Protocols
Microsoft supports EU Signature standard in Office 2010
2010-Apr-30 09:51
Microsoft has decided to support the EU digital signature format XAdES in Office 2010.
Read more about this at: http://blogs.technet.com/office2010/archive/2009/12/08/digital-signitures-in-office-2010.aspx
This format builds on the XML Digital signature standard from W3C which is the globally accepted standard for XML signatures.
Read More...
Read more about this at: http://blogs.technet.com/office2010/archive/2009/12/08/digital-signitures-in-office-2010.aspx
This format builds on the XML Digital signature standard from W3C which is the globally accepted standard for XML signatures.
Read More...
Internationalization - A growing pain for Internet protocol design
2009-Nov-16 06:34
International characters are becoming a growing pain for Internet protocol design.
Many protocols just deal with 7-bit ASCII on the basic protocol level while there is an increasing demand for information expression in local languages at the application layer. Various protocols like Internet mail and DNS has addressed this issue by defining conventions to carry international characters over 7-bit ASCII. The problem is rather straightforward as long as the task is limited to presentation of data in a local language context, but grows to a very hard problem when the task is expanded to comparison of canonicalized strings from different sources. The problem is even harder if consistency between visual matching and matching of encoded character strings is required.
The technical plenary at the 76th IETF in Hiroshima (November 8-13 2009) recently focused in on this particular problem. Read More...
Many protocols just deal with 7-bit ASCII on the basic protocol level while there is an increasing demand for information expression in local languages at the application layer. Various protocols like Internet mail and DNS has addressed this issue by defining conventions to carry international characters over 7-bit ASCII. The problem is rather straightforward as long as the task is limited to presentation of data in a local language context, but grows to a very hard problem when the task is expanded to comparison of canonicalized strings from different sources. The problem is even harder if consistency between visual matching and matching of encoded character strings is required.
The technical plenary at the 76th IETF in Hiroshima (November 8-13 2009) recently focused in on this particular problem. Read More...
TLS Cached Info update
2009-Nov-12 03:19
I’m currently writing a new standard for TLS which will allow the client to cache big portions of static data exchanged during TLS handshake negotiations and allow the server to omit resending this data on consecutive handshakes, such as in consecutive re-negotiations.
My slides for the TLS meeting today at the Hiroshima IETF, showing the basic approach. is available here: Cached Info (PDF).
Read More...
My slides for the TLS meeting today at the Hiroshima IETF, showing the basic approach. is available here: Cached Info (PDF).
Read More...
Null Prefix attack against TLS Server Certificates
2009-Nov-12 02:49
A new embarrassing attack was recently discovered and exploited on Server Certificates and their validation in many current browser environments.
The discovery is that current deployment of domain name matching between the domain expressed in the certificate and the domain protected by the certificate use string matching which treat character 00 (\0) as end of string.
Read More...
The discovery is that current deployment of domain name matching between the domain expressed in the certificate and the domain protected by the certificate use string matching which treat character 00 (\0) as end of string.
Read More...
New attack against TLS
2009-Nov-12 02:32
The TLS workgroup in the IETF (Internet Engineering Task Force) is currently heavily engaged in finding a quick solution to the just recently discovered and published attack against TLS using TLS renegotiaion. Read More...
IETF agrees to develop Visual eID standard
2009-May-14 14:35
The PKIX group of the Internet Engineering Task Force has decided to adopt the work item to develop a standard for visual representation of e-identification certificates.
The PKIX group accepted the draft proposed by the Visual eID project as starting point for the standards work.
The current PKIX draft can be found here. Read More...
The PKIX group accepted the draft proposed by the Visual eID project as starting point for the standards work.
The current PKIX draft can be found here. Read More...
FIrst visual eID draft posted
2009-Apr-22 12:20
The first IETF draft is posted:
draft-santesson-pkix-certimage-00
The first draft is a result from an initial design process within the editorial team as well as discussions with partners and members of the CA Browser Forum.
This draft will initiate discussion in the PKIX WG whether to accept this as an adopted work item.
Read More...
draft-santesson-pkix-certimage-00
The first draft is a result from an initial design process within the editorial team as well as discussions with partners and members of the CA Browser Forum.
This draft will initiate discussion in the PKIX WG whether to accept this as an adopted work item.
Read More...
Scalable Image Formats
2009-Apr-20 14:14
In the discussions concerning a visual image of an identity certificate, the image format of choice is a hot topic.
The issuer of the certificate knows what the image should look like but don’t know the type, size and resolution of the screen where it will be displayed. Therefore, what we need is a scalable image format that can render text and graphical elements.
Choosing one image format has however turned out to be a bit problematic.
Read More...
The issuer of the certificate knows what the image should look like but don’t know the type, size and resolution of the screen where it will be displayed. Therefore, what we need is a scalable image format that can render text and graphical elements.
Choosing one image format has however turned out to be a bit problematic.
Read More...
Cert Cache adopted as TLS standards work
2009-Mar-26 19:26
Today (March 26) at the IETF 74 conference, the TLS working group decided to adopt the certificate cache work with the intention to develop this to a new TLS standard. The decision was made after my presentation of the certcache proposal at the TLS working group.
The basic idea behind this proposal can be found in this blog article.
The first draft (draft-santesson-tls-certcache-00) is available here
Read More...
The basic idea behind this proposal can be found in this blog article.
The first draft (draft-santesson-tls-certcache-00) is available here
Read More...
ETSI approves new European PDF signature standard
2009-Mar-19 12:57
The Electronic Signature Initiative group of the European Telecommunication Standards Institute, ETSI ESI, approved PAdES, the European standard for PDF Advanced Electronic Signatures on March 18, 2009.
PAdES, or ETSI standard TS 102 778, is ETSI’s continuation of EU commission funded standardization of Advanced Electronic Signatures in support of the EU Electronic Signature Directive from 1999. PAdES is the third signature standard in the ETSI series covering signatures on PDF documents. Previously published ETSI signature standards have specified signatures on XML documents (XAdES) and signatures using CMS (CAdES) where CMS is the ASN.1 based signature (Cryptographic Message Syntax) developed by IETF as part of the S/MIME standards series for secure e-mail.
Read More...
PAdES, or ETSI standard TS 102 778, is ETSI’s continuation of EU commission funded standardization of Advanced Electronic Signatures in support of the EU Electronic Signature Directive from 1999. PAdES is the third signature standard in the ETSI series covering signatures on PDF documents. Previously published ETSI signature standards have specified signatures on XML documents (XAdES) and signatures using CMS (CAdES) where CMS is the ASN.1 based signature (Cryptographic Message Syntax) developed by IETF as part of the S/MIME standards series for secure e-mail.
Read More...
Updating the IETF Time Stamp standard
2009-Mar-14 01:08
The IETF standard for time stamps is currently being updated - But are the changes really necessary? Read More...
PKI Resource Query Protocol (PRQP) Deployed by Federal Bridge and OpenCA
2009-Mar-11 13:57
A fairly new and unknown protocol, the PKI Resource Query Protocol (PRQP) developed in the IETF PKIX Work Group, is being deployed by the US Federal Bride and OpenCA, reports the editor of the current draft, Massimiliano Pala.
Read More...
Read More...
Defining Hash functions without security properties
2009-Mar-10 03:19
Do we need hash functions with no security properties in order to not confuse their use with cases when security is a requirement. A current discussion in the International standards community is trying to decide whether to standardise hash functions without security properties.
Read More...
Read More...
Visual Electronic Identities
2009-Mar-09 14:24
How can we provide applications with standard User Interface tools to display a meaningful representation of an electronic identity (eID)
Read More...
Read More...
Optimising TLS handshake through certificate caching
2009-Mar-09 11:36
A possible but unexplored optimisation of the TLS handshake is to cache server certificates. I’m proposing a new IETF standard that specifies a method to accomplish this. Read More...