PKI Deployment Issues to Consider

Dartmouth College PKI Lab

Key Issues

• Outsource vs. run your own CA?

• Private key protection for CA

• Escrow of private encryption keys?

• Publishing certificates

• Certificate Revocation Lists (CRLs)

• Policies and practices

Outsource vs. run your own CA?• Commercial vendors

– Verisign, DST, BeTrusted, GeoTrust, etc.• Commercial CA software operated in-house

– RSA, Netscape, Sun (discontinued)• Open source CA software operated in-house

– Homegrown using openSSL, OpenCA, Papyrus, PyCA, TinyCA, etc.

• Success stories with each of these• Classic outsource versus in-house issues• A secure CA is expensive to operate• Tricky negotiating CA responsibilities and liabilities• Possible higher education bulk purchase from one or

more vendors?

Private key protection for CA• Compromised CA private key enables rogue

certificates from unathorized CA. Need to reissue all compromised certificates from CA using a new private key!

• Strategies:– Offline CA using sneakernet

– “Nearline” CA using firewalls with pinholes, VPNs, etc.

– CA hierarchies (lose subordinate key, only affect a portion of all certificates)

– HSM to store private keys

Escrow of private encryption keys

• Lost private key => encrypted data is lost– Users may effectively destroy critical data

• Escrow is saving the private key to avoid such loss• Don’t want to escrow signing and authentication keys

(hampers non-repudiation – users may claim someone used the escrowed copy for that signature)

• Secure storage of keys and recovery procedures can be expensive

• Users may need multiple certificates for signing and encryption – some applications don’t handle this well

Publishing certificates

• For encryption, users need the recipient’s public certificate

• How do they get it?– Received S/MIME email– Exchanged .cer or other format file– LDAP lookup (requires that the CA publish

certificates to the directory)

Certificate Revocation Lists (CRLs)

• End user certificates may be revoked:– Compromised private key

– Left institution

– Misbehaved

– Got newer certificate

• Applications that care can check a list of revoked certificate serial numbers from the CA

• Alternatives:– Online Certificate Status Protocol

– Consult an authorization system after authentication

Policies and practices• Rules for how a CA operates and how users

are vetted when registering for certificates– Certificate Policy (CP): requirements for granting

and managing PKI credentials– Certification Practices Statement (CPS): actual

steps an institution takes to implement CP

• Don’t get intimidated or bogged down making your CP/CPS perfect! Consider what you are replacing and get your feet wet…

• http://middleware.internet2.edu/hepki-tag/pki-lite/pki-lite-policy-practices-current.html