LINEBURG


<< Пред. стр.

страница 28
(всего 28)

ОГЛАВЛЕНИЕ

43. Стардеван К. PKI заступает на дежурство // PCWeek/RE,
Netweek. 2001. № 6 (276).
www.pcweek.ru/Year2001/N6/CP1251/NetWeek/chaptl.htm
44. Чакон М. Службы каталогов: в единстве - сила //
LAN/Журн. сетевых решений. 1999. №10.
45. Че Ли. Задраить люки // LAN/ Журн. сетевых решений.
1996. № 4. www.osp.ru/lan/1996/04/89.htm.
46. Advances and Remaining Challenges to Adoption of Public
Key Infrastructure Technology. U.S. General Accounting Office. GAO-
01-277. February, 2001.
47. Architecture for Public-Key Infrastructure (APKI). Open
Group Guide. G801. The Open Group. 1998.
www.opengroup.org/onlinepubs/009219899/toc.htm.
48. Aura Tuomas, Ellison Carl. Privacy and Accountability in Cer
tification Systems. Helsinki University of Technology, Laboratory for
Theoretical Computer Science. Research Report. April 2000.
49. Bobbit Mike. PKI Policy Pitfalls // Information Security Maga
zine. July 2001.
50. Brink Derek. PKI and Financial Return on Investment/ A PKI
Forum Note. August 2002. www.pkiforum.org/resourcees.html.
51. Burr William, Dodson Donna, Nazario Noel, Polk W. Timothy.
Minimum Interoperability Specification for PKI Components (MISPC),
Version 1. NIST SP 800-15. January, 1998.
52. Certification Authority Guidelines. Electronic Commerce Pro
motion Council of Japan (ECOM). 1997-1998. www.ecom.or.jp. >
53. CCITT (International Telegraph and Telephone Consultative
Committee). Recommendation X.208: Specification of Abstract Syntax
Notation One (ASN.l). Geneva. 1988.
54. CCITT. Recommendation X.209: Specification of Basic En
coding Rules for Abstract Syntax Notation One (ASN.l). Geneva. 1988
55. CCITT Recommendation X.500: The Directory. Geneva. 1993
56. CCITT. Recommendation X.501: The Directory - Models. Ge
neva. 1988.
57. CCITT. Recommendation X.800: Security Architecture for
Open Systems Interconnection for CCITT Applications. Geneva. 1991.




PDF created with pdfFactory Pro trial version www.pdffactory.com
______Список использованной литературы ______________ 243


58. Certification Authority Systems. OCC 99-20, Office of Comp
troller of the Currency. May 4. 1999.
59. Ellison Carl, Schneier Brace. Ten Risks of PKI: What You're
not Being Told about Public Key Infrastructure // Computer Security
Journal, vol. XVI. number 1. 2000.
60. European Trusted Services (ETS) - results of 1995 TTPS pro
jects. A. Nilson. Marinade Limited. April 1997.
61. German Draft Digital Signature Law (SigG), English transla
tion by Christopher Kuner. 1996.
www.ourworld.compuserve.com/homepages/ckuner/digsig.htm
62. Guideline for Implementing Cryptography in the Federal Gov
ernment. NIST SP 800-21. November 1999.
63. Housley R., Polk W. Timothy. Planning for PKI: Best practices
for PKI Deployment. Wiley & Sons. 2001
64. Johner H., Fujiwara S., Sm Yeung A., Stephanou A., Whitmore
Deploying a Public Key Infrastructure. International Technical Support
Organization. SG24-5512-00. February 2000. www.redbooks.ibm.com.
65. ISO/ШС 8824 Object Identifiers (OIDs).
66. ISO/ffiC JT1/SC27 WD 14516-1. Guidelines for the use and
management of Trusted Third Party services - Part 1: General Overview.
1995. 11.
67. ISO/ffiC JT1/SC27 WD 14516-2. Guidelines for the use and
management of Trusted Third Party services - Part 2: Technical aspects.
1996.6.21.
68. ITU-T (International Telecommunications Union) Recommen
dation X.509: Information Technology - Open Systems Interconnection -
The Directory: Authentication Framework. 2000.
69. ITU-T Recommendation X.509. Information Technology -
Open Systems Interconnection - The Directory Public Key and Attribute
Certificate Frameworks. June 2000 (документ эквивалентен ISO/ШС
9594-8 Directory Services, 2000).
70. King Christopher M. Building a Corporate Public Key Infra
structure. INFOSEC Engineering, Inc. 1997. www.infoseceng.com.
71. Kiran S., Lareau P., L Lloyd S. PKI Basics - A Technical In
troduction // A PKI Forum Note. November 2002.
www.pkiforum.org/resourcees.html




PDF created with pdfFactory Pro trial version www.pdffactory.com
244 ___________________Основы технологии РК1 _________________


72. Kuhn D.Richard, Hu Vincent С., Polk W.Timothy, Chang Shu-
Jen. Introduction to Public Key Technology and the Federal PKI Infra
structure. National Institute of Standards and Technology. February.
2001.
73. Lareau P. PKI Basics - A Business Perspective // A PKI Forum
Note. April 2002. www.pkiforum.org/resourcees.html.
74. Legal and Regulatory Issues for the European Trusted Services
Infrastructure - ETS. ISTEV. June 1997
75. Lloyd Steve. Understanding Certification Path Construction //
A PKI Forum White Paper. September 2002.
www.pkiforum.org/resources.html.
76. Masse David. G., Fernandes Andrew D. Economic Modelling
and Risk Management in Public Key Infrastructures. 1999.
www.masse.org/rsa97/index.html.
77. O'Higgins B. What is the Difference Between a Public Key In
frastructure and a Certification Authority.
www.ema.org/html/pubs/mmv4n2/pki.htm.
78. Polk W.Timothy, Hastings Nelson E. Bridge Certification Au
thorities: Connecting B2B Public Key Infrastructures. NIST.
79. Public Key Infrastructure: Group Test (Edition 3), NSS Group
Report. December 2000. www.NSS.co.uk.
80. Public Key Infrastructure Standards.
www.wiltsec.co.uk/standards/pki.htm.
81. RSA Keon Certificate Authority Product Overview. Technol
ogy White Paper, www.rsasecurity.com.
82. Secure Electronic Transaction Specification. The Business De
scription. www.setco.org/set_specifications.html.
83. Secure Electronic Transaction Specification. Formal Protocol
Definition. www.setco.org/set_specifications.html.
84. Secure Electronic Transaction. The Specification Programmer's
Guide. www.setco.org/set_specifications.html.
85. Stapleton Jeff. CA Trust // A PKI Forum Note. July 2001.
www.pkiforum.org/resourcees.html.
86. Synopsis of PKI and Related Standards / The Center For In
formation Technology Standards. 2000. www.itsi.disa.mil.




PDF created with pdfFactory Pro trial version www.pdffactory.com
_____________ Список использованной литературы _______________245


87. Understanding Public Key Infrastructure (PKI), Technology
White Paper. PKI WP 0999. RSA Security Inc. 1999
www.rsasecurity.com.
88. Utah Digital Signature Act (1996).
www.gvnfo.state.ut.us/ccjj/digsig/dsut-act.htm.
89. Xenitellis Symeon (Symos). The Open-source PKI Book
OpenCA Team. 1999-2000. ospkibook.sourceforge.net.
90. Younglove Roger. PKI: How It Works NetworkCare White
paper. Lucent Technologies Inc. 2000.
www.lucent.com/knowledge/documentdetail.
Документы IETF PKIX RFC по номерам: www.rfc
editor.org/cgi-bin/rfcsearch.pl и www.irac.org/ietf-pkix:
91. RFC 2510 Certificate Management Protocols (CMP).
92. RFC2511 Certificate Request Protocol.
93. RFC2527 Certificate Policy and Certification Practices Frame
work.
94. RFC2559 LDAP V2 Operational Protocols.
95. RFC2560 Online Certificate Status Protocol (OCSP).
96. RFC2585 HTTP/FTP Operations.
97. RFC2587 LDAP V2 Schema.
98. RFC2797 Certificate Management Messages over CMS (CMC).
99. RFC2875 Diffie-Hellman Proof-of-Possession (POP) Algo
rithms.
100. RFC 3029 Data Validation and Certification Server Protocols
101. RFC 3039 Qualified Certificates Profile.
102. RFC 3161 Time-Stamp Protocol (TSP).
103. RFC 3279 Algorithms and Identifiers for the Internet X.50'
Public Key Infrastructure Certificate and Certificate Revocation Lis
(CRL) Profile.
104. RFC 3280 Certificate & CRL Profile.
105. RFC 3281 An Internet Attribute Certificate Profile for Au
thorization.
106. RFC 2311 S/MIME Version 2 Message Specification.
107. RFC 2312 S/MIMEv2 Certificate Handling.
108. RFC 2630 Cryptographic Message Syntax (CMS).
109. RFC 2632 S/MIME V3 Certificate Handling.




PDF created with pdfFactory Pro trial version www.pdffactory.com
246 __________________ Основы технологии PKI ________________


110. RFC 2633 S/MIME V3 Message Specification.
111. RFC 2634 Enhanced Security Services for S/MIME.
112. RFC 2785 Methods for Avoiding the "Small-Subgroup" At
tacks on the Diffie-Hellman Key Agreement Method for S/MIME.
113. RFC 2246 TLS Protocol Version 1.0.
114. RFC 2659 Security Extensions For HTML.
115. RFC 2660 The Secure HyperText Transfer Protocol.
116. RFC 2817 Upgrading to TLS Within HTTP.
117. RFC 2818 HTTP Over TLS.
118. RFC 2401 Security Architecture for the Internet Protocol.
119. RFC 2402 IP Authentication Header.
120. RFC 2406 IP Encapsulating Security Payload (ESP).
121. RFC 2408 Internet Security Association and Key Manage
ment Protocol (ISAKMP).
122. RFC 2137 Secure Domain Name System Dynamic Update.
123. RFC 2535 Domain Name System Security Extensions.
124. RFC 2536 DSA KEYs and SIGs in the Domain Name System.
125. RFC 2537 RSA/MD5 KEYs and SIGs in the Domain Name
System.
126. RFC 2538 Storing Certificates in the Domain Name System.
127. RFC 2539 Storage of Diffie-Hellman Keys in the Domain
Name System.
128. RFC 2540 Detached Domain Name System Information.
129. RFC 2541 DNS Security Operational Considerations.
Документы PKCS по номерам:
www.rsasecurity.com/rsalabs/pkcs/:
130. PKCS#1 RSA Cryptography.
131. PKCS #3 Diffie-Hellman Key Agreement.
132. PKCS #5 Password-Based Cryptography.
133. PKCS #6 Extended-Certificate Syntax.
134. PKCS#7 Cryptographic Message Syntax.
135. PKCS #8 Private-Key Information Syntax.
136. PKCS #9 Selected Attribute Types.
137. PKCS#10 Certification Request Syntax.
138. PKCS#11 Cryptographic Token Interface (Cryptoki).
139. PKCS #12 Personal Information Exchange Syntax.




PDF created with pdfFactory Pro trial version www.pdffactory.com
_______ Список использованной литературы
______ 247

140. PKCS #13 Elliptic Curve Cryptography.
141. PKCS #15 Cryptographic Token Information Format.
142. www.adam.ru/Pki/Vepr/
143. www.baltimore.com
144. beda.stup.ac.ru/RV-conf/
145. www.computery.ru
146. www.cryptography.ru
147. www.cryptopro.ru
148. www.digsig.com
149. www.enrtust.com
150. www.finestreet.ru/magazins/electronica
151. www.imc.org/ietf-pkix
152. www.infoseceng.com
153. www.ip6.msu.ru/probl7.htm
154. www.iso.ch
155. www.ispras.ru
156. www.itsi.disa.mil
157. www.keon.ru/WIN/GLOSSARY/pkcs.htm
158. www.lucent.com/knowledge/documentdetail
159. www.masse.org/rsa97/index.html
160. www.opengroup.org
161. www.osp.ru
162. www.pgpi.org
163. www.pkiforum.org/resources.html
164. www.pki-page.com
165. www.pgp2all.org.ru/data/tech/howpgp.html#basic
166. www.racal.ru/rsp/glossary.htm
167. www.rfc-editor.org/cgi-bin/rfcsearch.pl
168. www.rsasecurity.com/rsalabs/pkcs/
169. www.security.mari-el.ru
170. www.setco.org/set_specifications.html
171. www.setevoj.ru
172. www.verisign.com
173. www.x509.ru
174. www.weekly.cnews.ru
175. www.wiltsec.co.uk/standards/pki.htm




PDF created with pdfFactory Pro trial version www.pdffactory.com
ОГЛАВЛЕНИЕ
Сокращения, принятые в книге ................................................................3
Введение............................................................................................... 4
1. СЕРВИСЫ И МЕХАНИЗМЫ БЕЗОПАСНОСТИ ...................................9
1.1. Сервисы безопасности................................................................9
1.2. Некриптографические механизмы безопасности......................... 11
1.3. Криптографические механизмы безопасности.............................15
2. СТРУКТУРА, СЕРВИСЫ И АРХИТЕКТУРА PKI................................. 23
2.1. Основные подходы к реализации PKI ....................................... 23
2.2. Компоненты и сервисы инфраструктуры открытых ключей ..........32
2.3. Архитектура и топология PKI................................................... 40
3. СТАНДАРТЫ И СПЕЦИФИКАЦИИ PKI ........................................... 50
3.1. Стандарты в области PKI .......................................................... 50
3.2. Стандарты Internet X.509 PKI (PKIX) ........................................ 59
4. СТРУКТУРЫ ДАННЫХ PKI........'...................................................... 70
4.1. Сертификаты открытых ключей Х.509........................................ 70
4.2. Списки аннулированных сертификатов...................................... 80
4.3. Атрибутные сертификаты ......................................................... 86
5. ПОЛИТИКА PKI................................................................................ 89
5.1. Основные требования к политике PKI........................................ 89
5.2. Политика применения сертификатов и регламент........................ 91
5.3. Краткая характеристика политики PKI....................................... 96
5.4. Набор положений политики PKI................................................ 99
5.5. Проблемы формирования политики PKI ................................... 112
6. ПРОБЛЕМЫ И РИСКИ ТЕХНОЛОГИИ PKI ...................................... 129
6.1. Риски создания, распространения и принятия сертификатов........ 130
6.2. Риски управления сертификатами.............................................133
6.3. Проблемы аутентификации и секретности.................................140
6.4. Правовые аспекты использования РЮ....................................... 147
7. РАЗВЕРТЫВАНИЕ ИНФРАСТРУКТУРЫ ОТКРЫТЫХ КЛЮЧЕЙ ......153
7.1. Предварительный этап.............................................................153
7.2. Проектирование ...................................................................... 159
7.3.Создание прототипа, пилотный проект и внедрение..................... 169
8. ПРОГРАММНЫЕ СРЕДСТВА ПОДДЕРЖКИ PKI...............................171
8.1. Программное обеспечение PKI ведущих мировых
производителей ............................................................................ 171
8.2. Программное обеспечение PKI российских компаний ............... 198
Заключение......................................................................................... 212
Приложение 1. Набор положений политики PKI..................................... 214
Приложение 2. Сравнительная характеристика программных продуктов...220
Глоссарий............................................................................................225
Список использованной литературы.......................................................239




PDF created with pdfFactory Pro trial version www.pdffactory.com
PDF created with pdfFactory Pro trial version www.pdffactory.com

<< Пред. стр.

страница 28
(всего 28)

ОГЛАВЛЕНИЕ

Copyright © Design by: Sunlight webdesign