short term certificates
play

Short Term Certificates d raft-sheffer-acme-star-lurk-00 Yaron - PowerPoint PPT Presentation

Jun 21, 2023 •376 likes •488 views

Short Term Certificates d raft-sheffer-acme-star-lurk-00 Yaron Sheffer, Diego Lopez, Thomas Fossati, Oscar Gonzalez de Dios IETF 97, Seoul Motivation Delegate the authorization to publish a web site Securely: owner can revoke the

  1. Short Term Certificates d raft-sheffer-acme-star-lurk-00 Yaron Sheffer, Diego Lopez, Thomas Fossati, Oscar Gonzalez de Dios IETF 97, Seoul

  2. Motivation ● Delegate the authorization to publish a web site ● Securely: owner can revoke the authorization at any time ● And with no change to the client side (browser) ● Initial use case: CDN – Today, sites typically share their private key with the CDN

  3. Background ● The problem space was explored in the LURK BoF ● An alternative: each TLS handshake is forwarded to a “box” that holds the private key and signs responses – Obvious engineering issues: performance and availability ● An earlier short-term certs protocol was proposed: draft-sheffer-lurk-cert-delegation – The current proposal is significantly different

  4. Overview ACME Server - CA Domain Name Request Owner - DNO STAR Cert Request Periodically STAR Cert Retrieve Certificate LURK Client or CDN

  5. Initial Setup ● Domain Name Owner (DNO) and CDN establish a mutually-authenticated channel ● DNO and CDN agree on a CSR template – This is the DNO’s policy: what domain names, cert validity period ● DNO registers with the ACME server

  6. Bootstrap ● CDN generates a CSR based on the CSR template, sends it to DNO ● DNO validates that the CSR is in line with the template ● DNO sends the CSR to ACME server, requesting a Short- Term, Automatically Renewed ( STAR ) certificate ● ACME performs the usual checks, issues the certificate, sends back a STAR ID and a certificate URL – It is the DNO’s responsibility to respond to the issuance checks ● DNO responds to the CDN with the certificate URL ● CDN retrieves the (initial) short-term certificate

  7. Certificate Refresh ● The ACME server periodically renews the certificate – E.g. every 3 days ● The ACME server posts the certificate and the CDN retrieves it

  8. Revocation ● The DNO requests the ACME server to stop the automatic renewal process – Identified by the STAR ID ● ACME server stops issuing certificates ● No explicit X.509-style revocation

  9. Security Considerations ● How do we prevent the CDN (or a rogue CDN employee) from passing the ACME checks? – E.g. https-01, when it can easily set up a web page ● A combination of security measures – Ensure the CDN does not own the relevant DNS zone – ACME servers MUST respect CAA records – Including draft-landau-acme-caa-01, to restrict ACME checks to DNS authorization only

  10. Thank You!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Short-Term Certificates D R A F T - I E T F - A C M E - S T A R - 0 0 Y A R O N S H E F F E R ,

Short-Term Certificates D R A F T - I E T F - A C M E - S T A R - 0 0 Y A R O N S H E F F E R ,

Short-Term Certificates D R A F T - I E T F - A C M E - S T A R - 0 0 Y A R O N S H E F F E R , D I E G O L O P E Z , T H O M A S F O S S A T I , O S C A R G O N Z A L E Z D E D I O S , A N T O N I O P A S T O R P E R A L E S I E T F

479 views • 9 slides
= $44,693.42 POTENTIAL collections shortfall from short term rentals TOURISM BENEFITS ALL OF US 1

= $44,693.42 POTENTIAL collections shortfall from short term rentals TOURISM BENEFITS ALL OF US 1

2018-2019 Hotel Occupancy Tax Collections $1,058,223 in short term rental total revenue (according to Texas Hotel Performance Factbook) $63,493.38 $18,799.96 in short term rental HOT obligations collected short term rental HOT (assuming

101 views • 9 slides
SHORT-TERM RENTALS IN CHARLOTTETOWN Presented March 9 th 2020 Short-term Rental Study on

SHORT-TERM RENTALS IN CHARLOTTETOWN Presented March 9 th 2020 Short-term Rental Study on

SHORT-TERM RENTALS IN CHARLOTTETOWN Presented March 9 th 2020 Short-term Rental Study on Charlottetown Background: Staff consulted with David Wachsmuth from McGill University to conduct a comprehensive empirical analysis on Short-term rental

493 views • 31 slides
Short Term Rental Enforcement Short Term Rental Defined The City of Garden Grove Land Use

Short Term Rental Enforcement Short Term Rental Defined The City of Garden Grove Land Use

Short Term Rental Enforcement Short Term Rental Defined The City of Garden Grove Land Use Code outlines permitted uses in residential zones. Short-term vacation rentals are the same as hotels or motels, which are defined as places rented

227 views • 6 slides
What is a Short T erm Rental (STR) ? A short - term rental , or vacation rental , is the renting

What is a Short T erm Rental (STR) ? A short - term rental , or vacation rental , is the renting

What is a Short T erm Rental (STR) ? A short - term rental , or vacation rental , is the renting out of a furnished home, apartment or condominium for a short - term stay. The owner of the property usually will rent out on a weekly basis, but some

487 views • 20 slides
The Short- and Long-Term Economic Outlook Short-Term Update Jobs: PDX v US 3 3 Job Growth by

The Short- and Long-Term Economic Outlook Short-Term Update Jobs: PDX v US 3 3 Job Growth by

The Short- and Long-Term Economic Outlook Short-Term Update Jobs: PDX v US 3 3 Job Growth by Sector 2013Q2 v 2014Q2 12% 10% 8% 6% 4% 2% 0% -2% 4 4 Source: Brookings Metropolitan Monitor Unemployment 5 5 Median Household Income,

527 views • 15 slides
Sho Short-Te Term L Limi mited D d Durat ation I Insuran ance: DC Mar arket and and Opt

Sho Short-Te Term L Limi mited D d Durat ation I Insuran ance: DC Mar arket and and Opt

Sho Short-Te Term L Limi mited D d Durat ation I Insuran ance: DC Mar arket and and Opt Options April 25, 2018 Dania Palanker, J.D., M.P.P. What Are Short-Term Plans Short-Term Limited-Duration Insurance supposed to be for people

259 views • 13 slides
Certificates and Degrees Duane Short AA or AS Degree Well-defined pattern of learning

Certificates and Degrees Duane Short AA or AS Degree Well-defined pattern of learning

Certificates and Degrees Duane Short AA or AS Degree Well-defined pattern of learning experiences Focused study in a specialized field (the major coursework) Prepares citizens with a broad educational foundation (general ed) Can

236 views • 10 slides
SHORT TERM RENTALS Proposed Ordinance Revisions Goal of the Short-Term Rental Ordinance

SHORT TERM RENTALS Proposed Ordinance Revisions Goal of the Short-Term Rental Ordinance

SHORT TERM RENTALS Proposed Ordinance Revisions Goal of the Short-Term Rental Ordinance Ensure Public Safety Promote Consistency with the Kiawah brand and standards Balance impact of rental properties on the community Improve

482 views • 13 slides
HDFC Ultra Short Term Fund (An open ended ultra-short term debt scheme investing in instruments

HDFC Ultra Short Term Fund (An open ended ultra-short term debt scheme investing in instruments

HDFC Ultra Short Term Fund (An open ended ultra-short term debt scheme investing in instruments such that the Macaulay Duration^ of the portfolio is between 3 months and 6 months) Give an edge to short term surplus! April 2020 Riskometer ^

210 views • 9 slides
SHORT-TERM RENTALS IN AUSTIN, TX Smart City Policy Summit September 17, 2019 Todd LaRue,

SHORT-TERM RENTALS IN AUSTIN, TX Smart City Policy Summit September 17, 2019 Todd LaRue,

THE IMPACT OF SHORT-TERM RENTALS IN AUSTIN, TX Smart City Policy Summit September 17, 2019 Todd LaRue, Managing Director SHORT TERM RENTALS IN AUSTIN, TX SHORT TERM RENTALS IN AUSTIN, TEXAS Total Short Term Rentals by Zip Code Short Term

414 views • 17 slides
Short-Term Rentals (STRs) STRs provide transient accommodations on a short-term basis The

Short-Term Rentals (STRs) STRs provide transient accommodations on a short-term basis The

Short-Term Rentals (STRs) STRs provide transient accommodations on a short-term basis The property owner may or may not be What is a STR? present during the stay Technology improvements have helped improve STRs popularity Airbnb

406 views • 23 slides
Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre

Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre

Long-term Storage of Forgery-Proof Certificates Patrick Roth, Omar Benkacem, Anne Ronchi, Pierre L'hostis, Rolf Brugger, Cline Restrepo Zea Long-term Storage of Forgery-Proof Certificates (WP 1.4) NTICE An exploratory study and reflections

536 views • 9 slides
Consulted key stakeholders Report: regulations Nov and Dec 2017 Understanding short-term

Consulted key stakeholders Report: regulations Nov and Dec 2017 Understanding short-term

Proposed Rules for Short-term Rentals Presentation - September 2017 Agenda 1. How we got here 2. Background on short-term rentals 3. Proposed regulations 4. How you can provide input How we got here Council directive Jan 2016 Staff

191 views • 6 slides
Section 1 Short Term Variability 1 / 55 Short Term Variability ST 810-006 Statistics and

Section 1 Short Term Variability 1 / 55 Short Term Variability ST 810-006 Statistics and

ST 810-006 Statistics and Financial Risk Section 1 Short Term Variability 1 / 55 Short Term Variability ST 810-006 Statistics and Financial Risk Short term market variabilityon a time scale from one day to one or two weeksimposes risk

713 views • 55 slides
CHARLOTTETOWN Presented March 9 th 2020 Short-term Rental Study on Charlottetown Background:

CHARLOTTETOWN Presented March 9 th 2020 Short-term Rental Study on Charlottetown Background:

SHORT-TERM RENTALS IN CHARLOTTETOWN Presented March 9 th 2020 Short-term Rental Study on Charlottetown Background: Staff consulted with David Wachsmuth from McGill University to conduct a comprehensive empirical analysis on Short-term rental

622 views • 31 slides
WAVE: A Decentralized Authorization Framework with Transitive Delegation Michael P Andersen, Sam

WAVE: A Decentralized Authorization Framework with Transitive Delegation Michael P Andersen, Sam

WAVE: A Decentralized Authorization Framework with Transitive Delegation Michael P Andersen, Sam Kumar , Hyung-Sin Kim, John Kolb, Kaifei Chen, Moustafa AbdelBaky, Gabe Fierro, David E. Culler, Raluca Ada Popa This material is based on work

1.25k views • 30 slides
Fraud Prevention/ Student Activity Account Best Practices November 6, 2019 Ag e nda F ra ud

Fraud Prevention/ Student Activity Account Best Practices November 6, 2019 Ag e nda F ra ud

11/12/2019 Fraud Prevention/ Student Activity Account Best Practices November 6, 2019 Ag e nda F ra ud Pre ve ntion Stude nt Ac tivitie s Cre dit Ca rds 2 3 1 11/12/2019 Cr e sse ys F r aud T r iangle Ne e d F r aud T r

585 views • 17 slides
Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell

Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell

Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell University IETF 66 Off-path BoF Guha and Francis Using Off-path and On-Path Signaling for Internet Security Architecture Default-Off Data-Path

651 views • 15 slides
1 Basic Polic ie s for Small Gove r nme nts E xample for r e que sting vac ation time :

1 Basic Polic ie s for Small Gove r nme nts E xample for r e que sting vac ation time :

Basic Polic ie s for Small Gove r nme nts Basic Polic ie s for Small Gove r nme nts What is a polic y? Diffe re nc e b e twe e n a po lic y a nd pro c e dure Po lic ie s: Co mmunic a te a n o rg a niza tio n s c ulture ,

585 views • 5 slides
PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure

PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure

IN3210 Network Security PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure Threats to certificates / PKI Protecting certificates / PKI 2 Certificates Motivation 3 Motivation: TLS

1.68k views • 108 slides
IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect

IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect

AllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect ALLSEEN ALLIANCE Agenda Slide Title 3 Trust and PKI 9 Web Security - PKI example 26

450 views • 41 slides
Modern Web Security Patterns Chad Hollman Analyst, County of Sacramento Department of Technology

Modern Web Security Patterns Chad Hollman Analyst, County of Sacramento Department of Technology

Modern Web Security Patterns Chad Hollman Analyst, County of Sacramento Department of Technology Current Issues of Web Development Security Subresource Integrity Checking Content Security Policies HTTP Public Key Pinning Certificate

1.05k views • 61 slides
Applications for NDN James Kasten University of Michigan Network Authentication Public Key

Applications for NDN James Kasten University of Michigan Network Authentication Public Key

Applications for NDN James Kasten University of Michigan Network Authentication Public Key Infrastructure Pairing Keys with Identity or Authority Major Challenges Management Distribution Revocation Renewal Lets

391 views • 10 slides

More recommend