Certification Path Building Flashcards

1
Q

LDAP

A
  • Offers various sand flexible solutions
  • Collection of open source systems cooperating to provide directory services
  • Directory accessed through a client
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

LDAP Data Model

A
  • Data is stored as entries
  • Every entry has a unique identifier (DN)
    -> Entry’s DN = its Relative DN + parent entry’s DN
    -> Usually the subjectDN of an X.509 certificate matches the DN of the LDAP
  • Every entry has one or more attributes
  • Every attribute has a name (type) and one or more values
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

LDAP Security

A
  • Enable TLS/SSL -> LDAPS
    -> Network Security
    -> Identify the server
    -> Client authentication
  • Authentication: Simple, SASL, TLS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Certification Path Building

A
  • Guidance and recommendations to developers building X.509 certification paths
  • Criterion 1: The implementation is able to find all possible paths, excepting paths containing repeated subject name/public key pairs
  • Criterion 2: The implementation is as efficient as possible. An efficient certification path-building implementation is defined to be one that builds paths that are more likely to validate following RFC 5280, before building paths that are not likely to validate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Server-Based Certificate Validation Protocol

A
  • Allows:
    -> Delegation of certification path construction and validation to a server
    -> Simplification of client implementations
    -> Use of a set of predefined validation policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Forward search

A
  • Start with the end entity certificate
  • Only use certificates found in
    -> caCertificate attributes
    -> forward (issuedToThisCA) element of the crossCertificatePair attributes
  • Recommendation: Disallow repeated subject name/public key pairs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly