the mit ca experience
play

The MIT CA Experience Jeffrey I. Schiller Massachusetts Institute - PowerPoint PPT Presentation

Mar 03, 2023 •425 likes •576 views

The MIT CA Experience Jeffrey I. Schiller Massachusetts Institute of Technology Jeffrey I. Schiller Page 1 EasyCert BOF 11/11/04 Introduction MIT Built its PKI in 1996 In the belief PKI would take over the world I'm still

  1. The MIT CA Experience Jeffrey I. Schiller Massachusetts Institute of Technology Jeffrey I. Schiller Page 1 EasyCert BOF 11/11/04

  2. Introduction • MIT Built its PKI in 1996 – In the belief PKI would “take over the world” • I'm still waiting... – We have about 40,000 “live” certificates – Over 1.6 Million issued since 1996 – Originally were v1 certs, now v3 certs • Major Application: Web Authentication Jeffrey I. Schiller Page 2 EasyCert BOF 11/11/04

  3. Buy vs. Build • Vendor solutions were (are) complex and expensive • Notion of charge per certificate – Non trivial charge per certificate • Build: Fixed cost of software development – Not a function of number of certificates – Flexibility to have many certificates per user Jeffrey I. Schiller Page 3 EasyCert BOF 11/11/04

  4. Technology Requirements • Easy to Use • Cost Effective • Incrementally Deployable Jeffrey I. Schiller Page 4 EasyCert BOF 11/11/04

  5. Easy to Use • We are slaves to the Browser Vendors – We support Netscape, Mozilla, IE and Safari – We work around the largest problems • Biggest Problem: Exporting Certificate and associated keys to import into another system – Work Around: Obtain multiple certificates – Works because we only do Web authentication Jeffrey I. Schiller Page 5 EasyCert BOF 11/11/04

  6. Cost Effective • Home grown software doesn't have a cost per certificate • “Standard” Support costs that you expect from any software product – Actually, not that bad, we issue ~ 1,000 new certificates (freshman) each summer with ~ 10-20 problems Jeffrey I. Schiller Page 6 EasyCert BOF 11/11/04

  7. Incremental Deployment • Not all applications at MIT use Certificates yet – But we encourage their use • 99.9% of Students have certificates • 66% of Faculty and Staff have certificates – This number will go up as applications they must use are converted (from paper!) Jeffrey I. Schiller Page 7 EasyCert BOF 11/11/04

  8. MIT CA Implementation • Up to version 3 • First two versions based on Java and Cryptix toolkit – Version 1: servlet – Version 2: jsp • Version 3 about to be deployed – Based on Python front end to openssl • Does not “fork” scalable implementation Jeffrey I. Schiller Page 8 EasyCert BOF 11/11/04

  9. Registration Procedure • Certificates obtained by authenticating to CA website with Kerberos name, password and MIT ID Number • Kerberos name is issued via a “Coupon” with six word secret – Only valid for initial account creation and can only be used once – Coupon mailed to students during the Summer – Website permits authorized staff to create duplicate PDF file for students who lose it Jeffrey I. Schiller Page 9 EasyCert BOF 11/11/04

  10. Tips • Revocation is rarely if ever asked for – We do not encode authorization into certificates • Most people don't know when they are compromised, so they don't request revocation • May have to deal with this soon Jeffrey I. Schiller Page 10 EasyCert BOF 11/11/04

  11. Certificate Lifetimes • All certificates issued prior to June expire July 31 st • In mid June we advance the “dead date” further 1 year • Certificates issued to freshman from off-campus computers expire on September 1 st – So they don't leave them on their parent's computer Jeffrey I. Schiller Page 11 EasyCert BOF 11/11/04

  12. Services Offered • Web Authentication – Student Registration – Employee HR “Self Service” • Health care enrollment etc. – On-line purchasing • Partners accept our certificates – Many others Jeffrey I. Schiller Page 12 EasyCert BOF 11/11/04

  13. What we do not have • A Certificate Practice Statement • A Certificate Policy Statement • In “practice” no one in the “real world” (read: not the government) cares • Biggest issue with outside vendors is helping them get infrastructure setup • It is always more secure then issuing names and passwords Jeffrey I. Schiller Page 13 EasyCert BOF 11/11/04

  14. Future • S/MIME Support – Challenge due to multiple certificates and key escrow issues – Most S/MIME implementations store encrypted messages in the original encryption key • This is probably a bad idea – Encrypted mail is more important to us then signed mail Jeffrey I. Schiller Page 14 EasyCert BOF 11/11/04

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Candidate Experience What is Candidate Experience? Candidate Experience How job seekers

The Candidate Experience What is Candidate Experience? Candidate Experience How job seekers

The Candidate Experience What is Candidate Experience? Candidate Experience How job seekers perceive an organizations recruitment process This includes everything from initial sourcing, recruiting, interviewing, hiring, and even

537 views • 31 slides
THOUGHT> thought > experience > thought > experience > thought >

THOUGHT> thought > experience > thought > experience > thought >

THOUGHT> thought > experience > thought > experience > thought > experience> behavior 69 Experience: the totality of cognitions given by perceptions 70 Perception: a single unified awareness derived (via thought) from

815 views • 26 slides
Work Experience Work experience This will be completed by all Y12 students on 22-26 th June

Work Experience Work experience This will be completed by all Y12 students on 22-26 th June

Work Experience Work experience This will be completed by all Y12 students on 22-26 th June 2020 What is work experience? Work experience in an unpaid voluntary short term work placement. It usually involved shadowing another person and

320 views • 19 slides
User Experience for Business Analysts Parker Malenke What is User Experience Design? Users An

User Experience for Business Analysts Parker Malenke What is User Experience Design? Users An

User Experience for Business Analysts Parker Malenke What is User Experience Design? Users An Experience But is it Designed? UXD is the purposeful construction of a complete experience Journey Mapping Long Term Value Adoption

528 views • 34 slides
EXPERIENCE THE ESSENCE OF BALI Experience a truly Balinese way of life in one of our seven

EXPERIENCE THE ESSENCE OF BALI Experience a truly Balinese way of life in one of our seven

EXPERIENCE THE ESSENCE OF BALI Experience a truly Balinese way of life in one of our seven exclusive guest rooms located in the heart of rural Manggis. One the original family compound, this property was re-designed for our guests who have a

167 views • 16 slides
Connecting with stakeholders to improve the student experience Improving the student experience

Connecting with stakeholders to improve the student experience Improving the student experience

Connecting with stakeholders to improve the student experience Improving the student experience We restore the student experience by resolving individual complaints from international students We help private education providers make

172 views • 14 slides
UCFSD Transportation Annual Report 17-18 Student Experience Department Experience Financial

UCFSD Transportation Annual Report 17-18 Student Experience Department Experience Financial

UCFSD Transportation Annual Report 17-18 Student Experience Department Experience Financial Experience Student Experience: Who do we serve? Public Non Spec Public Ed Schools 6 35 21 Students 4,131 295 37 Student Experience: Ride

121 views • 10 slides
an extraordinary experience INTRODUCTION Dinner in the Sky is an extraordinary experience with a

an extraordinary experience INTRODUCTION Dinner in the Sky is an extraordinary experience with a

an extraordinary experience INTRODUCTION Dinner in the Sky is an extraordinary experience with a culinary touch which allows people to dine at over 100 feet in the air, where ever they want: in the city or in the country side, on sports grounds

331 views • 9 slides
Practical Experience with Practical Experience with Practical Experience with Practical

Practical Experience with Practical Experience with Practical Experience with Practical

Practical Experience with Practical Experience with Practical Experience with Practical Experience with performance monitoring performance monitoring performance monitoring performance monitoring Ryszard Jurga CERN openlab March 29, 2006

577 views • 24 slides
EXPERIENCE E VIBRANT WATERSIDE SOPHISTICATION Experience the 5-star Sofitel welcome from the

EXPERIENCE E VIBRANT WATERSIDE SOPHISTICATION Experience the 5-star Sofitel welcome from the

EXPERIENCE E VIBRANT WATERSIDE SOPHISTICATION Experience the 5-star Sofitel welcome from the striking porte-cochere. Life is Magnifique in Sydney! A hotel that artfully combines French elegance with local culture to create exceptional

241 views • 23 slides
The Patient Experience Journey: Strength Based Approach Sue Murphy RN, BSN, MS Chief Experience

The Patient Experience Journey: Strength Based Approach Sue Murphy RN, BSN, MS Chief Experience

The Patient Experience Journey: Strength Based Approach Sue Murphy RN, BSN, MS Chief Experience Officer Patient Experience and Engagement Program June 6, 2019 Learning Objectives Role of Chief Experience Officer Vision of Patient

501 views • 23 slides
US US FD FDA Experience Experience in in the the Re Regulatory Applic Applicatio ion of of (Q

US US FD FDA Experience Experience in in the the Re Regulatory Applic Applicatio ion of of (Q

US US FD FDA Experience Experience in in the the Re Regulatory Applic Applicatio ion of of (Q (Q)S )SAR AR Naomi L. Kruhlak, Ph.D. Division of Applied Regulatory Science Office of Clinical Pharmacology Office of Translational Sciences FDAs

447 views • 43 slides
EXPERIENCE Experience DYouville is a collection of opportunities that prepares students for

EXPERIENCE Experience DYouville is a collection of opportunities that prepares students for

EXPERIENCE Experience DYouville is a collection of opportunities that prepares students for college and upskills the community. Some of these experiences can be built into MOUs with local organizations and schools in order to form deeper

280 views • 4 slides
Good judgment comes from experience. Experience comes from bad judgment. Nasrudin

Good judgment comes from experience. Experience comes from bad judgment. Nasrudin

Operational Experience Feedback and reliability data Eric Marsden <eric.marsden@risk-engineering.org> Good judgment comes from experience. Experience comes from bad judgment. Nasrudin data probabilistic model event

647 views • 25 slides
S9884 USER EXPERIENCE IS KEY TO VDI SUCCESS, COLOR ACCURACY IS THE KEY TO USER EXPERIENCE Nachiket

S9884 USER EXPERIENCE IS KEY TO VDI SUCCESS, COLOR ACCURACY IS THE KEY TO USER EXPERIENCE Nachiket

S9884 USER EXPERIENCE IS KEY TO VDI SUCCESS, COLOR ACCURACY IS THE KEY TO USER EXPERIENCE Nachiket Karmakar Sr. Performance Engineer - NVIDIA SESSION TARGET Why is it key to choose the right protocol to get the best user experience CITRIX

334 views • 29 slides
Week 6 User Experience Interactive Process & Practice Design User experience is something

Week 6 User Experience Interactive Process & Practice Design User experience is something

Spring 2018 ar589.github.io Week 6 User Experience Interactive Process & Practice Design User experience is something you design. Useful Factors Usable Desirable that influence Valuable user Findable Accesible experience

672 views • 48 slides
while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H.

while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H.

while loops Genome 559: Introduction to Statistical and Computational Genomics Prof. James H. Thomas Hints on variable names Pick names that are descriptive Change a name if you decide theres a better choice Give names to

627 views • 26 slides
61A Lecture 12 Friday, February 20 Announcements Homework 4 due Monday 2/23 @ 11:59pm (small)

61A Lecture 12 Friday, February 20 Announcements Homework 4 due Monday 2/23 @ 11:59pm (small)

61A Lecture 12 Friday, February 20 Announcements Homework 4 due Monday 2/23 @ 11:59pm (small) Project 2 due Thursday 2/26 @ 11:59pm (BIG!) Project party Tuesday 2/24 5pm-6:30pm in 2050 VLSB Bonus point for early submission by

457 views • 16 slides
BENEFITS OF IYPT IN PHYSICS EDUCATION bel Beregi Bar-Madas Reformed High School, Budapest

BENEFITS OF IYPT IN PHYSICS EDUCATION bel Beregi Bar-Madas Reformed High School, Budapest

BENEFITS OF IYPT IN PHYSICS EDUCATION bel Beregi Bar-Madas Reformed High School, Budapest Mihly Hmstrei German Nationality High School, Budapest Teaching Physics Innovatively 17-19. August 2015. 1 IYPT IN GENERAL IYPT =

608 views • 18 slides
DIMVA 2019 June 19-20, 2019 Welcome from the General Chair 16th Conference on Detection of

DIMVA 2019 June 19-20, 2019 Welcome from the General Chair 16th Conference on Detection of

Gothenburg, Sweden DIMVA 2019 June 19-20, 2019 Welcome from the General Chair 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment Magnus Almgren Chalmers University of Technology Sweden DIMVA 2019 Thanks to

345 views • 23 slides
Powering Growth 2014 RESULTS AND EARNINGS GUIDANCE 2.25.15 2014 Results and Earnings Guidance

Powering Growth 2014 RESULTS AND EARNINGS GUIDANCE 2.25.15 2014 Results and Earnings Guidance

Powering Growth 2014 RESULTS AND EARNINGS GUIDANCE 2.25.15 2014 Results and Earnings Guidance Cautionary Statements Regulation G Statement In this presentation, Ameren has presented free cash flow, which is a non-GAAP measure. Ameren

395 views • 24 slides
ConEx Concepts and Abstract Mechanism draft-ietf-conex-abstract-mech-01.txt Matt Mathis, Google

ConEx Concepts and Abstract Mechanism draft-ietf-conex-abstract-mech-01.txt Matt Mathis, Google

ConEx Concepts and Abstract Mechanism draft-ietf-conex-abstract-mech-01.txt Matt Mathis, Google Bob Briscoe , BT IETF-80 ConEx Mar 2011 This work is partly funded by Trilogy, a research project supported by the European Community

571 views • 9 slides
Working Group 3: Grid Capacity and Challenges Thursday, October 1 : 9:30-11:00 A M Presenter

Working Group 3: Grid Capacity and Challenges Thursday, October 1 : 9:30-11:00 A M Presenter

Working Group 3: Grid Capacity and Challenges Thursday, October 1 : 9:30-11:00 A M Presenter Slides Moderator: Noah Shaw Hodgson Russ Panelist 1: Kimball Daby Lake Placid Municipal Electric Panelist 2: Matt Cloud National Grid Panelist

640 views • 41 slides
Pandemic EBT Dawn Sweeney Diane Golzynski, PhD, RD SNAP State Administrator Director, Office of

Pandemic EBT Dawn Sweeney Diane Golzynski, PhD, RD SNAP State Administrator Director, Office of

Pandemic EBT Dawn Sweeney Diane Golzynski, PhD, RD SNAP State Administrator Director, Office of Health and Nutrition Services Pandemic EBT (P- EBT) what is it? Brand new program authorized under the Families First Coronavirus Act

466 views • 7 slides

More recommend