CADDISC Project (Jan 2003-Dec 2003)
Combining LDAP and DNSsec to distribute keys securely
Project CADDISC is followed by VERICERT
Project URL
http://www-lor.int-evry.fr/~maknavic/CADDISC/
Four partners
Abstract
This project proposes to combine works done in the DNSsec and LDAP domains
to implement a secure PKI (Public Key Infrastructure). DNSsec is a current
standard (RFC 2535) proposed by the IETF which aims to secure the DNS (Domain
Name System) and which should be largely deployed in the next few years. The
problem of DNSsec is that it is unable to manage some short-lived information.
As such, LDAP (Lightweigth Directory Access Protocol) seems to be the solution
to manage the public key certificates of users or devices (servers, PC...)
as LDAP is well introduced in the professional sector. The goal of the project
is to define a two-level PKI, a global one based on DNSsec, and a local one
(companies, schools) using LDAP.
Project deliverables are available in French only
- Document SP1.1 :
- Document SP1.2 (DNSsec and certification)
- Document SP1.3 : Spécifications du couplage de LDAP et DNSsec pour distribuer des clés publiques (Specifications for combining LDAP and DNSsec to distribute public keys), octobre 2003
- Document SP2.1 :
- Fonctionnement de l'outil Apache/OpenCA",
septembre 2003
- Installation et configuration de
OpenLDAP et de logiciels le complétant, octobre 2003
- Installation de OpenCA, octobre
2003
- Configuration de la CA et de la RA
avec OpenCA, octobre 2003
- Gestion des certificats par OpenCA, octobre 2003
- Fichiers de configuration de OpenCA,
OpenSSL, Apache, OpenLDAP, octobre 2003
- Client CADDISC de vérification d'une chaine
de certification LDAP, octobre 2003
- Document de mise à jour des fichiers d'installation de OpenLDAP et OpenCA produits en 2004, Sébastien Abaga, ENST-Bretagne, 2004.
- Document SP4.1 : Résumé de Authentis, mars 2003
- Document SP4.2 : Etude de l'utilisation de CADDISC pour gérer
les clés dans Authentis (Study on how to use CADDISC to manage keys
in Authentis)
- Document SP5.1 : Comparaison de IDsA et CADDISC, (Comparison between IDsA and CADDISC), octobre 2003
- Document SP6.1 : Intégration des outils LDAP et DNSsec (Integration
of LDAP and DNSsec tools)
- Document SP7.1 : Note sur le déploiement de l'infrastructure PKI
- Document SP8.1 : Rapport sur les tests effectués entre écoles (Report on tests realized between schools)
Publications regarding LDAP, DNSsec, and IP security
- [Dup02] Francis Dupont, " DNSsec for IPsec: The RNRT "IDsA" Project
", IPsec 2002, Paris, Dec. 2002.
- [Hec02] A. Hecker, H. Labiod, A. Serhrouchni, " Authentis: Through
Incremental Authentication Models to Secure Interconnected Wi-Fi WLANs ",
Second IEEE Workshop on Applications and Services in Wireless Networks ASWN
2002, Paris, July 2002.
- [IDsA] Infrastructure DNSsec et Applications, www.telecom.gouv.fr/rnrt/projets/res_02_22.htm.
- [Lau01] M. Laurent, " La sécurité d'Internet ", Technique
de l'Ingénieur, 2001.
- [Ras02] N. Rasamoely, "Gestion
des certificats par LDAP", septembre 2002.
- D.A. Wheeler, "Easier Email Security is on the Way?", November 2004 (original version April 2002)
IETF works
- [RFC1559] S. Boeyen, T. Howes, P. Richard, " Internet X.509 Public
Key Infrastructure: Operational Protocols - LDAPv2 ", RFC 2559, April 1999.
- [RFC2251] M. Wahl, T. Howes, S. Kille, " Lightweight Directory Access
Protocol (v3) ", RFC 2251, Dec. 1997.
- [RFC2459] R. Housley, W. Ford, W. Polk, D. Solo, " Internet X.509
Public Key Infrastructure Certificate and CRL Profile ", RFC 2459, Jan. 1999.
- [RFC2535] D. Eastlake, " Domain Name System Security Extensions ",
RFC 2535, March 1999.
- [RFC2587] S. Boeyen, T. Howes, P. Richard, " Internet X.509 Public
Key Infrastructure: LDAPv2 Schema ", RFC 2587, June 1999.
This page is maintained by Maryline Maknavicius-Laurent
©Maryline Maknavicius-Laurent