Certification Path Building Flashcards
1
Q
LDAP
A
- Offers various sand flexible solutions
- Collection of open source systems cooperating to provide directory services
- Directory accessed through a client
2
Q
LDAP Data Model
A
- Data is stored as entries
- Every entry has a unique identifier (DN)
-> Entry’s DN = its Relative DN + parent entry’s DN
-> Usually the subjectDN of an X.509 certificate matches the DN of the LDAP - Every entry has one or more attributes
- Every attribute has a name (type) and one or more values
3
Q
LDAP Security
A
- Enable TLS/SSL -> LDAPS
-> Network Security
-> Identify the server
-> Client authentication - Authentication: Simple, SASL, TLS
4
Q
Certification Path Building
A
- Guidance and recommendations to developers building X.509 certification paths
- Criterion 1: The implementation is able to find all possible paths, excepting paths containing repeated subject name/public key pairs
- Criterion 2: The implementation is as efficient as possible. An efficient certification path-building implementation is defined to be one that builds paths that are more likely to validate following RFC 5280, before building paths that are not likely to validate
5
Q
Server-Based Certificate Validation Protocol
A
- Allows:
-> Delegation of certification path construction and validation to a server
-> Simplification of client implementations
-> Use of a set of predefined validation policies
6
Q
Forward search
A
- Start with the end entity certificate
- Only use certificates found in
-> caCertificate attributes
-> forward (issuedToThisCA) element of the crossCertificatePair attributes - Recommendation: Disallow repeated subject name/public key pairs