Re: Digital Certificates Concepts needed (newbie to Crypto)
From: Miro Masnoglav (miro.masnoglav_at_adacta.si)
Date: 04/07/04
- Next message: Jan Plastenjak: "Re: Multithread (CAPI)"
- Previous message: Miro Masnoglav: "Re: Debug CSP"
- In reply to: MidbarSinai: "Digital Certificates Concepts needed (newbie to Crypto)"
- Next in thread: Eugene Mayevski: "Re: Digital Certificates Concepts needed (newbie to Crypto)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 7 Apr 2004 11:35:57 +0200
Try with this for start:
http://www.schneier.com/book-applied.html
and if this is not enough:
http://www.cacr.math.uwaterloo.ca/hac/
Miro
"MidbarSinai" <midbarsinai@midbarnospam.org> wrote in message
news:1qnbgbg711mqe$.dlg@midbarnospam.org...
> I,
> Later this year I will have a project requirement to implement web
> authentication via smartcards that will hold client certificates. This
> client certificates were issued by a comercial CA.
>
> I'm using vb.net /asp.net /IIS / SSL WebServer Certificate
>
> At this time I'm not searching for code samples. What I need is some
> Fundamental Concepts in the hope that the theory will help understand some
> real life pratical issues. I've been reading a lot of stuff about this but
> i'm very, very confused.
>
> If you can, please Help (and others like me)
>
> Questions:
>
> Assuming that asking the client browser for a client certificate has no
> problems, how will I verify that the user is who claims to be.? If I get
> the clients public Key, where should I evaluate validity of client
> certificate? Against what? I've been reading about ono-to-one mapping
> against windows accounts. Problem is that I will have some thousands of
> users to manage and many-to-one seems not to be a good idea because I need
> to set a permission set to each user.
> So is it possible to store something(what?) in a database and map the
> certificates against it? Will I have to save the certificates in some
place
> for later reference?
>
> After correct authentication subsequent requests are authorized via
> authentication cookie or will I have to check the certificate in every
> request?
>
> How does CRL get in the middle. How do we verify that the certificate is
> not revoked? Do we have to have a online connection / request to the CA?
>
> I will also have the need to save user data. That data should be signed in
> order to get PKI benefits like non repudiation. How is this done? In the
> case of a document (eg PDF) being produced related to user data input How
> will I sign the document or ask the user to? Being the programmer can I
> forge a user identity? If needed how will I tell if a given document is
> signed by a certain user or how will I be notified that some document has
> been compromised(altered)?
>
> Is it possible to sign form data? Suppose some user inputs some data in
> some fields that are saved to a database in some related tables. Can we
> digitaly sign that data?
>
> As you can guess I lack a lot of concepts... please help!
> Also, If you can, please direct me to some tutorials, books,...
>
> TIA, Midbar
- Next message: Jan Plastenjak: "Re: Multithread (CAPI)"
- Previous message: Miro Masnoglav: "Re: Debug CSP"
- In reply to: MidbarSinai: "Digital Certificates Concepts needed (newbie to Crypto)"
- Next in thread: Eugene Mayevski: "Re: Digital Certificates Concepts needed (newbie to Crypto)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
