TERENA Server Certificate Service Towards the large-scale use of - - PowerPoint PPT Presentation

terena server certificate service
SMART_READER_LITE
LIVE PREVIEW

TERENA Server Certificate Service Towards the large-scale use of - - PowerPoint PPT Presentation

Sep 24, 2022 563 likes •673 views

TERENA Server Certificate Service Towards the large-scale use of affordable popup-free server certificates for the European Research & Educational community Jan Meijer Amsterdam, 24 Januari 2006 High-quality I nternet for higher education

slide-1
SLIDE 1

High-quality I nternet for higher education and research

Amsterdam, 24 Januari 2006

Towards the large-scale use of affordable popup-free server certificates for the European Research & Educational community

TERENA Server Certificate Service

Jan Meijer

slide-2
SLIDE 2

High-quality I nternet for higher education and research

.EU NRENs did som ething cool

Just contracted a service to deliver server certificates

  • popup free
  • flat rate
  • unlimited number
  • to the European NREN community

price is under NDA but...worth our while

slide-3
SLIDE 3

High-quality I nternet for higher education and research

high quality service

  • Re-use existing RA organisation
  • Certificate profile flexibility (Grids!)
  • Option for fully electronic RA procedures
  • Option for easy server certificate delivery
  • NREN-specific branding!
  • When that time comes: in the high assurance server

certificate market

slide-4
SLIDE 4

High-quality I nternet for higher education and research

Service organisation

  • TERENA contracts with supplier
  • NRENs contract with TERENA (liability!)
  • NRENs are ‘delegated RA’ for the supplier
  • TERENA appoints delegated RAs
  • NRENs are responsible for delivering RA services and

technical support

slide-5
SLIDE 5

High-quality I nternet for higher education and research

So how , w hy?

  • Project started in june 2004
  • European NREN PKIs around for ~ 7 years
  • Real certificate use limited:

– webservers (popup-free and popup) – Grids (closed community)

  • Anticipated growth in need:

– AAI middleware services – Web-based ‘stuff’ (mail, e-learning, webservices etc.) – VPN, email

slide-6
SLIDE 6

High-quality I nternet for higher education and research

Servicing anticipated need

  • Community is interested in server certificates
  • Use is limited by:

– popup problem (NREN PKI)

  • r

– cost (commercial CA)

  • So solve either of these problems and the need can be

serviced ☺

slide-7
SLIDE 7

High-quality I nternet for higher education and research

Solution 1 : solve popup-problem

  • Cost good (is it?)
  • Popup problem bad

– Fix by getting root certificate in root repositories – Requires webtrust audit – Expensive for an individual NREN PKI (~ 25.000 first time, annual ~ 25.000 for the audits, plus all the costs to do things exactly according to guidelines) -

  • > CA hierarchy adds to cost!
  • Is running our own CA that interesting?
  • Own CA for smaller communities: same problem
slide-8
SLIDE 8

High-quality I nternet for higher education and research

Solution # 2 : Solve cost problem

  • Try to contract a CA already in the browser
  • To issue server certificates against NREN conditions

– flexible certificate profiles – tailored RA procedures – no per-certificate payment

slide-9
SLIDE 9

High-quality I nternet for higher education and research

W ent for option # 2 , together

  • 8 NRENs + TERENA combined forces (proposal

launched feb. 2005)

  • Investigated market
  • Investigated EU tender guidelines
  • Ran a light-weight tender (start Sep 2005)
  • Signed a contract (Jan 2006)
slide-10
SLIDE 10

High-quality I nternet for higher education and research

CSI RT benefit?

it w ill m ake it lam e not to use SSL/ TLS channels w ithin the European NREN com m unity Thank you. TERENA (.eu), ACOnet (.at), CARnet (.hr), CESnet (.cz), UNI-C (.dk), RedIRIS (.es), RENATER (.fr), SURFnet (Netherlands), SWITCH (.ch)