[security-devroom] [Talk/Demo Submission] Dogtag Certificate System (open source PKI)

Kashyap Chamarthy kashyap.cv at gmail.com
Fri Nov 18 06:43:14 CET 2011


On Fri, Nov 18, 2011 at 1:13 AM, Бранко Мајић <branko at majic.rs> wrote:
> Hello Kashyap,
>
> I look forward to hearing some more about Dogtag system, especially
> from the system-administrator perspective. What I'd be interested as
> well would be possibility of interoperability between EJBCA and Dogtag
> (since I'm planning on extending my cookbook at some point).

Branko,

Sure, we can try out. I haven't tried EJBCA yet, would be interesting
to see how they play together.
>
> Deploying Dogtag on a non-Fedora/RHEL/CentOS system would also be an
> interesting thing to see.
>
> Best regards :)
>
> P.S.
> Any chance of setting-up some kind of LiveCD with Dogtag on top of it
> for handing out to people - or even downloadable image would do?

That's a neat idea.  I'll spin up a live-iso(mostly Fedora-16 based)
w/ dogtag pki and will put it out on web. Will respond here once I'm
done.
(My travel is not yet confirmed.)

--
/kashyap
>
> Дана Wed, 16 Nov 2011 21:29:57 +0530
> Kashyap Chamarthy <kashyap.cv at gmail.com> написа:
>
>> Heya,
>>
>> Here is my talk/demo submission for "Hardware Security and
>> Cryptography" room  at Fosdem.  I also added it to the below wiki (I'd
>> prefer to do a demo if time permits)
>>
>> http://www.opensc-project.org/opensc/wiki/FOSDEM2012
>>
>>
>>
>> Abstract for 'Dogtag Certificate System':
>> --------------------------------------------------
>> This talk gives a brief overview of Dogtag Certificate System, an
>> open-source and open-standards based scalable PKI(public-key
>> infrastructure) solution. It lets you manage digital certificate life
>> cycle -- common operations like certificate issuance, revocation,
>> retrieval, renewal, manage Certificate Revocation Lists, certificate
>> status checking using OCSP, key archival/recovery.
>>
>> The talk also provides a deployment overview of different configurable
>> subsystems like CA(Certificate Authority) -- this is the core part of
>> certificate system which handles basic certificate management
>> operations. Other subsystems include DRM(data recovery manager) --
>> which is used for 'key' archival and recovery; OCSP(online certificate
>> status protocol) -- for checking whether a certificate is valid.
>> RA(Registration Authority) -- for locally generating and submitting
>> certificate requests(and validate them) effectively reducing load on
>> CA. There are couple of other subsystems for token management
>> (TKS/TPS)
>>
>>
>> Demonstration:
>> -------------------
>> If possible, I'd also prefer to show a quick demo of configuring
>> different subsystems like CA, KRA(Key Recovery Archival), OCSP,
>> RA(Registration Authority) using virtual machines on my laptop with
>> the current upstream dogtag pki . This would hopefully be useful for
>> sys. admins trying to deploy an enterprise class PKI. (I'd be using
>> some test scripts[2], but, I may use slightly updated scripts at that
>> time of demo.)
>>
>
>
>
> --
> Branko Majic
> Jabber: branko at majic.rs
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: branko at majic.rs
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> _______________________________________________
> Security-devroom mailing list
> Security-devroom at lists.fosdem.org
> http://lists.fosdem.org/mailman/listinfo/security-devroom
>
>


More information about the Security-devroom mailing list