Historical Perspective

• PKI complexity has limited its use
  • Enrollment - multiple approaches
  • No std discovery approach - CAs, Certs, Keys
  • 'Cert' standardization & interpretation
  • Trust management
    • Chain-building logic
    • 'OID' interpretation
    • Cross certification & cert hierarchies
• Client handling of complex ASN.1 and PKCS data structures
• Effective Revocation/Validation
• Affects every client
• Interoperability issues

XKMS Overview

• Define XML compatible key mgmt
• Make PKI-based security easier to use
  • Address multi-vendor, cross-plat issues
  • Support multiple Trust/PKI infrastructures
  • Allow clients to offload complex, and difficult, trust assessment
  • Integrate key validity checks
  • Keep the interfaces simple
  • Keep interactions simple
• XKMS Specfication published as a W3C Recommendation 28 June 2005
  • Work started in December 2001
  • Consensus by public and member review
  • Proof of implementation and interoperability of features

XKMS Approach

Trust Models (1 of 2)

• XKMS is trust model agnostic
  • PKIX, PGP, Key-based, Proprietary
• Services define supported model
  • Similar to CA publishing a Certification Practices Statement
  • Contract between the Service and the Applications
• XKMS does not tell one how to do this or what the business relationships should be

Trust Models (2 of 2)

• But, there's still a bootstrapping problem
  • Apps need to pick the right trust model
  • Need to trust in an XKMS service(s)
• XKMS doesn't define how to handle this
• Will likely mirror what already happens
  • Keys for high-volume, low-value, Services widely distributed
  • Keys for Enterprise Services distributed via internal trust
  • Keys for vertical market, high-value, apps using high assurance mechanism

XKMS Services

• XML Key Information Service Specification (X-KISS)
  • Services to resolve <dsig:keyInfo> elements (parsing, validating, retrieving)
  • Retrieving of public keys for a given application and context (encryption, signing, exchange>
• XML Key Registration Service Specification (X-KRSS)
  • Public-Key Certificate creation and management services (Register, Reissue, Revoke, Recover)

XML Key Information Service Specification (X-KISS)

• Locate Service
  • Can find public key certificates for a given application and context
  • Can resolve a <ds:KeyInfo> element (includes retrieving and extracting information from a certificate)
  • Both the request and/or the response may be signed usng an XML signature
• Validate Service
  • Does the same thing as Locate but provides trust assertions about the validity of certificates

X-KISS Locate Example (1 of 3)

X-KISS Locate Example (2 of 3)

Locate Request. The client wants to extract the public-key key from a certificate.

<LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="I749230b6fd389a038a639846a9399b12"
      Service="http://markupsecurity.com:4080/xkms/service/soap12"
      xmlns="http://www.w3.org/2002/03/xkms#">

  <RespondWith>http://www.w3.org/2002/03/xkms#KeyValue</RespondWith>

  <QueryKeyBinding>

    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>
          MIIClzCCAg...
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>

  </QueryKeyBinding>

</LocateRequest>

X-KISS Locate Example (3 of 3)

Locate Response. The Server DOES not report the revocation status or trustworthiness of the certificate.

<LocateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      Id="I7f6ac825f8ba901ef65b705273fa731c"
      Service="http://markupsecurity.com:4080/xkms/service/soap12"
      ResultMajor="http://www.w3.org/2002/03/xkms#Success"
      RequestId="I749230b6fd389a038a639846a9399b12"
      xmlns="http://www.w3.org/2002/03/xkms#">

  <UnverifiedKeyBinding Id="I74509207b634bacd36ef9d993b789ab2">

    <ds:KeyInfo>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>
            zcd/HfKPNiiXdKgTw9WX4ISsdU/...
          </ds:Modulus>
          <ds:Exponent>AQAB</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
    </ds:KeyInfo>

    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Exchange</KeyUsage>
 
    <UseKeyWith Application="urn:ietf:rfc:2633" 
         Identifier="alice@example.com" />

  </UnverifiedKeyBinding>

</LocateResult>

X-KISS Validate Example (1 of 3)

X-KISS Validate Example (2 of 3)

Validate Request. Verifying the validity of a public-key certificate used for signing a message.

<ValidateRequest Id="If774ba9573bef692a15de94a4e75993b" 
      Service="http://markupsecurity.com:4080/xkms/service/soap12"
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns="http://www.w3.org/2002/03/xkms#">

  <RespondWith>http://www.w3.org/2002/03/xkms#X509Cert</RespondWith>

  <QueryKeyBinding>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>
          MIICpzCCAhCgAwIBAgIBZDANBg...
        </ds:X509Certificate>
        <ds:X509Certificate>
          MIIClzCCAgCgAwIBAgICAMgwDQ...
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>

    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>

    <UseKeyWith Application="urn:ietf:rfc:2633" 
         Identifier="alice@example.com" />

  </QueryKeyBinding>

</ValidateRequest>

X-KISS Validate Example (3 of 3)

Validate Response. The certificate is valid. The server signed the response.

<ValidateResult Id="I7f6ac825f8ba901ef65b705273fa731c" 
      Service="http://markupsecurity.com:4080/xkms/service/soap12"
      ResultMajor="http://www.w3.org/2002/03/xkms#Success" 
      RequestId="If774ba9573bef692a15de94a4e75993b"
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns="http://www.w3.org/2002/03/xkms#">

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <ds:Reference URI="#I7f6ac825f8ba901ef65b705273fa731c">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>jbyngZtDC59pt2FBe3C36pE02gU=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
      f75Eao4WKbf...
    </ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>
          MIICmjCCAgOgAw...
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>

  <KeyBinding Id="I39f74868a9b994839120351b75fe7292">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>
          MIIClzCCAgCgAw...
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>

    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Exchange</KeyUsage>

    <UseKeyWith Application="urn:ietf:rfc:2633" 
       Identifier="alice@example.com" />

    <ValidityInterval 
           NotBefore="2004-09-19T21:49:26Z" 
           NotOnOrAfter="2005-09-19T21:49:26Z" />

    <Status StatusValue="http://www.w3.org/2002/03/xkms#Valid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</ValidReason>
    </Status>

  </KeyBinding>
</ValidateResult>

XML Key Registration Service Specification
(X-KRSS)

• Register Service
  • Information is bound to a public key pair through a key binding
  • The public-key pair may be generated by the client or by server
• Reissue Service
  • A previously registered key binding is reissued
• Revoke Service
  • A previously registrered key binding is revoked
• Recover Service
  • The private key associated with a key binding is recovered

X-KRSS Register example (1 of 3)

X-KRSS Register example (2 of 3)

The client requests a binding for a public-key. The request is signed using HMAC-SHA1 and a shared secret (authentication). The client signed the request with its private key (proof of possesion).

<RegisterRequest Id="I947be832f90172b7ef83ac29374fbe84" 
      Service="http://markupsecurity.com:4080/xkms/service/soap12"
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns="http://www.w3.org/2002/03/xkms#">

  <RespondWith>http://www.w3.org/2002/03/xkms#X509Chain</RespondWith>

  <PrototypeKeyBinding Id="If9e462740f5ea7389ba83940bfa88cbe">
    <ds:KeyInfo>
      <ds:KeyValue>
        <ds:DSAKeyValue>
          <ds:P>
            +P61+BdBwklgAGAkGz5D/aGt7X8VvDJcJ8vhqHijFHb0yIQGmB0zzZF59JpwH70o
            ...
        </ds:DSAKeyValue>
      </ds:KeyValue>
    </ds:KeyInfo>
    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633"
           Identifier="deirdre@example.com" />
    <ValidityInterval NotOnOrAfter="2006-03-23T23:06:00Z"/>

    <RevocationCodeIdentifier>UWAZyd0KloHX5p9wfbSghCB1BkE=</RevocationCodeIdentifier>

  </PrototypeKeyBinding>

  <Authentication>
    <KeyBindingAuthentication>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
          <ds:Reference URI="#If9e462740f5ea7389ba83940bfa88cbe">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>nz1IL7Vvd/Rtt+RkDQHmisqmfC0=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>mL9n63rTMN+ozXCIGwAkGmTff8o=</ds:SignatureValue>
        <ds:KeyInfo>
          <ds:KeyName>Deirdre</ds:KeyName>
        </ds:KeyInfo>
      </ds:Signature>
    </KeyBindingAuthentication>
  </Authentication>

  <ProofOfPossession>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
        <ds:Reference URI="#If9e462740f5ea7389ba83940bfa88cbe">
          <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
          <ds:DigestValue>nz1IL7Vvd/Rtt+RkDQHmisqmfC0=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>IGi2iOKo...</ds:SignatureValue>
    </ds:Signature>
  </ProofOfPossession>

</RegisterRequest>

X-KRSS Register example (3 of 3)

Register Result. The server returns the binding as a public-key certificate. The reply is signed by the server.

<RegisterResult Id="I84029cbe839123ae703ef38274be9d81" 
      Service="http://markupsecurity.com:4080/xkms/service/soap12"
      ResultMajor="http://www.w3.org/2002/03/xkms#Success" 
      RequestId="I947be832f90172b7ef83ac29374fbe84"
      xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
      xmlns="http://www.w3.org/2002/03/xkms#">

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
      <ds:Reference URI="#I84029cbe839123ae703ef38274be9d81">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>AaBGKgmYTcwtE0nEuh7MpRfQqrs=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>MBMgyEDI9KRjAYel...</ds:SignatureValue>
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>
          MIIDWTCCAxmgAwIBAgIBZTAJBgcqhkjOOAQDMEMxCzAJBgNVBAYTAklFMQ8wDQYD
          ...
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>
  </ds:Signature>

  <KeyBinding Id="I7493b386ef36a839d0eb983028392030">
    <ds:KeyInfo>
      <ds:X509Data>
        <ds:X509Certificate>
          MIIDZTCCAyWgAwI...
        </ds:X509Certificate>
        <ds:X509Certificate>
          MIIDWDCAxe...
        </ds:X509Certificate>
      </ds:X509Data>
    </ds:KeyInfo>

    <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
a
    <UseKeyWith Application="urn:ietf:rfc:2633" 
          Identifier="deirdre@example.com" />

    <Status StatusValue="http://www.w3.org/2002/03/xkms#Valid">
      <ValidReason>http://www.w3.org/2002/03/xkms#Signature</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#IssuerTrust</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#RevocationStatus</ValidReason>
      <ValidReason>http://www.w3.org/2002/03/xkms#ValidityInterval</ValidReason>
    </Status>

  </KeyBinding>

</RegisterResult>

XKMS Services Common Characteristics

• Synchronous and Asynchronous processing modes
• Support of compound requests (more than one operation in a single request)
• Some basic support to avoid DoS and replay attacks using nonces (two-phase protocol, client generated nonces)
• Supports signing of all protocol messages using xml:disg enveloped signatures
• Passing of opaque client data
• Bindings for HTTP and Soap/1.2 message transport

Breaking X.509 rules (1 of 2)

Example: ignoring the expiration date

Breaking X.509 rules (2 of 2)

• Informal classification of rules that may be broken
  • Certificate content. Rules for interpreting the content of a certificate.
    --> mapping the certificate holder to something appropriate for an application, returning a different certificate, ...
  • Certificate status. Rules stating whether a previously issued certificate is valid. Calculated risk.
    --> Ignoring revocation, ignoring authority revocation, ignoring expiration, ...
  • Valid path constraints. Rules which valid certificate paths follow
    --> ignoring the CA chain,...

Thanks!

• http://www.w3.org/2001/XKMS/
  • Implementation report, sample messages, existing toolkits, ...
• WG will close end of September 2005
• Possibility of a new W3C Security Interest Group. Contact Us!