParty Madrid 2010 - Slides
Juanjo Amor
 
Student Persuasive Essay Topics
Student Persuasive Essay TopicsStudent Persuasive Essay Topics
Student Persuasive Essay Topics
Jessica Gefroh
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
Internet Law Center
 
FewerClicks Software Blockchain development presentation
FewerClicks Software Blockchain development presentationFewerClicks Software Blockchain development presentation
FewerClicks Software Blockchain development presentation
ashish2509
 
10 Best Images Of Blank Letter Practice Worksheet
10 Best Images Of Blank Letter Practice Worksheet10 Best Images Of Blank Letter Practice Worksheet
10 Best Images Of Blank Letter Practice Worksheet
Sheila Brooks
 
The Robot Marketeer
The Robot MarketeerThe Robot Marketeer
The Robot Marketeer
Bart De Waele
 
How Quotient uses MariaDB to help customers save money
How Quotient uses MariaDB to help customers save moneyHow Quotient uses MariaDB to help customers save money
How Quotient uses MariaDB to help customers save money
MariaDB plc
 
Government Next: NIC Presentation
Government Next: NIC PresentationGovernment Next: NIC Presentation
Government Next: NIC Presentation
Tara Hunt
 
Consumer Token Offering
Consumer Token OfferingConsumer Token Offering
Consumer Token Offering
Developcoins
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
Chris Gates
 
Maximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing PatentsMaximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing Patents
Alex G. Lee, Ph.D. Esq. CLP
 
How to raise money in a digital world
How to raise money in a digital worldHow to raise money in a digital world
How to raise money in a digital world
Luca Merolla
 
Blockchain Technology Meets 4x4 Innovation Financing
Blockchain Technology Meets 4x4 Innovation FinancingBlockchain Technology Meets 4x4 Innovation Financing
Blockchain Technology Meets 4x4 Innovation Financing
Martin Schweiger
 
Cleveland Brown (Payscout): Payments in VR
Cleveland Brown (Payscout): Payments in VRCleveland Brown (Payscout): Payments in VR
Cleveland Brown (Payscout): Payments in VR
AugmentedWorldExpo
 
Next Generation Internet Marketing-Transformational Customer Experience
Next Generation Internet Marketing-Transformational Customer ExperienceNext Generation Internet Marketing-Transformational Customer Experience
Next Generation Internet Marketing-Transformational Customer Experience
Customer Centria
 
A look inside the European Covid Green Certificate (Codemotion 2021)
A look inside the European Covid Green Certificate (Codemotion 2021)A look inside the European Covid Green Certificate (Codemotion 2021)
A look inside the European Covid Green Certificate (Codemotion 2021)
Luciano Mammino
 
Traveling Essay Sample. Travelling Essay For Stude
Traveling Essay Sample. Travelling Essay For StudeTraveling Essay Sample. Travelling Essay For Stude
Traveling Essay Sample. Travelling Essay For Stude
Tiffany Miller
 
Best training blockchain for colleges- https://diyblockchain.co
Best training blockchain for colleges- https://diyblockchain.coBest training blockchain for colleges- https://diyblockchain.co
Best training blockchain for colleges- https://diyblockchain.co
Asif Khan
 
Diyblockchain 9jan2019 https://diyblockchain.co/
Diyblockchain 9jan2019 https://diyblockchain.co/Diyblockchain 9jan2019 https://diyblockchain.co/
Diyblockchain 9jan2019 https://diyblockchain.co/
bhuvankhanna1
 
Diyblockchain -best blockchain institute for corporate training -diyblockchai...
Diyblockchain -best blockchain institute for corporate training -diyblockchai...Diyblockchain -best blockchain institute for corporate training -diyblockchai...
Diyblockchain -best blockchain institute for corporate training -diyblockchai...
Asif Khan
 
BEST CRYPTOCURRENCY TRAINING
BEST CRYPTOCURRENCY TRAININGBEST CRYPTOCURRENCY TRAINING
BEST CRYPTOCURRENCY TRAINING
bhuvankhanna1
 
BLOCKCHAIN AND CRYPTOCURRENCY COURSES
BLOCKCHAIN AND CRYPTOCURRENCY COURSESBLOCKCHAIN AND CRYPTOCURRENCY COURSES
BLOCKCHAIN AND CRYPTOCURRENCY COURSES
bhuvankhanna1
 
Diyblockchain -best training on blockchain - https://diyblockchain.co
Diyblockchain -best training on blockchain - https://diyblockchain.coDiyblockchain -best training on blockchain - https://diyblockchain.co
Diyblockchain -best training on blockchain - https://diyblockchain.co
Asif Khan
 
From SF with Love
From SF with LoveFrom SF with Love
From SF with Love
OpenSistemas
 
OpenSistemas Corporate Presentation
OpenSistemas Corporate PresentationOpenSistemas Corporate Presentation
OpenSistemas Corporate Presentation
OpenSistemas
 

Más contenido relacionado

Similar a CACert - A Community-driven Certification Authority - OpenSistemas

How Quotient uses MariaDB to help customers save money
How Quotient uses MariaDB to help customers save moneyHow Quotient uses MariaDB to help customers save money
How Quotient uses MariaDB to help customers save money
MariaDB plc
 
Maximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing PatentsMaximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing Patents
Alex G. Lee, Ph.D. Esq. CLP
 

Similar a CACert - A Community-driven Certification Authority - OpenSistemas (20)

FewerClicks Software Blockchain development presentation
FewerClicks Software Blockchain development presentationFewerClicks Software Blockchain development presentation
FewerClicks Software Blockchain development presentation
 
10 Best Images Of Blank Letter Practice Worksheet
10 Best Images Of Blank Letter Practice Worksheet10 Best Images Of Blank Letter Practice Worksheet
10 Best Images Of Blank Letter Practice Worksheet
 
The Robot Marketeer
The Robot MarketeerThe Robot Marketeer
The Robot Marketeer
 
How Quotient uses MariaDB to help customers save money
How Quotient uses MariaDB to help customers save moneyHow Quotient uses MariaDB to help customers save money
How Quotient uses MariaDB to help customers save money
 
Government Next: NIC Presentation
Government Next: NIC PresentationGovernment Next: NIC Presentation
Government Next: NIC Presentation
 
Consumer Token Offering
Consumer Token OfferingConsumer Token Offering
Consumer Token Offering
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Maximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing PatentsMaximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing Patents
 
How to raise money in a digital world
How to raise money in a digital worldHow to raise money in a digital world
How to raise money in a digital world
 
Blockchain Technology Meets 4x4 Innovation Financing
Blockchain Technology Meets 4x4 Innovation FinancingBlockchain Technology Meets 4x4 Innovation Financing
Blockchain Technology Meets 4x4 Innovation Financing
 
Cleveland Brown (Payscout): Payments in VR
Cleveland Brown (Payscout): Payments in VRCleveland Brown (Payscout): Payments in VR
Cleveland Brown (Payscout): Payments in VR
 
Next Generation Internet Marketing-Transformational Customer Experience
Next Generation Internet Marketing-Transformational Customer ExperienceNext Generation Internet Marketing-Transformational Customer Experience
Next Generation Internet Marketing-Transformational Customer Experience
 
A look inside the European Covid Green Certificate (Codemotion 2021)
A look inside the European Covid Green Certificate (Codemotion 2021)A look inside the European Covid Green Certificate (Codemotion 2021)
A look inside the European Covid Green Certificate (Codemotion 2021)
 
Traveling Essay Sample. Travelling Essay For Stude
Traveling Essay Sample. Travelling Essay For StudeTraveling Essay Sample. Travelling Essay For Stude
Traveling Essay Sample. Travelling Essay For Stude
 
Best training blockchain for colleges- https://diyblockchain.co
Best training blockchain for colleges- https://diyblockchain.coBest training blockchain for colleges- https://diyblockchain.co
Best training blockchain for colleges- https://diyblockchain.co
 
Diyblockchain 9jan2019 https://diyblockchain.co/
Diyblockchain 9jan2019 https://diyblockchain.co/Diyblockchain 9jan2019 https://diyblockchain.co/
Diyblockchain 9jan2019 https://diyblockchain.co/
 
Diyblockchain -best blockchain institute for corporate training -diyblockchai...
Diyblockchain -best blockchain institute for corporate training -diyblockchai...Diyblockchain -best blockchain institute for corporate training -diyblockchai...
Diyblockchain -best blockchain institute for corporate training -diyblockchai...
 
BEST CRYPTOCURRENCY TRAINING
BEST CRYPTOCURRENCY TRAININGBEST CRYPTOCURRENCY TRAINING
BEST CRYPTOCURRENCY TRAINING
 
BLOCKCHAIN AND CRYPTOCURRENCY COURSES
BLOCKCHAIN AND CRYPTOCURRENCY COURSESBLOCKCHAIN AND CRYPTOCURRENCY COURSES
BLOCKCHAIN AND CRYPTOCURRENCY COURSES
 
Diyblockchain -best training on blockchain - https://diyblockchain.co
Diyblockchain -best training on blockchain - https://diyblockchain.coDiyblockchain -best training on blockchain - https://diyblockchain.co
Diyblockchain -best training on blockchain - https://diyblockchain.co
 

Más de OpenSistemas

Drupal 7. Puesta en producción en sistemas multientorno
Drupal 7. Puesta en producción en sistemas multientornoDrupal 7. Puesta en producción en sistemas multientorno
Drupal 7. Puesta en producción en sistemas multientorno
OpenSistemas
 
osBrain: una herramienta para la inversión automática en bolsa y mercados de ...
osBrain: una herramienta para la inversión automática en bolsa y mercados de ...osBrain: una herramienta para la inversión automática en bolsa y mercados de ...
osBrain: una herramienta para la inversión automática en bolsa y mercados de ...
OpenSistemas
 
Proceso de liberación en el marco legal del código abierto - OpenSistemas
Proceso de liberación en el marco legal del código abierto - OpenSistemasProceso de liberación en el marco legal del código abierto - OpenSistemas
Proceso de liberación en el marco legal del código abierto - OpenSistemas
OpenSistemas
 
Virtualization - Solaris LDOMs - OpenSistemas
Virtualization - Solaris LDOMs - OpenSistemasVirtualization - Solaris LDOMs - OpenSistemas
Virtualization - Solaris LDOMs - OpenSistemas
OpenSistemas
 
Floss leaders - OpenSistemas
Floss leaders - OpenSistemasFloss leaders - OpenSistemas
Floss leaders - OpenSistemas
OpenSistemas
 

Más de OpenSistemas (18)

From SF with Love
From SF with LoveFrom SF with Love
From SF with Love
 
OpenSistemas Corporate Presentation
OpenSistemas Corporate PresentationOpenSistemas Corporate Presentation
OpenSistemas Corporate Presentation
 
Data Platform & Analytics OpenSistemas MSFT Playbook
Data Platform & Analytics OpenSistemas MSFT PlaybookData Platform & Analytics OpenSistemas MSFT Playbook
Data Platform & Analytics OpenSistemas MSFT Playbook
 
El futuro Data Driven en e-Learning y RR.HH.
El futuro Data Driven en e-Learning y RR.HH.El futuro Data Driven en e-Learning y RR.HH.
El futuro Data Driven en e-Learning y RR.HH.
 
Apache spark y cómo lo usamos en nuestros proyectos
Apache spark y cómo lo usamos en nuestros proyectosApache spark y cómo lo usamos en nuestros proyectos
Apache spark y cómo lo usamos en nuestros proyectos
 
El software como acción humana
El software como acción humanaEl software como acción humana
El software como acción humana
 
Cómo crear ports en FreeBSD #PicnicCode2015
Cómo crear ports en FreeBSD #PicnicCode2015Cómo crear ports en FreeBSD #PicnicCode2015
Cómo crear ports en FreeBSD #PicnicCode2015
 
Área Education - OpenSistemas
Área Education - OpenSistemasÁrea Education - OpenSistemas
Área Education - OpenSistemas
 
Drupal 7. Puesta en producción en sistemas multientorno
Drupal 7. Puesta en producción en sistemas multientornoDrupal 7. Puesta en producción en sistemas multientorno
Drupal 7. Puesta en producción en sistemas multientorno
 
osBrain: una herramienta para la inversión automática en bolsa y mercados de ...
osBrain: una herramienta para la inversión automática en bolsa y mercados de ...osBrain: una herramienta para la inversión automática en bolsa y mercados de ...
osBrain: una herramienta para la inversión automática en bolsa y mercados de ...
 
Área de Soporte - OpenSistemas
Área de Soporte - OpenSistemasÁrea de Soporte - OpenSistemas
Área de Soporte - OpenSistemas
 
Minería de datos para trading automático
Minería de datos para trading automáticoMinería de datos para trading automático
Minería de datos para trading automático
 
Proceso de liberación en el marco legal del código abierto - OpenSistemas
Proceso de liberación en el marco legal del código abierto - OpenSistemasProceso de liberación en el marco legal del código abierto - OpenSistemas
Proceso de liberación en el marco legal del código abierto - OpenSistemas
 
Virtualization - Solaris LDOMs - OpenSistemas
Virtualization - Solaris LDOMs - OpenSistemasVirtualization - Solaris LDOMs - OpenSistemas
Virtualization - Solaris LDOMs - OpenSistemas
 
Floss leaders - OpenSistemas
Floss leaders - OpenSistemasFloss leaders - OpenSistemas
Floss leaders - OpenSistemas
 
Business Intelligence and Pentaho Services - OpenSistemas
Business Intelligence and Pentaho Services - OpenSistemasBusiness Intelligence and Pentaho Services - OpenSistemas
Business Intelligence and Pentaho Services - OpenSistemas
 
easyGTD - product Info
easyGTD - product InfoeasyGTD - product Info
easyGTD - product Info
 
easyGTD - presentación producto
easyGTD - presentación productoeasyGTD - presentación producto
easyGTD - presentación producto
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

CACert - A Community-driven Certification Authority - OpenSistemas

  • 1. CACert A Community-driven Certification Authority Juanjo Amor jjamor@opensistemas.com OpenSistemas 29 Abril 2011 Juanjo Amor CACert
  • 2. (cc) 2011 Juanjo Amor and Wikipedia Some rights reserved. This work licensed under Creative Commons Attribution-ShareAlike License. To view a copy of full license, see http://creativecommons.org/licenses/by-sa/3.0/ or write to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Juanjo Amor CACert
  • 4. About Opensistemas Opensistemas is an international company Juanjo Amor CACert
  • 5. About Opensistemas Opensistemas is an international company highly specialized Juanjo Amor CACert
  • 6. About Opensistemas Opensistemas is an international company highly specialized in offering global IT solutions Juanjo Amor CACert
  • 7. About Opensistemas Opensistemas is an international company highly specialized in offering global IT solutionsbased on Open Sourceand Linuxplatforms. Juanjo Amor CACert
  • 9. About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Juanjo Amor CACert
  • 10. About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Juanjo Amor CACert
  • 11. About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Juanjo Amor CACert
  • 12. About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Our Values: Juanjo Amor CACert
  • 13. About Opensistemas Our Vision: To become the international leader in Open Source Technologies. Our Mission: Apply our knowledge of the opportunities offered by Open Source to deliver effective solutions and innovation to our customers while promoting the professional development of our employees and building value for shareholders. Our Values: Deliver effective solutiosn to our customers. Corporate social responsibility. Commitment to Open Source. Ethics and Respect for individuals. Research and Innovation. Teamwork. Commitment to the development of a society connected by information and knowledge. Juanjo Amor CACert
  • 16. About Opensistemas Opensistemas is present in nine locations over five countries: Spain (Madrid, Valencia, Barcelona, Sevilla, Zaragoza), Chile (Santiago), Colombia (Bogot´a), United Kingdom (London) and China (Shanghai). Juanjo Amor CACert
  • 20. PKI concepts PKI meaning... PKI = Public Key Infrastructure Juanjo Amor CACert
  • 21. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Juanjo Amor CACert
  • 22. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... Juanjo Amor CACert
  • 23. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority Juanjo Amor CACert
  • 24. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority Juanjo Amor CACert
  • 25. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Juanjo Amor CACert
  • 26. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Public keys (person, server and authority certificates) Juanjo Amor CACert
  • 27. PKI concepts PKI meaning... PKI = Public Key Infrastructure a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates PKI components... CA = Certification Authority RA = Registration Authority VA = Validation Authority Public keys (person, server and authority certificates) Policies and procedures Juanjo Amor CACert
  • 28. PKI diagram of a public key infrastructure Juanjo Amor CACert
  • 29. PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... Juanjo Amor CACert
  • 30. PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Juanjo Amor CACert
  • 31. PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA Juanjo Amor CACert
  • 32. PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA The certificate chain informs browser about VA Juanjo Amor CACert
  • 33. PKI example 1: Standard CA Standard CAs such as Thawte, Verisign... CA: Joins the CA, RA, VA. Our navigator trusts in signed certificates by that CA The certificate chain informs browser about VA Example: Try to get certificate information by using Thawte SSL Ca Juanjo Amor CACert
  • 34. PKI example 2: The FNMT CA Spanish FNMT CA Juanjo Amor CACert
  • 35. PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. Juanjo Amor CACert
  • 36. PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... Juanjo Amor CACert
  • 37. PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers Juanjo Amor CACert
  • 38. PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. Juanjo Amor CACert
  • 39. PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. This is one of first certificates acknowledged for legally identifying people or enterprises in Spain. Juanjo Amor CACert
  • 40. PKI example 2: The FNMT CA Spanish FNMT CA CA: Joins CA and VA. RA: Delegated to other institutions such as AEAT, city councils... CA certificate is not directly recognized by standard browsers so we should import CA certificates into it. This is one of first certificates acknowledged for legally identifying people or enterprises in Spain. Example: Import FNMT certificate and then get its information. Juanjo Amor CACert
  • 41. PKI example 3: The DGP CA Spanish DGP (Police) CA Juanjo Amor CACert
  • 42. PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters Juanjo Amor CACert
  • 43. PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices Juanjo Amor CACert
  • 44. PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) Juanjo Amor CACert
  • 45. PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) This is the CA for spanish electronic ID (DNIe). Also acknowledged for legally identifying people. Juanjo Amor CACert
  • 46. PKI example 3: The DGP CA Spanish DGP (Police) CA CA: At DGP headquarters RA: At DGP DNIe offices VA: Delegated to third parties (FNMT, for example) This is the CA for spanish electronic ID (DNIe). Also acknowledged for legally identifying people. Example: Import DGP certificate and then get its information. Juanjo Amor CACert
  • 47. Web of Trust Web of trust Juanjo Amor CACert
  • 48. Web of Trust Web of trust Concept created by PGP creator. Juanjo Amor CACert
  • 49. Web of Trust Web of trust Concept created by PGP creator. Instead of having a “central” CA, we can build a trust network of signed public keys. Juanjo Amor CACert
  • 50. Web of Trust Web of trust Concept created by PGP creator. Instead of having a “central” CA, we can build a trust network of signed public keys. If A signs B, and C trust A, then C could trust B. Juanjo Amor CACert
  • 51. Web of Trust Web of trust Concept created by PGP creator. Instead of having a “central” CA, we can build a trust network of signed public keys. If A signs B, and C trust A, then C could trust B. CACert uses a variant of trust network... Juanjo Amor CACert
  • 53. CACert PKI What is CACERT? Juanjo Amor CACert
  • 54. CACert PKI What is CACERT? A community-driven certificate authority. Juanjo Amor CACert
  • 55. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Juanjo Amor CACert
  • 56. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Juanjo Amor CACert
  • 57. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. Juanjo Amor CACert
  • 58. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Juanjo Amor CACert
  • 59. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Web of trust: Juanjo Amor CACert
  • 60. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Web of trust: Meetings, Assurance points, Prospective Assurers and Assures. Juanjo Amor CACert
  • 61. CACert PKI What is CACERT? A community-driven certificate authority. CACERT issues public key certificates to public (server, people) freely. Robot CA: Certificates are automatically signed. These certificates are considered weak because CAcert does not emit any information in the certificates other than the domain name or email address (the CommonName field in X.509 certificates). Web of trust: Meetings, Assurance points, Prospective Assurers and Assures. Assured users can get, for example, email certificates with a complete CommonName field. Juanjo Amor CACert
  • 62. CACert inclusion status Can we use CACert server certificates with some browser? Juanjo Amor CACert
  • 63. CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Juanjo Amor CACert
  • 64. CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. Juanjo Amor CACert
  • 65. CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. No, my browser does not recognize the certificates and I cannot trust to a strange CA.crt file! (Like a self-signed certificate) Juanjo Amor CACert
  • 66. CACert inclusion status Can we use CACert server certificates with some browser? Yes, we can import CA certificate and go. . . Yes, my Linux distro (Debian, etc) includes CA certificate in ca-certificates package. No, my browser does not recognize the certificates and I cannot trust to a strange CA.crt file! (Like a self-signed certificate) Although Mozilla started a process to include the certificate, an audit suspended the process, because CACert needed to improve their management system. Juanjo Amor CACert
  • 67. CACert web of trust When you create a new CACert account: Juanjo Amor CACert
  • 68. CACert web of trust When you create a new CACert account: Only your email can be verified Juanjo Amor CACert
  • 69. CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: Juanjo Amor CACert
  • 70. CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: for including your real name to your account, Juanjo Amor CACert
  • 71. CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: for including your real name to your account, to generate better certificates, and finally, Juanjo Amor CACert
  • 72. CACert web of trust When you create a new CACert account: Only your email can be verified By meeting other CACert assurers you can get some points: for including your real name to your account, to generate better certificates, and finally, to be also a CACert assurer. Juanjo Amor CACert
  • 73. CACert web of trust Some rules: Juanjo Amor CACert
  • 74. CACert web of trust Some rules: An assurer can issue you upto 35 points. Juanjo Amor CACert
  • 75. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . Juanjo Amor CACert
  • 76. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers Juanjo Amor CACert
  • 77. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer Juanjo Amor CACert
  • 78. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” Juanjo Amor CACert
  • 79. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: Juanjo Amor CACert
  • 80. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Juanjo Amor CACert
  • 81. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody Juanjo Amor CACert
  • 82. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others Juanjo Amor CACert
  • 83. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . Juanjo Amor CACert
  • 84. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . When you got 50 experience points, then you can issue to others the maximum per session: 35 points Juanjo Amor CACert
  • 85. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . When you got 50 experience points, then you can issue to others the maximum per session: 35 points But in any case, you can, if you want, to issue less points than your maximum Juanjo Amor CACert
  • 86. CACert web of trust Some rules: An assurer can issue you upto 35 points. You need at least 50 points to have your full name assured . . . so you need to be assured by, at least, two existing assurers With 100 points you can also be an assurer . . . but you also need to pass an “assurer challenge” More rules: When you are promoted to assurer: Initially, you can issue 10 points to other people, and get 2 experience points when you assure somebody After you got 10 experience points, then you can issue 15 points to others . . . When you got 50 experience points, then you can issue to others the maximum per session: 35 points But in any case, you can, if you want, to issue less points than your maximum Juanjo Amor CACert
  • 87. CACert client certificates A client certificate is used to: Juanjo Amor CACert
  • 88. CACert client certificates A client certificate is used to: Identify yourself to a web site Juanjo Amor CACert
  • 89. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing Juanjo Amor CACert
  • 90. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . Juanjo Amor CACert
  • 91. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Juanjo Amor CACert
  • 92. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) Juanjo Amor CACert
  • 93. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration Juanjo Amor CACert
  • 94. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration When you are assured (50 points) you also get Juanjo Amor CACert
  • 95. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration When you are assured (50 points) you also get Name and email certified Juanjo Amor CACert
  • 96. CACert client certificates A client certificate is used to: Identify yourself to a web site Email signing . . . When you create a CACert account, you can get client certificates: Only the email is certified (by using email-ping) With 6 month expiration When you are assured (50 points) you also get Name and email certified 24 month expiration Juanjo Amor CACert
  • 97. CACert server certificates A server certificate is used to: Juanjo Amor CACert
  • 98. CACert server certificates A server certificate is used to: Secure website: identify a server to you Juanjo Amor CACert
  • 99. CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: Juanjo Amor CACert
  • 100. CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration Juanjo Amor CACert
  • 101. CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get Juanjo Amor CACert
  • 102. CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get 24 month expiration Juanjo Amor CACert
  • 103. CACert server certificates A server certificate is used to: Secure website: identify a server to you When you create a CACert account, you can get server certificates: With 6 month expiration When you are assured (50 points) you also get 24 month expiration In all cases, you need to be able to ping DNS name by receiven a postmaster email from DNS owner, and only website DNS name is assured, because CACert assurers are not able verify legal owner. Juanjo Amor CACert
  • 105. Exercises Final exercises 1 Creating your CACert account. 2 Creating your email certificate, with browser and then with openssl 3 Creating a web certificate, with openssl and apache 4 Want to be assured? Juanjo Amor CACert