UTF8String Deployment Status and Migration Plan - PowerPoint PPT Presentation

About This Presentation
Title:

UTF8String Deployment Status and Migration Plan

Description:

Examined whether they use local characters in UTF8String. Local character : e.g. CJK (Chinese, Japanese, Korean) Asked by the prepared questionnaire ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 16
Provided by: akirak
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: UTF8String Deployment Status and Migration Plan


1
UTF8String Deployment Status and Migration Plan
  • Akira KANAOKA lta-kanaoka_at_secom.co.jpgt
  • Challenge PKI Project
  • Japan Network Security Association
  • Sponsored by IT Promotion Agency, Japan

2
Agenda
  • Problem statement
  • Project Survey of UTF8String Problem in PKI
    Certificates
  • UTF8String Deployment Status in Asia
  • Ongoing Works
  • Migration plan for UTF8String
  • Test case design for UTF8String implementation

3
Problem statement
  • Deadline for migration in RFC 3280
  • 31st Dec. 2003
  • Canceled in 3280bis
  • Lack of description to migrate in 3280.
  • Detailed string matching
  • Migration Plan
  • Certificate and CRL/ARL issuance during migration
  • Gap between CA and client implementation

4
The sequence of events
  • IETF 58th meeting (Nov. 2003)
  • Addressed to solve UTF8String issue at PKIX.
  • Attention from IPA (Dec. 2003)
  • On UTF8String problem of RFC 3280
  • 60th ,61st meeting (Jul., Nov. 2004)
  • stringmatch I-D
  • IPA Project (Sep. 2004)
  • Survey of UTF8String Problem in PKI Certificates
  • IPA IT Promotion Agency, Japan
  • Report submit to IPA (Feb. 2005)
  • 3280bis (Feb. 2005)

5
Survey of UTF8String Problem in PKI Certificates
  • Explanation of the problem
  • Proposal for UTF8String migration
  • Survey
  • Product implementation
  • UTF8String deployment status in Asia
  • IETF activity around UTF8String
  • Test case design for UTF8String implementation
  • Migration Plan for UTF8String

6
UTF8String Deployment Status in Asia
  • Examined whether they use UTF8String for
    directoryName in certificates
  • Examined whether they use local characters in
    UTF8String
  • Local character e.g. CJK (Chinese, Japanese,
    Korean)
  • Asked by the prepared questionnaire
  • Asked to the Asia PKI Forum (APKI-F) members.
  • 9 Countries and Regions

7
Replies to the Questionnaire
  • Sent to 9 countries and regions
  • Replies from 3 countries and regions (11 CAs)

Countries and Regions
CA Type
8
CA Type Description
  • Government CA
  • CA built by the Government for public service
  • Accredited CA
  • CA built by the private sector, and accredited or
    licensed by legal proceeding
  • Commercial CA
  • CA built by the private sector, and used for a
    public/closed PKI (Non-governmental).

9
Encoding Used in Each Field
UUTF8String (except country. PPrintableString,
IIA5String, BBMPString -not used CRLDP/iDP
use directoryName with U or P and URI with I to
describe distributionPoint
local character used )
10
Encoding Use in Each Field (cont.)
UUTF8String (except country. PPrintableString,
IIA5String, BBMPString -not used CRLDP/iDP
use directoryName with U or P and URI with I to
describe distributionPoint
local character used )
  • Most CAs already use UTF8String.
  • Most CAs use local character.

11
Compliance with RFC 3280 and its Migration Plan
12
Additional Survey
  • UTF8String use in MS Windows Root Certificate
    Store
  • OSWindows XP (Japanese)
  • as of January 2005
  • No certificate use UTF8String.
  • 107 certificates in the certificate store
  • No certificate issued after 31st Dec. 2003

13
Conclusion UTF8String Deployment Status in Asia
  • Contrast between Government CAs and Commercial
    CAs
  • Most Government CAs use UTF8String (by
    Questionnaire)
  • No Commercial CA use UTF8String (by MS Windows
    Certificate Stores)
  • Asian Government CAs hope to use local character.
  • Most governments use local character for register
    information.

14
Conclusion (cont.) UTF8String Deployment Status
in Asia
  • Few CA has a Migration Plan to UTF8String
  • Most Government CAs use UTF8String from the
    beginning.
  • There is only one case having a migration plan.
  • Deadline of the case November, 2005
  • Best Practice for using/migration to UTF8String
    is needed.
  • We dont have any guideline.

15
Ongoing Project
  • Migration Plan
  • CA certificate
  • Re-issue or re-build
  • CRL encoding after migration of CA certs
  • Keeping legacy encoding or Using UTF8String
  • Need to publish this as informational RFC?
  • Test Case Designing
  • Typical case of
  • path building (different encoding and
    comparison rules)
  • Revocation checking
  • Providing the Test data of
  • Sample Certificate and CRL
  • Available by the end of this month on our web site

16
Reference
  • JNSA Challenge PKI Project
  • http//www.jnsa.org/mpki/
  • RFC 3454 - Preparation of Internationalized
    Strings ("stringprep")
  • http//www.ietf.org/rfc/rfc3454.txt
  • 3280bis
  • http//csrc.nist.gov/pki/documents/PKIX/draft-ietf
    -pkix-rfc3280bis-00.txt

17
Appendix Questionnaire outline
  • Certificate and CRL/ARL
  • Kind of local character (e.g. CJK)
  • Kind of encoding for directoryName
  • Kind of CCS
  • Difference between CA self-signed certificate and
    EE certificate
  • Migration Plan to UTF8String
  • Plan existence
  • Migration deadline, reason
  • Migration reference existence
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "UTF8String Deployment Status and Migration Plan" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!