1 / 12

Key Management Guidelines for Selected Infrastructures: Best Practices and Classifications

This document outlines key management requirements for various critical infrastructures, including Public Key Infrastructure (PKI), Kerberos, and DNS Security (DNSSEC). It explores the roles of Certificate Authorities (CAs), Registration Authorities (RAs), and repository components, while detailing different classes of keys handled by RAs/CAs. The guidelines focus on key protection, generation, and storage practices, alongside establishing access control mechanisms for repositories. By tailoring these requirements, infrastructures can ensure the integrity and confidentiality of their key management processes.

adonai
Télécharger la présentation

Key Management Guidelines for Selected Infrastructures: Best Practices and Classifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Management Guidelines Selected Infrastructures Tim Polk, NIST

  2. Status • This section is currently empty

  3. Classes of Infrastructures • Three identified so far • Public Key Infrastructure • Kerberos • DNSSec • Others?

  4. Scope • Key management requirements for • Infrastructure components • Infrastructure “relying parties” • Should be an infrastructure-specific interpretation of the guidelines in section 5

  5. Example: PKI • Infrastructure components • CA • RA • Repository • Status Servers • Infrastructure users • Certificate subject • Relying Party

  6. Classes of keys Handled by RA/CA • 3 Classes by “owners” • CIMS personnel keys • Component keys • Certificate subject private keys

  7. Classes of keys Handled by RA/CA, Cont’d • 7 classes of keys by utility • Certificate and Status Signing Keys • Integrity or Approval Authentication Keys • General Authentication Keys • Long Term Private Key Protection Keys • Long Term Confidentiality Keys • Short Term Private Key Protection Keys • Short Term Confidentiality Keys

  8. Repositories • Trusted repositories? • Access Control?

  9. Certificate Subjects/Relying Parties • Their own public and private keys • Trusted public keys • Untrusted public keys for other certificate subjects • May handle authorization codes, other infrastructure-supplied key materials

  10. Goal • Establish key management requirements for all the different types of keys • Selecting algorithms and key lengths • Key protection requirements • Generation, storage, import/export (e.g., POP) • Cryptoperiods and CRLs

  11. Sources • Source for infrastructure: CIMC • Source for user components: ?

  12. Completion • Repeat this process for each infrastructure

More Related