Client Cerﬁcates · Use of encrypon makes it harder for naonal security agencies and law...

ClientCer)ficates

SecurityProfessionals2012PreconferenceSeminar

8:30‐Noon,Tuesday,May15th,2012WhiteRiverBallroomB,JWMarrioE,IndianapolisIN

JoeStSauver,Ph.D.(joe@internet2orjoe@uoregon.edu)InCommonCerPficateProgramManagerand

Internet2NaPonwideSecurityProgramsManager

hEp://pages.uoregon.edu/joe/secprof2012/

Disclaimer:Theopinionsexpressedinthistalkrepresentthoseofitsauthor,anddonotnecessarilyrepresenttheopinionofanyotheren9ty.

Preface

OurTimeTogetherToday

•  SincethreehoursisarelaPvelylongPmeforasinglesession,we'regoingtogothroughmaterialforaboutanhourandahalf(unPlabout10:00),andthenwe'lltakeacoffeebreakoutsideofroom103forahalfhourorso.Around10:30,we'llcrankbackupandfinishtherestofthematerialwewanttogoover.

•  IfyouhaveanyquesPonsatanyPme,feelfreetospeakup.WhileI'vepreparedafairlystructuredsessiongiventhenumberofaEendeesthatareexpected,I'vesPlltriedtobuildinPmefordiscussion,andIknowthatsomeofyoumayalreadybeexperiencedwihclientcertsandhavemuchtoshareyourselves.

•  Finally,Ialsowanttomakesurewe'vegotPmetohelpyouactuallygetaclientcertinstalledandupandrunningonyoursystem,ifyou'dliketotrydoingthis.

•  ArethereanyquesPonsatthispoint?3

Introduc)ons

•  Let'stakeaminuteortwotogoaroundtheroomandintroduceourselves.

•  Pleasesay:

‐‐whoyouare‐‐whatschoolyou'rewith‐‐anythingyoursitemaycurrentlybedoingwithclientcerts‐‐whyyou'reinterestedinclientcerts/anythingyouparPcularlyhopewecovertoday

StrongCryptographyandFederal/Interna)onalLaw

•  Strongcryptographyiscri)caltocomputerandnetworksecurity,includingenablingsecureauthenPcaPonandonlinecommerce,protecPngpersonallyidenPfiableinformaPon(PII)storedonline,andlegiPmatelyensuringpersonalprivacyforlaw‐abidingciPzens.

•  AtthesamePme,strongcryptographyissubjecttocomplexregula)oninmanycountries,includingtheUnitedStates.Why?UseofencrypPonmakesitharderfornaPonalsecurityagenciesandlawenforcementorganizaPonstolawfullyinterceptcriminalcommunicaPonsandnaPonal‐security‐relatedcommunicaPons.

•  Therefore,ourgoalwhentalkingaboutstrongcryptographyistoalwaysabidebyfederallawsandinterna)onaltrea)esrela)ngtocontrolsoverstrongcryptography,andtodowhatwhatwecantoensurethatstrongcryptographydoesn'tgetmisusedinwaysthatmighteitherharmournaPonalsecurityorinterferewiththelawfulinvesPgaPonandprosecuPonofcriminals.

SinceWe’llBeGivingYouStrongHardwareCryptoProducts

•  Youwarrantthatyouaren’tbarredfromobtainingandusingstrongcryptoproductsorsoKware,NORareyoubarredfromreceivingtrainingonit.

•  Specifically,thismeansthatyouassertthatyouareNOTaciPzen,naPonal,orresidentofBurma,Cuba,Iran,Iraq,NorthKorea,Sudan,Syria,oranyothercountryblockedfromobtainingstrongcryptographyproducts.

•  YouareNOTa"deniedperson,"a"speciallydesignatednaPonal,"oranysimilarindividualforbiddentoaccessstrongcryptographybytheUSgovernment(www.bis.doc.gov/complianceandenforcement/liststocheck.htm)

•  Youareneitheraterroristnoratrafficker/userofillegalcontrolledsubstances,NORareyoudirectlyorindirectlyinvolvedinthedesign,development,fabricaPonoruseofweaponsofmassdestrucPon(includingimprovisedexplosivedevices,nuclear,chemical,biological,orradiologicalweapons,normissiletechnology,see18USCChapter113B)

•  YouagreeNOTtoredistributeorretransfercryptographicproductsorsofwaretoanyonewhoisinoneofthepreviouslymenPonedprohibitedcategories.

•  YouunderstandandagreethattheforgoingisbywayofexampleandisnotanexhausPvedescripPonofallprohibitedenPPes,andthatthisisnotlegaladvice.ForlegaladvicerelaPngtostrongcrypto,pleaseconsultyourownaEorney. 6

"First,DoNoHarm"

•  Someofyoumaywantto“followalong”aswegothroughtoday’strainingmaterials.Ifso,that’sterrific.HoweverpleaseONLYdosoifyou’vegotarecentbackupofyoursystem,andyoursystem(ifsuppliedbyyouruniversity)isNOT"lockeddown"byyouruniversityITdepartment.

•  IfyouhaveNOTbackedupyoursystemrecently,oryouruniversityITdepartmentdoesNOTwantyoutoPnkerwithyourlaptop,pleasefeelfreetowatchwewegoovertodaybutpleasedonottrytoinstallanynewsofwareorotherwisemodifyyoursystem.

•  Also,ifyoualreadyhaveaclientcerPficateinstalledonyoursystem,youmaywanttorefrainfrominstallinganotherone,andinparPcularPLEASEdoNOTinten)onallydeleteanyclientcer)ficatesyoumayalreadyhaveinstalledonyoursystem!

Oh,AndForThoseofYouWhoMayHaveBeenWorried,No,We'reNotGoingtoDiveIntoAnyAdvanced

Crypto‐RelatedMathema)csToday

•  OurfocustodayisonhelpingyougettothepointwhereyoucanactuallyuseclientcerPficates,parPcularlyforsecureemail,andgemngyoutothepointwhereyouunderstandthepracPcallimitaPonsassociatedwiththosetechnologies.Youdon'tneedadvancedmathemaPcstodothat.

•  SoifyouhatedmathemaPcswhilegoingthroughschool,relax.:‐)Virtuallyeverythingwe’regoingtotalkabouttodayshouldbenon‐mathemaPcal.

•  Let’sdiverightin.We'llbeginbytalkingaboutwhyyoumightwanttouseclientcerPficates,parPcularlyforsigningandencrypPngemail.

I.Mo)va)ngAnInterestinClientCer)ficates("PKI"):

SecuringEmail

WhyMightWeNeedToSignand/orEncryptEmail?

•  Putsimply,regularemailishorriblyinsecure.

•  Emailistrivialtospoof:eventechnicallyunskilleduserscansimplyputbogusidenPtyinformaPonintothepreferencespaneloftheiremailclientandvoila,they're"Santa"(orpreEymuchanyoneelsetheywanttobe).Youjustcan'ttrustthenon‐cryptographically‐signedcontentsofemailthatyoumayreceive–itmayallbecompleterubbish.

•  Mostemailisalsotrivialtosniffonthewire(orreadinthemailspool):messagesnormallyaren'tencryptedwhentransmiEedorstored,sounauthorizedparPescanreadyourcommunicaPons."Trustedinsiders"mayalsoaccessconfidenPalcommunicaPons.

•  Let'stakealookatacoupleofpracPcalexamplesofthesesortofexposures.

TheSimpleRoadtoSpoofingEmail:JustChangeYourPreferencesinMozillaThunderbird

11[Yes,thiswillwork.Butno,pleasedon'tactuallydothis.]

"ButWon'tSPFand/orDKIMEliminatetheSpoofingProblem?"

•  SPF(www.openspf.org)andDKIM(www.dkim.org)weremeanttohelpfixspoofing,andtheydo,butthey'renotatotalsoluPon.

•  Forinstance,SPF/DKIMcannotprotectyouagainstspoofedemailthatisinjectedfromanauthorizedsource.Classicexample:‐‐Collegefacultymemberandherstudentsallhaveaccountsinthesameexample.edudomain,andallsendfrom"oncampus"‐‐Amaliciousclassmemberforgesmessagefromacampuscomputerlab,pretendingtobethefacultymember,"cancellingclass"or"assigningextrahomework"(orwhatever).SPFandDKIMaren'tdesignedtodefendagainstthissortofaEack.

•  Securityfolkstendtolikebelt‐and‐suspender("defenseindepth")soluPonsanyhow,andjustbecauseyou’redoingSPForDKIM,thatdoesn'tprecludealsodoingmessagelevelcrypto,right?

ASimpleExampleofHowEasyItIsToSniffTypicalPlainTextEmailUsingWireshark

•  Sendasimplemailmessage...

% mailx -s "testing 123" joe@gladstone.uoregon.eduHi Joe!

I don't think this is very secure, do you?

•  IfsomeoneisusingWiresharktowatchyourtraffic,they'dsee:

"ButJoe!AllOurNetworksAreSwitchedEthernet!There'dBeNoTraffictoSniff!"

•  SitessomePmeshaveafalsesenseofsecuritywhenitcomestotheirvulnerabilitytosniffing.Specifically,somemaybelievethatbecausetheyuseswitchedethernet,trafficintendedforagivensystemwillONLYflowtotheappropriatesystem'sswitchport.

•  Youmayalreadybeawarethatmanyswitchescanbeforcedtoactlikehubsthroughavarietyofwellknowntechniques(seeforexamplehEp://eEercap.sourceforge.net/).Thus,evenifyourinfrastructureisintendedtoisolatetrafficonaper‐portbasis,inpracPce,thatprocessmayfailtomaintaintrafficseparaPon.

•  Youalsocan'tensurethattrafficwon'tbesniffedonceitleavesyourlocalnetwork.

•  Therefore,youshouldassumethatanyunencryptednetworktraffic,includingmostemail,canbesniffedandread.

OfCourse,IfSomeone'sGotRoot,TheyCanLookAtAnythingOnTheSystem,IncludingEmailMessages...

% suPassword: # cat /var/mail/joe From joe@canard.uoregon.edu Sun Feb 12 14:30:54 2012Return-Path: <joe@canard.uoregon.edu>Received: by canard.uoregon.edu (Postfix, from userid 501) id 5C221D537D4; Sun, 12 Feb 2012 14:30:54 -0800 (PST)To: joe@canard.uoregon.eduSubject: Some thoughts on the insider threatMessage-Id: <20120212223054.5C221D537D4@canard.uoregon.edu>Date: Sun, 12 Feb 2012 14:30:54 -0800 (PST)From: joe@canard.uoregon.edu (Joe St Sauver)Status: O

Hi Joe,

I wonder if a system admin with root priv could read the mail that's sitting in my mail spool? You know, I bet s/he could...

Joe 15

BUTIfYourEmailIsEncrypted,ItMayNotMaberIfSomeoneDoesALible"Browsing:"TheFollowingIsn'tVeryInforma)ve,IsIt?

MIAGCSqGSIb3DQEHA6CAMIACAQAxggNbMIIBkQIBADB5MGQxCzAJBgNVBAYTAlVTMRIwEAYD VQQKEwlJbnRlcm5ldDIxETAPBgNVBAsTCEluQ29tbW9uMS4wLAYDVQQDEyVJbkNvbW1vbiBT dGFuZGFyZCBBc3N1cmFuY2UgQ2xpZW50IENBAhEAowXASR0JSE0KE5HSe8RXCTANBgkqhkiG 9w0BAQEFAASCAQAphc3r5MLFw43hOcMzlb/UG9DEaFPyFtcaiN8koelnok2DVdcAtSb9wulU iKjw4jps8GwqPeonzC8o+RMyktiFwMvM/QfN4zMUbfxsJr0i7FpnveROp+V8Cyo2hDuJpa/d GjRI560cDnH2z4tnYOO9/SJBCvLIIRjfnnnuJlS12VF00kcA9sfJI23QWhauisoef0ZhvAOw

11wHi8o+4icSe6iT18rR+Sr9MDhulDdfVCfmYwDfBi4SAqzbLK1FZfSj7aIjphlcFV4JKXr3 HyEz2afYRCGYUUaGk1zjcfhh4Eqkah6TwZ8QCtWUTsYdhuZdHGHw6zbBuSUYxzRG2NiRMIIB wgIBADCBqTCBkzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMT MENPTU9ETyBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRAKgC OyLlmfFLiBBlWracUfMwDQYJKoZIhvcNAQEBBQAEggEAOc1JpNLx+62m1To69oxFd3/fMEvo

UDkL1nSQe5LDhKnH3DXmH2vvTN0Q0h8vjGbkcGklCD11164VRi380QrtVYTsYCl9tB1kuHam SH+xJIIsLkNasYWnCXwzji+Uw80GiAP9/CgB/aYJhhYJt1HRQ+43S9m3xgpdK//aCOIjmKLl prFiQ1Jk5Wx3Sqm/Kkg89m9ulln1ckpIBrvTxNsikZmFwh4QGcCtz42+mTGZXcbrrn9yfT0F 4ds9xDbBm5e/Se/aq4vpfX0yi0/UP8/ywJ5+zG2ufyJw4i2h2O3vyD6WzX7PiYuzsn232RkR

[This base64 encoded file is actually a base64 encoded encrypted file] 16

EmailIsAlsoPoten)allySubjecttoLawfulInterceptand/orCompulsory(orEvenVoluntary)Disclosure

17hEp://www.cybercrime.gov/ssmanual/ssmanual2009.pdfatpage138

ReducingTheTransportEmailSniffingVulnerability:Opportunis)cSSL/TLSEncryp)on

•  YoucanreducetheextenttowhichemailtrafficissubjecttosniffingonthewirebyenablingopportunisPcSSL/TLSencrypPon.ThismeansthatiftheMTAsonbothsidesoftheconversaPonarereadyandwillingtodoSSL/TLSencrypPon,itwillbenegoPatedandusedwheneveritcanbe.Seeforexample:

hEp://www.exim.org/exim‐html‐3.20/doc/html/spec_38.htmlhEp://www.posdix.org/TLS_README.htmlhEp://www.sendmail.org/~ca/email/starEls.html

•  However,SSL/TLSwillnotprotectemailoverlinksthatdon'thaveTLS/SSLenabled,nordoesitprotectstoredmailonceithasbeenreceivedandsavedtodiskatitsdesPnaPon.Thatis,itisnot"end‐to‐end."

Obtaining*End‐to‐End*Protec)onRequiresMessage‐LevelSigningandEncryp)onE.G.,UseofPGP/GPG,orUseofS/MIME

•  Therearetwobasicapproachestogemngend‐to‐endprotecPonforemailmessages:

•  PreEyGoodPrivacy(PGP)(orGNUPrivacyGuard(GPG)),seeRFC4880,*OR*

•  S/MIME(RFC5751)withpersonalcerPficates.

•  PGP/GPGisprobablythemorecommonofthosetwoopPons,andonethatmanyofyoumayalreadyuse,buttodaywe'regoingtotalkaboutusingS/MIMEwithclientcerPficates,instead.

•  Beforewecandigin,however,weneedaliEle"cryptobackfill"19

II.AMinisculeLibleBitofCryptographicBackfill

PublicKeyCryptography

•  Therearebasicallytwotypesofcryptography:symmetrickeycrypto,andpublickey(asymmetric)crypto.

•  Insymmetrickeycryptography,amessagegetsencryptedANDdecryptedusingthesamesecretkey.Thatmeansthatbeforeyoucanshareasecretmessagewithsomeone,youneedasecretkeyyou'vebothpreviouslyagreedupon(chicken,meetegg).

•  BothPGP/GPGandS/MIMEwithpersonalcerPficates,ontheotherhand,relyonpublickeycryptographytosignorencryptmessages.Inpublickeycryptography,theusercreatesapairofmathemaPcally‐relatedcryptographickeys:oneprivatekeythatonlytheuserknows,plusarelatedpublickeythatcanbefreelysharedwithanyonewho'sinterested.Havingauser'spublickeydoesn'tallowyoutoderivethatuser'scorrespondingprivatekey,butitdoesallowyoutocreateanencryptedmessageforthatuserviaa"oneway"or"trapdoor"mathemaPcalprocess.

ButWait,There'sMore!PublicKeyCryptographyCanSlice,DiceandMakeJulienneFries,Too...

•  Well,thatmaybeaslightexaggeraPon.

•  Butpublickeycryptographydoesallowyoutodoatleastonemorecooltrick:theholderoftheprivatekeycanalsodigitallysignafilewiththeirprivatekey.Oncethatfileisdigitallysigned:

‐‐itcan'tbechangedwithoutinvalidaPngthemessagesignature(e.g.,itactsasananP‐tamperingchecksumvalue)

‐‐anyonewhohasacopyofthecorrespondingpublickeycanverifythatitwassignedbysomeonewhohadaccesstothecorrespondingprivatekey

HowDoCer)ficatesFitIntoAllThis?

•  Sofarwe'veonlybeentalkingaboutpublickeysandprivatekeys.YoumaywonderhowcerPficatesfitintoallthis.

•  TheansweristhatcerPficatesaEachanidenPtytoacryptographickeypair.

•  Ifyou'relikemostfolks,whenyouhear"cerPficates"inanonlinecontext,youthinkofSSLwebservercerPficates.That'snotwhatwe'regoingtobetalkingabouttoday.ThosecerPficatesareissuedtoservers.Thecertswe'regoingtotalkabouttodaygetissuedto*people*,instead.

•  Butfirst,let'sbeginwithsomethingwe'reallfamiliarwith:meePnganewpersoninreallife.

MappingUserstoIden))esIn"RealLife"

•  IfImeetyouface‐to‐face,perhapsatthehotelbar,youmighttellme,"Hi,I'mRobertJones.Nicetomeetyou!"Inacasualcontextatasocialeventofthatsort,wemightsmile,shakehands,exchangecards,engageinsomechitchat,andleaveitatthat–itdoesn'treallymaEerifyouare(oraren't)whoyouclaimtobe.I'lljusttemporarilyaccept(andthenunfortunatelyprobablyquicklyforget)your"self‐assertedidenPty."That'sOK.

•  IfitturnsoutthatIeventuallyneedconfirmaPonofwhoyouare,Imightasktrustedcolleagues,"Hey,seethatguyoverthere?Whoishe?"Iftheyallsay,"Oh,that'sRobertJones.I'veknownhimforyears,"thatmightgivemeconfidencethatyoureallyarehim.

•  OtherPmes,forexampleifyou'reinastrangecity,orsomeone'strusPngyouwithavaluableasset(suchasarentalcar),youmightneedtoshowadriverslicenseorothergovernmentissuedIDsincenoone"knowsyourname."(ObCheers:"Norm!")

MappingUsersToIden))esOnline:PGP/GPG

•  Asimilarproblemexistsonline.HowdoyouknowwhichpubliclyofferedPGP/GPGkeysistherealonethataperson'sactuallyusing,andnotapretender'scredenPals?InPGP/GPG,thisisdoneviaa"weboftrust."

•  InPGP/GPG,aPGP/GPGpublickeygetsdigitallysignedbyotherPGP/GPGuserswhohavepersonallyconfirmedthatperson’sID.(ThisofengetsdoneatPGP/GPG"keysigningparPes,"liketheonethatwillhappenat6:30PMonWednesdaynight).NormallyakeyholderwillgetsignaturesfrommulPplefriendsorcolleagues.

•  Recursively,howdoyouknowthatyoushouldtrustthosesignatures?Well,thosesignaturesweremadewithkeysthathaveALSObeensignedbyothercolleagues,andsoonandsoforth.

•  Whilethissoundsincrediblyadhocandkludgy,inpracPce,itactuallyworkspreEywell(atleastfortechnicalusers)–itreallyisasmallworldoutthere,"sixdegreesofKevinBacon"‐wise.

TheWebofTrustIsForKeys(NotNecessarilyTheirOwners)

•  Animportantnoteaboutthecryptographic"weboftrust:"

SomeonesigningaPGP/GPGkeyisnotsayingthatthat personwho'skeythey'vesignedisa"trustworthy"person.

Completelyevilpeoplemayhavewell‐signedPGP/GPGkeys!

•  Whensomesignsanotherperson'sPGP/PGPkey,they'reonlysayingthat:

‐‐they'velookedatthatperson'sgovernmentissuedID,‐‐thatpersonindicatedthatthatthatpublickeyistheirs.

Thatis,they'rebindinganiden9tytoacryptographiccreden9al.26

PersonalCer)ficates

•  InthecaseofS/MIMEwithpersonalcerPficates,aweboftrustisn'tused.IntheS/MIMEcase,trustgetsestablishedhierarchically("topdown").

•  Thatis,apersonalcerPficateistrustedbecauseithasbeenissuedbyabroadlyacceptedcerPficateauthority("CA"),anenPtythatyou(andmostotherInternetusers)acceptasreliableforthepurposeofbindingidenPPestocredenPals.

•  CAstendtobeverycarefulwhenitcomestodoingwhattheysaythey'regoingtodo(specifically,verycarefultodowhattheysaythey'regoingtodointheir"CerPficatePracPcesStatement"),becauseiftheydon't,people(includingbrowservendorsandtheCABForum)willstoptrusPngthemandthenthey'llquicklybetotallyoutofbusiness(literally).

'SoWhat'sthis"CABForum?"'

•  No,it'snotataxicabassociaPon.•  TheCerPficateandBrowserForumisaninfluenPalbodymadeup

ofCerPficateAuthoriPes(that'sthe"CA"intheirname)andBrowserVendors(that'sthe"B"intheirname).

•  TheirwebsiteishEp://www.cabforum.org

•  AsapracPcalmaEer,increasinglythey'reeffecPvelyestablishingthepracPces/normsthatapplytotheenPrecerPficateindustry,andFWIW,they'remakingtheshipfarmoreshipshape.:‐)

•  Previously,variousindustrygroups,suchastheMozillaFoundaPon,hadalottodowithwhatwasorwasn'tacceptable:putsimply,ifyouwantedyourcerPficatestobetrustedinFirefox,youcompliedwithwhattheMozillaFoundaPonrequired.DiEoforInternetExplorerandMicrosof,etc.

"WhatDoesaCPSActuallyLookLike?"

•  CPSdocumentsasaclassareprobablyoneofthemostwidelyignoredcategoriesofdocumentsintheworld.

•  Howver,somePmesfolkswhohaveahardPmesleepingactuallywanttoreadCerPficatePracPcesStatements.Ifyou'dliketochecksomeout,youcansee,forexample,InCommon'sCerPficateServiceCPS:hEps://www.incommon.org/cert/repository/

•  You'llseeseparateCPSfortheInCommonstandardSSLcerPficateoffering,theextendedvalidaPoncerPficateoffering,theclientcerPficateoffering,andthecodesigningcerPficateoffering.Thevarious"profile"documentsarealsopotenPallyquiteinformaPve.

•  SimilardocumentsshouldbeavailableforanypubliccerPficateissuer.

•  OneofthethingstheycoverishowidenPtygetsvalidated,andwhatexpectaPonsshouldbeforaparPculartypeofcert.

III.Iden))esandLevelsofAssurance

ARealName,orJustAnEmailAddress?

•  Theremaybesomeconfusionwhenitcomestothe"idenPty"thatacryptographiccredenPalasserts–isitaperson's“realname”(e.g.,asshownontheirdriver'slicenseortheirpassport),orisitsomethingmoreephemeral,suchasjusttheiremailaddress?

•  Theansweris,“itmaydepend.”SomestandardassurancepersonalcerPficatesonlyvalidateauser'scontroloveranemailaddress,typicallybysendingacryptographicchallengetothataddress.That'sthesortofclientcertswe'llbeworkingwithtoday.

•  OtherclientcerPficatesmayrequiremuchmorerigorous"idenPtyproofing,"perhapsrequiringtheusertosupplygovernmentissuedidenPficaPon(oreventoundergoacompletebackgroundcheck)beforetheygetissuedahigherassuranceclientcert.

HSPD‐12andFederalCAC/PIV‐ICards

•  OnAugust27th,2004,then‐PresidentGeorgeW.Bushissued"HomelandSecurityPresidenPalDirecPve12,"(seehEp://www.idmanagement.gov/documents/HSPD‐12.htm)mandaPngtheestablishmentofacommonidenPtystandardforfederalemployeesandcontractors.

•  Asaresult,thefederalgovernment(andapprovedcommercialcontractorsacPngonthegovernment'sbehalf)havealreadycollecPvelyissuedmillionsof"CommonAccessCards"("CACs")and"PersonalIdenPtyVerificaPon‐Interoperable"("PIV‐I")smartcards.

•  "Firstresponders"alone(asdefinedinHSPD‐8)mayulPmatelyrequireissuanceofover25.3millionsuchcards.(seehEp://www.dhs.gov/xlibrary/assets/Partnership_Program_Benefits_Tax_Payers_Public_and_Private_Sector.pdf)

•  PartofthatprocessisidenPtyproofingthoseusers–including,inthscase,evendoingbackgroundinvesPgaPons.

33Source:hEp://www.idmanagement.gov/presentaPons/HSPD12_Current_Status.pdf

AnAside:CAC/PIVIsA"ProofByExample"ThatCertsAreUsableBy"MereMortal"End‐Users

•  IfitwastoohardtoissueoruseaCAC/PIVcard,millionsoffederalemployeesandcontractorswouldbehavingtroubledoingso.Butthey'renot.Forthemostpart,PKIonhardtokensorsmartcardsnow"justworks."ThisisarealtesPmonytothehardworkofthefederalemployeesandcontractorswhohavebeeninvolvedwiththatproject.

•  Thisisnottosaythattherearen't*some*intricaciesthatmayneedtobeexplained.Onesitethat'sdoneaterrificjobofusereducaPonistheNavalPostgraduateSchool.Checkouttheiroutstandingtri‐foldbrochureexplaininghowtouseamilitaryCACcard:www.nps.edu/Technology/Security/CAC‐guide.pdf

Withthehelpofthatguide,IthinkmostfolkswouldbeabletofigureouthowtodobasicCAC/PIVtasks.

WhyAreTheFedsUsingClientCerts?IfYouNeedNIST"LOA‐4",They'reBasicallyYourOnlyPrac)calOp)on

•  NIST800‐63Version1.0.2(seecsrc.nist.gov/publicaPons/nistpubs/800‐63/SP800‐63V1_0_2.pdf)says:

"Level4–Level4isintendedtoprovidethehighestpracPcalremotenetworkauthenPcaPonassurance.Level4authenPcaPonisbasedonproofofpossessionofakeythroughacryptographicprotocol.Level4issimilartoLevel3exceptthatonly“hard”cryptographictokensareallowed,FIPS140‐2cryptographicmodulevalidaPonrequirementsarestrengthened,andsubsequentcriPcaldatatransfersmustbeauthenPcatedviaakeyboundtotheauthenPcaPonprocess.ThetokenshallbeahardwarecryptographicmodulevalidatedatFIPS140‐2Level2orhigheroverallwithatleastFIPS140‐2Level3physicalsecurity.Byrequiringaphysicaltoken,whichcannotreadilybecopiedandsinceFIPS140‐2requiresoperatorauthenPcaPonatLevel2andhigher,thislevelensuresgood,twofactorremoteauthenPcaPon."

AnAside....DoesHigherEd*HAVE*AnyUseCasesThatActuallyRequireLOA‐4?

•  WearingmyInCommonCerPficateProgramManagerhatforaminute,currentlyInCommonhasonlyoneclientcerPficateoffering,standardassuranceclientcerts.ShouldwealsohaveaclientcerPficateofferingsPedtotheInCommonAssuranceProgram(e.g.,Bronze,Silver,etc.)?

•  DowehaveanyusagecasethatwouldrequireLOA‐4,orwouldLOA‐3be"goodenough"forallpotenPalhigheredusagescenarios?(LOA‐3requirestwofactor,butnotnecessarilyclientcerts).I'mstronglyinterestedinunderstandingwhatmightdriveLOA‐4adopPon...

•  IfwedidofferanLOA‐3orLOA‐4compliantcertprofile,itwouldimplystrongeridenPtyproofing.WouldhighereducaPonusersbewillingtoputupwithrigorousidenPtyproofinghassles?(bywayofcomparison,wehaven'tseenatremendousnumberofextendedvalidaPonservercerPficatesrequested,eventhoughthey'reavailableatnoaddiPonalcostaspartoftheInCommonCerPficateProgram)

AnAside:"Iden)tyProofing"forRegularCi)zens•  Ifyoutravelextensively,you'veprobablyrunintolonglinesatcustoms,

eitherwhilecomingintotheU.S.,orperhapswhiletravellingintoCanadaorMexico.Ifso,youmayhavenoPcedthatsomefolks("TrustedTravellers")canusethe"GlobalOnlineEntrySystem"("GOES")and/orNEXUS/SENTRItoavoidthoselines.Agrowingnumberofairportsalsooffer"TSAPreCheck"linesforparPcipantsinthatprogram.(seehEp://www.globalentry.gov/)."TrustedTravellers"areissuedamachinereadablehigh‐assurancecredenPal($50for5years)forthatpurpose.

•  Obviously,however,itwouldbebadtoissueacredenPalofthissorttoapersonyouhadn'tthoroughlyidenPtyproofed.Therefore,ifyouapplytobeaTrustedTraveller,youridenPtyisvalidatedinmulPplewaysincludingareviewofgovernmentrecords(youdon'twanttoissueacardtoacriminal,forexample!);reviewofexisPngdocuments(suchasyourpassport);collecPonofbiometrics,e.g.,aphotograph,fingerprints,andinsomecasesapictureofiris/rePna.Youalsoneedtophysicallyappearinpersonforaninterview.Travellerswearyofbeingstalledattheborderwillputupwiththosehassles,butwouldregularhigheredusersdoso?

SomeFederalHighSecurityApplica)onsThatNowUseClientCertsMayBeSurprising

ClientCertsCanEvenBeSecureEnoughforUseinConjunc)onwithNa)onalSecuritySystems

•  Seethe"NaPonalPolicyforPublicKeyInfrastructureinNaPonalSecuritySystems,"March2009(hEp://www.cnss.gov/Assets/pdf/CNSSP‐25.pdf)makesitclearthatclientcertsevenformthefoundaPonforNSSuses:

"(U)NSSoperaPngattheunclassifiedlevelshallobtainPKIsupportfromtheestablishedFederalPKIArchitecture."(U)NSSoperaPngattheSecretlevelshallobtainPKIsupportfromtheNSS‐PKI."(U)TheNSS‐PKIhierarchyshallrestonaRootCerPficateAuthority(CA)operatedonbehalfofthenaPonalsecuritycommunityinaccordancewithpoliciesestablishedbytheCNSSPKIMemberGoverningBody.TheNSS‐PKIRootCAshallserveastheanchoroftrustfortheNSS‐PKI."

•  TS/SCI("JWICS")counterpartoftheNSS‐PKI?IC‐PKI.39

Cer)ficatesAreNowAlsoBeingUsedtoSecureNa)onalCri)calInfrastructure

•  Forexample,considerthenaPonalelectricalgrid.TheNorthAmericanEnergyStandardsBoard's("NAESB")2012AnnualPlanfortheWholesaleElectricQuadrantspecificallydiscussestheirplansfordeployingPKIonpages4andfollowing.(SeehEp://www.naesb.org/pdf4/weq_2012_annual_plan.docxandhEp://www.naesb.org/weq/weq_pki.asp)

•  Thisisbeginingtobedeployed/madereal,too,rightnow:

‐‐"ShifSystemsIdenPfiedastheFirstNAESBAuthorizedCerPficaPonAuthority,"Feb16,2012,hEp://www.prnewswire.com/news‐releases/shif‐systems‐idenPfied‐as‐the‐first‐naesb‐authorized‐cerPficaPon‐authority‐139493283.html

‐‐"OATIwebCARESAuthorizedbyNAESBforwebRegistry,"Apr11,2012,hEp://www.prweb.com/releases/2012/4/prweb9390545.htm

‐‐"GlobalSignAnnouncesAccreditaPnasAuthorizedCerPficateAuthorityfortheNorthAmericanEnergyStandardsBoard,"Apr23,2012,hEp://www.prweb.com/releases/2012/4/prweb9431614.htm

And,OfCourse,SomeLargeCorpora)onsandAgenciesHaveUsedClientCer)ficatesforYears

•  AniceindicaPonofinterestin/useofclientcerPficatescanbeseeninthingslikeparPcipaPoninthe"SmartCardAlliance,"see

hEp://www.smartcardalliance.org/pages/alliance‐membersincluding:AmericanExpress,BankofAmerica,BoozAllenHamilton,CapitalOne,Chase,CSC,DeloiEe&Touche,HewleE‐Packard,IngersollRand,LockheedMarPn,MasterCard,SAIC,Visa,WellsFargo,andmanyothers.

•  TounderstandhowsmartcardsrelatetoclientcerPficates,notethatsmartcardsareawaytosecurelystoreclientcerPficatesonwhatlookslikeacreditcard(ifyoulookclosely,you'llseethatasmartcarddiffersfromatradiPonalcreditcardinthatithasasmallsetofflushgold‐coloredcontactsonthefront).

•  ManylargecompaniesusesmartcardsasthefoundaPonfortheircorporateemployeeIDcards.

IV."NonAdop)on"ofClientCerts

SoWhyHaven'tClientCerts"TakenOff"MoreBroadly?

•  Andwhatcanwedotofixthis,assumingwewantto?

•  Itisn'tsimplythatclientcertsarenew...hEp://en.wikipedia.org/wiki/Public_key_infrastructure#HistoryPestheoriginofPKIto1969,withpublicdisclosureofsomeofthekeyalgorithmsdaPngto1976–that'sthirtyfiveyearsago.TheRSAPKCS("PublicKeyCryptographyStandards")documentsdateto1993–that'seighteenyearsago.ByInternetstandards,allofthisworkis"ancient"(or"wellestablished,"ifyouprefer).

•  Soitisn'tsimplythatPKI'sthe"newkidontheblock."

•  Thereare(ormaybe)manyotherpossiblereasonswhyclientcerPficateshavestruggledsofar....

Economics?AreClientCertsTooExpensive?

•  "ThereareseveralreasonsPKIhasfailed,saysPeterTippeE,headoftheindustrysoluPonsandsecuritypracPceatVerizonBusiness.

"ThemainreasonorganisaPondonotusePKI,hetold aEendeesofRSAConference2011,isthatitcoststoomuch. "SpeakingonadebateontheimportanceofidenPtyto internetsecurity,hesaidveryfeworganisaPonsareableto makeabusinesscaseforspending$200to$300peruser,per year."

"WhyPublicKeyInfrastructureHasFailed",hEp://www.computerweekly.com/blogs/read‐all‐about‐it/2011/02/why‐public‐key‐infrastructure.html[emphasisadded]

HowmuchwouldYOURschoolpayperuser,peryear? 44

MyTargetCostforClientCerts:$1/user/month

•  Lackingharddata,I'mgoingtosuggestanominalamountthatmightbeacceptable:$1/user/month(inclusiveofallcosts),overanormalfouryearundergraduateenrollment,or$48.00peruseroveraquadrennialperiod.

•  Forcontext:(a)www.nacs.orgstatesthattheaveragepriceforanewtextbookin2009‐2010was$62.00(b)onemajoronlinevendorquotesquotes3yearRSASecurID700onePmepasswordTokens(ina5pack)@$55.60/token

•  InCommonsellshardtokensfor$19.80/unittoInternet2members(seehEp://www.incommon.org/safenet/pricing.html)whichwouldleave~$6/user/yeartocoverothercosts,assumingclientcertsaregemngdeployedonUSBformathardtokens.

InSomeCases,TheClientCertsThemselvesAre"Free"

•  Ifyou'vesigneduptoparPcipateintheInCommonCerPficateprogram,yougetthebundledabilitytoissueclientcertsatnoaddiPonalcost,andevenifyourschooldoesn'tparPcipateintheInCommonCerPficateprogram,individualscansPllgetfreeclientcerPficatesforpersonal/homeuse,see:

www.comodo.com/home/email‐security/free‐email‐cerPficate.php

•  Thatsaid,obviouslythecostofthecertsthemselvesarenottheonlycostsassociatedwithrollingoutclientcerts(forexample,ontheprecedingpage,wetalkedabouthardtokencosts).

•  Sowhatothernon‐technicalexplanaPons,otherthancost,dopeopleofferforclientcerPficatenon‐deployment?

IsUsabilityActuallyTheProblem?

•  "Despitemanyyearsofeffort,PKItechnologyhasfailedtotakeoffexceptinafewnicheareas.Reasonsforthisabound[…]Probablytheprimaryfactorattheuserlevel[…]isthehighlevelofdifficultyinvolvedindeployingandusingaPKI.Thereisconsiderableevidencefrommailinglists,Usenetnewsgroupsandwebforums,anddirectlyfromtheusersthemselves,thatacquiringacerPficateisthesinglebiggesthurdlefacedbyusers.Forexamplevarioususercommentsindicatethatittakesaskilledtechnicaluserbetween30minutesand4hoursworktoobtainacerPficatefromapublicCAthatperformsliEletonoverificaPon[...][A]setofhighlytechnicalusers,mostwithPhDsincomputerscience,tookovertwohourstosetupacerPficatefortheirownuseandrateditasthemostdifficultcomputertaskthatthey’deverbeenaskedtoperform."

PeterGutmann,UniversityofAuckland,Usenix'03,hEp://dl.acm.org/citaPon.cfm?id=1251353.1251357

ThingsHaveComeALongWay,Usability‐Wise

•  Forexample,thesedays,theprocessforobtainingaclientcerPficatecanbeassimpleas:‐‐Completeashortonlinesecurewebform‐‐ClickonalinksenttoyoubyemailtodownloadyourclientcerPficateintoyourbrowser.Don'tbelieveit?We'llhaveeveryonetrygemngtheirownclientcertlaterinthissession.(Wemightalsotalkaboutwhetherthishasswungtoofarinthe"tooeasy"direcPon,Isuppose)

•  TheremaysPllbesomeuglybitstodoafergemngyourcert(dependingonhowyouwanttouseit),butatleastsomeedusiteshavedevelopedlocalscriptsthatmaketheinstallaPonprocesspreEypainlessfortheirusers.

•  Internet2/InCommonis/soonwillbeworkingonofferingagenerallyavailablecerPficateinstallaPontool,basedon/modeledaferthosesite‐specificinstallaPontools.

OrIsTheProblemThatOtherSolu)onsHaveUsurpedPKI'sMarketNiche(s)?

•  Ifyou'vegotPGP(orGNUPrivacyGuard)tosignorencryptemail,doyoualsoneedPKIclientcertsandS/MIMEforsigned/encryptedemail?

•  IfyoursiteisusingonePmepassword(OTP)cryptofobs(oryouusesshwithpresharedkeys),doyousPllneedclientcertsforauthtosensiPvesystems?(Andwhatabouta2ndchannelsoluPonleveragingsmartphones,suchasInCommon'snewofferingwithDuoSecurity,seehEp://www.incommon.org/duo/index.html)

•  HasthesuccessofInCommon(andotherfederatedauthenPcaPonefforts)eliminatedtheneedforPKI‐basedcross‐enPtycredenPals?FederaPonseemstobethedirecPonthattheNaPonalStrategyforTrustedIdenPPesinCyberspace(NSTIC)isgoing,anditmaybeworthnoPngthatsomehavealwaysworriedabouttheprivacyimplicaPonsofPKI‐style"naPonalIDcards"online...

"IsNSTICaplantointroduceana)onalIDcardoraninternetdriver'slicense?DoIhavetogetone?"

"No.ThegovernmentwillnotrequirethatyougetatrustedID.Ifyouwanttogetone,youwillbeabletochooseamongmulPpleidenPtyproviders—bothprivateandpublic—andamongmulPpledigitalcredenPals.SuchamarketplacewillensurethatnosinglecredenPalorcentralizeddatabasecanemerge.EvenifyoudochoosetogetacredenPalfromanIDprovider,youwouldsPllbeabletosurftheWeb,writeablog,visitchatrooms,ordootherthingsonlineanonymouslyorunderapseudonym".[FAQitemresponseconPnueshere]

*hEp://www.nist.gov/nsPc/faqs.html

AHumorousComment(WithAnUnderlyingGrainofTruth?):ThePKIDeLorean*Hypothesis

•  "[M]aybethepossiblefutureinwhicheverythingisPKI‐enabledanddigitalcerPficatesareubiquitousissohorrendousthatitactuallysentripplesofbadluckbackthroughPmethatsabotagedthedevelopmentanddeploymentofPKItechnology.Somethingsactuallyseemtomakealotofsensefromthispointofview."

"WhyPKIFailed,"LutherMarPn,29October2009,hEp://superconductor.voltage.com/2009/10/why‐pki‐failed.html[ablogaboutsecurity,cryptographyandusability]

*C.F.hEp://en.wikipedia.org/wiki/Back_to_the_Future

"FixingPKI"–ACobageIndustryofItsOwn

•  PKIhasbeensuccessfulinone(quiteperverseway):ithassucceededininspiringhundredsofpapersandtalksaEempPngtoexplainpreciselywhyPKIhasfailedsofar.

•  Oneauthorevenwentsofarastosay,

'[I]tseemsariteofpassagefortheserioussecurity researchertowriteapaperwithaPtlesuchas "ImprovingPKI..."Neverinthefieldofsecurity researchhassomuchbeenwriEenbysomany,to bereadbysofew.' hEp://iang.org/ssl/pki_considered_harmful.html

OrAreSomeFundamentalTechnicalBitsSoBrokenThatTheyMakeSanePeopleRunAwayFromPKI?

•  Forexample,whataboutrevokingorcancellingclientcerPficates?

•  HypothePcallyimaginethatyou'reamanagerandyou'refiringanemployee.Aspartofdoingthat,youcollecttheirdoorkeyandcompanycreditcard(oryouhavethelockschangedandthecreditcardcancelledifthey'vebeen"lost").

•  ButwhataboutrevokingaclientcerPficatetheymighthavebeenissued?(Fornow,let'sassumethatitwasn'tissuedinnon‐exportableformonasmartcardorPKIhardtoken)

•  Howwouldyoucancelorrevokeit?53

RevokingAClientCert

•  Unfortunately,unlike"takingback"aphysicaldoorkeyorcumngupacreditcard,it'sharderto"takeback"anelectroniccredenPal.

•  CRLs("cerPficaterevocaPonlists",seeRFC3280andRFC5280)weremeanttohandlethisproblem,muchlikethoseprintedbooksofstolenorrevokedcreditcardnumbersthatstoresusedtogetfromthebankcardcompaniesbankintheolddays.MostCAscurrentlypublishaCRLonceaday.SomeusersmaycheckordownloadthosedailyCRLs,butmostdon't.Andifyou'reaCA,oryou'reauserwithacompromisedcert,youreallydon'twanttohavetowaitupto24hourstosort‐of‐revokeacompromisedcredenPal,nordoyoureallywantmillionsofusertohavetopotenPallydownloadahugefilelisPngpilesofrevokedcerts!

•  OCSP("onlinecerPficatestatusprotocol",RFC2560)wasmeanttohandlethisissuemuchmoredirectly,andinteracPvely,butmanybrowsersandemailclientsdon'tcheckacert'sOCSPstatus.Ugh.

LocallyImpor)ngaCRL

•  AnexampleofaCRLis:hEp://crl.usertrust.com/AddTrustExternalCARoot.crl

•  IfyouvisitthatURL,itwillbeimportedintoyourbrowser.•  YoucanalsoscheduletheCRLtobeautomaPcallyupdated,if

you'dliketodoso...

•  But,andthisiscriPcalifyoubelievescalabilityisimportant:youshouldn'tneedtodownloadanevergrowinglistofkilledcerts.

CRLs:The"hosts"FileofPKI

•  NotethateachCAwillofferoneormoreCRLs,andtherearehundredsofCAsoutthere!NormallyyouwouldNOTwanttorouPnelyimportallthoseCRLsallthePmeoneachsystem!Thissimplydoesn'tscaletoInternet‐sizeaudiences.

•  Inmanyways,thisremindsmestronglyof"hosts"filesintheoldpre‐DNSdays–youknow,peoplewouldcopyaroundstaPcfileswithmappingsofhostnamestoIPaddresses.

•  Doyoureallythinkwe'dhavethesizeInternetwehavetoday,ifthatsortofthingsPllhadtohappen?Clearly,no.

SoWhatAboutOCSP?

•  YoucanchecktoseehowOCSPisconfiguredinFirefoxbygoingtoabout:configandthenfilteringforocsp.Forexample(enlargedforeaseofviewing):

•  NotethatOCSPischeckedbutisNOTREQUIREDbydefaultinFirefox.Youcanchangeittoberequiredifyouwantto,butindoingso,you'llbreakaccesstosomeSSL/TLS‐securedsites.

Chicken/EggInterac)onsandInsis)ngonOCSP

•  Assumeyou'reconnecPngviaacapPveportal,andthecapPveportalblocksallexternalaccessbydefaultunPlyou'veloggedintoanSSL/TLS‐securedpages.

•  NowassumethatyouareusingabrowserthatstrictlyrequiresOCSPvalidaPon...butOCSPvalidaPonrequirestheabilitytoconnecttotheOCSPresponder,andthatrequirestheabilitytoresolvetheDNSname,andtoconnecttothathost...butthatrequiresnetworkaccess...Nicecirculardeadlock,eh?

•  MypointindwellingonCRLsandOCSPsearlyintoday'ssessionistogiveyouaheadsupthattherearesomearchitecturalandsecuritycomplexiPesthatdoexist,andthatmaybenecessaryto"resolve"ifyouwantcertstoworkinsomeenvironments...butthosedon'tneedtobe"showstoppers"inmyopinion.

•  ClearlycertrevocaPonis(orcanpotenPallybe)tricky.Thisiswhy,whenitreallymaEers,browservendorsissuepatchestokillcerts

AListofSomeFirefoxSecurityAdvisories

ExampleofOneofThoseSpecificAdvisories

I'veRambledEnough...

•  Wecouldtalkforhourswhenitcomestoprovidingcryptobackground,butlet'sseehowthisallactuallyworks...let'sgetaclientcertandgetsetuptosendandreceivesecureemail.

•  Thenextpartoftoday'ssessionthuslookslike:

‐‐applyingforaclientcert‐‐successfullydownloading/installingitinFirefox‐‐backingitup‐‐installingthecertinThunderbird‐‐configuringThunderbirdtodoS/MIME

V.GelngAFreeS/MIMEClientCer)ficate

GelngaFreeClientCertforS/MIMEWithFirefox

•  TodoS/MIME,you’llneedanemailaccountandaclientcert.We’llassumeyoualreadyhaveanemailaccountyoucanuse,andwe’llgetourfree‐for‐personal‐useclientcerPficatefromComodo.Thankyou,Comodo!Togetit,goto:hEp://Pnyurl.com/free‐cert(hEp://www.comodo.com/home/email‐security/free‐email‐cerPficate.php)

•  We’regoingtouseFirefoxtoapplyforanddownloadourcertfromComodo.WhileyoucanusepreEymuchanypopularbrowserwithclientcerts,forthepurposeofthistraining,ifyou'refollowingalong,aswegothroughthis,pleaseONLYuseFirefox.Ifyoudon’talreadyhaveFirefox,youcangetitforfreefrom:hEp://www.mozilla.org/en‐US/firefox/fx/

•  Macvs.PCorLinux:Althoughwe’llbeusingFirefoxonaMacintheseslides,FirefoxonMicrosofWindowsorLinuxwillbevirtuallyidenPcal.

Comodo’sFreeSecureEmailCer)ficateWebSite

TheApplica)onFormYou’llComplete

SuccessfulApplica)on…

Atthispoint,folks,pleasecheckyouremailfromComodo.You’llneedtogototheweblinkthatthey’vesentyou…

Collec)ngYourCer)ficate

Tocollectyourcer9ficate,usingtheSAMEBROWSERontheSAMESYSTEMyouusedtoapplyforyourcer9ficate,gototheURLyouweresentinemailandpluginyouremailaddressandtheuniquepasswordthattheyprovided

SuccessfulCer)ficateDownload…

"WhereElseCanIGetClientCerts?"

•  Whilewe'reonlygoingtoshowuseofthefreeoneyearComodoclientcertforpersonaluseinthistraining,youcanalsogetapaidclientcertfromComodo's"EnterpriseSSL"division,andfreeorpaidclientcertsfromothervendors.See,forexample:

‐‐hEp://www.enterprisessl.com/ssl‐cerPficate‐products/addsupport/secure‐email‐cerPficates.html

‐‐hEp://www.globalsign.com/authenPcaPon‐secure‐email/digital‐id/compare‐digital‐id.html

‐‐hEp://www.symantec.com/verisign/digital‐id/buy

‐‐hEp://www.trustcenter.de/en/products/tc_personal_id.htm

InCommon'sClientCer)ficateProgram

•  BecausethisisahighereducaPonaudience,I'llalsonotethatifyousignupforInCommon'sClientCerPficateService(seehEp://www.incommon.org/cert/),InCommonincludestheabilityforyoutoissueclientcerPficatesaswellastradiPonalSSL/TLSservercerPficatesatnoextracharge.

•  AlsonotethatifyouparPcipateinInCommon'sCerPficateProgram,youcanissuecertsbothviaawebinterface(the"ComodoCerPficateManager")andviaaprogrammableAPIwithsynchronousclientcertissuancewithinfiveseconds.

•  SeehEps://www.incommon.org/cert/repository/fortheInCommonCerPficateManager(CM)Guide,theEndUserGuideforClientCerPficates,andtheCerPficateManager(CM)SMIMEEnrollAPIGuideformoreinformaPon.

VI.ExaminingandBackingUpYourNewClientCer)ficate

"Okay,I'veGotMyClientCert.WhatDoIDoNow?"

•  WhenComodogaveyouyourclientcert,rememberthattheyrecommendedthatyoubackitup.

•  Weagreethat'sagoodidea.

•  Youalsoneedto"backupyourcerPficate"inordertobeabletogetitintoThunderbirdforuseinemail.

•  Therefore,launchFirefoxifyouaren'talreadyrunningit.

InFirefox,GotoFirefox‐‐>Preferences…

TheFirefoxCer)ficateManager

Notes:Selectthe“YourCerPficates”tabontheCerPficateManagerpanel.Ifnecessary,hitthetriangulararrowtoexpandthelistofComodocerPficates.You’llprobablyonlyseeonecerPficate,theoneyoujustgotfromComodo.ButjustasamaEerofform,let’sconfirmthatitreallyisyours…

TheGeneralTabTellsUsWhenTheCertExpires

TheDetails"ViewCert"TabWillLetUsSeeTheEmailAddressAssociatedWithOurNewCert

76[Closethe“ViewCer)ficate”boxwhenyou’redonelookingatit]

Okay,We'vePickedThe"RightOne,"SoLet'sBackItUp…

The"NameYourBackup"DialogBox

PickanameforyourcerPficatebackupfile.Itshouldendwitha.p12fileextension.Forexample,youmightcallthisfilemycertbackup.p12BesureyousaveitasaPKCS12typefile.

TheFirefoxCertManagerBackup‐PasswordDialogBox

Pickastrongpasswordtosecureyourcertbackupfile.

PLEASEDONOTFORGETTHATPASSWORD!YOUWILLNEEDIT!

BackupSuccessful…

NotethatyoushouldsaveacopyofyourbackuptoaCD,athumbdrive,orsomeexternaldevicejustincaseyouloseyoursystem,yourdrivecrashes,etc.

VII.Impor)ngYourCer)ficateIntoThunderbird

We'reNowGoingToImportOurNewCer)ficateIntoThunderbird

•  Whiletherearemanydifferentpopularemailclients,we’regoingtoshowyouhowtoimportyourclientcertintoThunderbird.(Laterwe’llalsoexplainhowtouseOutlook,andhowtouseclientcertsinGmailwebemailwithPenango,butfornow,we’regoingtofocusonThunderbird)

•  Ifyoudon’talreadyhaveThunderbird,andyou’dliketogetandinstallitnow,youcangetitforfreefrom:hEp://www.mozilla.org/en‐US/thunderbird/

•  NotethatThunderbirdhasanautomatedinstallaPonwizardthatshouldbeabletocorrectlyconfigureitselfinmostcases.Acau)ontoanynon‐technicalpersonlookingattheseslideslater:inselngupyouraccount,chooseIMAP(and*NOT*POP)foryouraccounttype!IfyouselectPOP,youmaydownload(andthendelete)allthemailthatyou'vehadstoredonyouraccount!

"WhyCan'tThunderbirdJustUseTheCertThatI’veAlreadyGotInstalledinFirefox?

They'reBothMozillaApplica)ons,Aren'tThey?"

•  Yes,bothFirefoxandThunderbirdAREfromMozilla.

•  WhilesomeapplicaPonsrelyoncerPficatesstoredcentrallyinasingleoperaPng‐system‐providedcerPficatestore(e.g.,inthe“keychain”ontheMac),FirefoxandThunderbirddoNOTdothis.

•  FirefoxandThunderbirduseseparateper‐applicaPoncerPficatestores,instead.ThisgivesuserstheflexibilitytotailorwhatcertsgetpotenPallyshowntoeachsuchapplicaPon,butthedownsideisaslightlymorecomplicatediniPalsetup(youneedtoinstallyournewcerPficateinmulPplelocaPons)

•  Forwhatitmaybeworth,atleastThunderbird’spreferencesshouldlookveryfamiliartoyouaferlookingatFirefox’s

InThunderbird,GotoThunderbird‐‐>Preferences…

InTheCer)ficateManager,"YourCer)ficates"Tab,ClickonImport

SelectThe.p12BackupFileYouWantToImport

SupplythePasswordYouUsedforTheCertBackup

SuccessfulImporta)onofTheCertIntoThunderbird

VIII.InThunderbird,AssociateYourCer)ficateWithYourEmailAccountAnd

ConfigureThunderbirdToDoDigitalSigning

Thunderbird:Tools‐‐>AccountSelngs

Security

SelectTheCertYouWantToUseForDigitalSigning

ConfirmThatYouWantToAlsoUseThatSameCertforEncryp)ng/Decryp)ngMessages

MakeSureYou’reSetToDigitallySignYourMessagesByDefault

ThunderbirdConfigura)onIsNowComplete…

•  Thehardpartisover!YouarenowsettoautomaPcallydigitallysignyourThunderbirdemailmessagesbydefault.

•  Andthegoodpartisthatnowthatyou’vegotyourselfsuccessfullyconfigured,youwon’thavetoscrewaroundwithanyofthisforroughlyayear(e.g.,unPljustbeforeyourfreeComodopersonalcerPficateisclosetoexpiring)

•  Huzzah!

IX.DigitallySigningAMessageInThunderbird

StartWri)ngAMessageTheWayYouNormallyWould

97NOTETHE“DIGITALLYSIGNED”SEALATTHEBOTTOMRIGHTCORNER!

Op)onal:ConfirmThatTheMessageWillBeSigned

ClickOnThePadlockIconOnTheBarOrTheLiQleRedSealInTheBoQomRightCornerIfYouEverWantToDoubleCheck!

ProceedtoSendYourMessage

•  …justlikeyounormallywould.ItwillautomaPcallybedigitallysignedwithyourcerPficate.

•  Yourrecipientswillseeyournormalmessage,plusanaddiPonal“p7s”aEachmentthatwillhaveyourpublickey/cerPficate.(no,that'snotmalware:‐))

•  Ifyourcorrespondent’semailclientsupportsS/MIME,itwillautomaPcallycheckandvalidateyourdigitalsignature.

•  Ifyourcorrespondent’semailclientdoesn’tsupportS/MIME,theycanjustsafelyignoretheextrap7saEachment.

X.Encryp)ngAMessageInThunderbird

Signingvs.Encryp)ng

•  Digitallysignedmessagesestablishwhopreparedthebodyofthemessage,butanyonecansPllreadthatmessage:it’scryptographicallysigned,it’snotencrypted.

•  IfthebodyofyourmessageissensiPve,youmayalsowanttoconsiderencrypPngitsothatonlytheintendedrecipient(orsomeonewithaccesstohisprivatekey)canreadit.

•  Oh,anditgoeswithoutsayingthatamessagecanbebothsignedANDencrypted,ifthat'sappropriate.

GelngThePublicKeyofYourCorrespondent

•  Toencryptamessageyou’llneedyourcorrespondent’spublickey.

•  Buthowwillyougethispublickey?Answer:you’llhavetherecipientsendyouadigitallysignedmessage,first.

•  YouremailclientwillautomaPcallyextractthepublickeyandcertitneedsfromthatdigitallysignedmessageyoureceivedfromhim.

•  Ifdigitalcertsaredeployedthroughoutyourenterprise,youmayalsobeabletogetpublickeysandclientcertsforyourcorrespondentsfromyourenterprisedirectory,butthatmodelfallsapartwhenyouaEempttoextenditInternet‐wide.

AMetaQues)on:ShouldIEncryptTheMailISend?

•  Maybeyes,maybeno.

•  Firstofall,notethatyouusuallywon’tbeabletoencryptunlessyourcolleagueisALSOsetuptodoS/MIME,andyourcorrespondenthasalreadysentyouatleastonesignedmessage(sothatyou’llhavehispublickeyandcert)

•  Ifthecontentofyouremailisn’tsensiPve,youprobablydon’tneedtoencryptit.Itmaybe“cool”toencryptallthemessagesyoucan,butifyoudon’tneedto,youmightwanttoskipit.Why?–  Well,ifyoureceiveencryptedcontent,youwon’tbeabletosubsequently

easilysearchthosemessages.

–  And,ifyouhappentoloseyourprivatekey,youwillbeS‐O‐Lunlessyouhaveyourkeybackedup(andyoucanrememberitspassword!),oryourkeyhasbeenescrowed.Ifyourkeyisn'tbackeduporescrowed,canyoureallyaffordtopotenPallyloseallthecontentencryptedwiththatkey?

–  You'lldrivecommandlineemailclientusersnuts.103

AndSomeArgumentsInFavorofRou)neEncryp)on

•  What'snotsensiPvetome,mightbesensiPvetosomeoneelse.Likewise,itmightnotbesensiPveNOW,butitmightbesensiPveLATER.

•  IfyouonlyencryptsensiPvemessages,thatsuremakesthemstandsout,doesn'tit?Wouldn'titbeniceifthosemessageswerejustpartofalargervolumeofrouPnelyencryptedmessages?

•  It'srelaPvelyeasytoforgettoenableencrypPon,andtoaccidentallysendoutasensiPvemessageincleartext.IfyourouPnelyencrypt,thatwon'thappen.

•  Ifyouwantpeopletosecuretheiremail,youneedtosettheexampleandnudgethemalong.Iftheygetsetuptodoencryptedemail,butthennevergetany,theymayfeellikethey'rewasPngtheirPme.

•  Finally,it*is*sortofcool/funtodoso.:‐)104

HedgingTheRiskofDataLoss:KeyEscrow•  Let'spretendthatyouhaveafacultymemberwho'sdoing

absolutelycriPcal(andhighlysensiPve)workforyourschool,andyouwantthemtorouPnelyencryptasaresult.AtthesamePme,assumethatpersonisoverweight,hashighbloodpressure,drinksandsmokes,crossesthestreetwhiledistracted,driveswithoutaseatbeltandlivesinaganginfestedneighborhood.Frankly,youworrythatcriPcalfacultypersonwilldieorbekilled,ormaybejustquitandstartabusinessmakinghome‐madepremiumsoapsomeday.Ifthathappens,howwillyougetatalltheirencryptedworkmessagesandfiles?Willallthatworkproductbelost?

•  EscrowingencrypPonkeysallowsyoutogetacopyofotherwiseunavailableencrypPonkeysinavarietyofcarefullypredefinedemergencysituaPons.Companiesnormallypayextraforthis"insurance."KeysrecoveredviaescrowmayhavetheassociatedcertrevokedatthesamePme.

"ItISWorthIt.IDOWantToEncryptMyMessage‐‐HowDoIDoThatInThunderbird?"

"WhenIGetASignedandEncryptedMessage,WhatWillItLookLike?"

WhoSignedThatMessage?(Note:ItMayNotBeThePersonWhoSentTheMessage)

AnExampleofUsingaNon‐MatchingCert

Addi)onalImportantS/MIMECaveats

•  S/MIMEencryptstheBODYofthemessage,ONLY.S/MIMEDOESNOTENCRYPTTHESUBJECTHEADER(oranyothermessageheader).Therefore,DONOTputanythingthatneedstobekeptconfidenPalintheSubjectofanencryptedmessage.Infact,youmaywanttogetinthehabitofneverpumngANYTHINGintothesubjectlineofencryptedmessages.

•  EncryptedmessagebodiescannotbeautomaPcallyscannedonthenetworkforvirusesorothermalware.

•  SomemailinglistprogramsmaytamperwithmessagesbydoingthingslikeaddingfootersorrewriPnglinksorstrippingaEachments(includingp7sdigitalsignatures).Ifthathappens,yoursignaturewon’tvalidate.Ifyousendmessagestomailingliststhatdothesesortofthings,youmaywanttomanuallydisabledigitalsigningformessagestothoselists.

XI.WhatIfIWantToUseOutlookInsteadofThunderbird?

OutlookOnAppleOSXUsestheAppleKeychain;ToDoS/MIMEwithOutlook,WeNeedToGetOurCertIntoIt

Can’tfindKeychainAccess?CheckApplicaPons‐‐>UPliPes

Impor)ngOurKey/Cert

SuccessImpor)ngOurKeyandCert

Nowwe’rereadytolaunchOutlook…

Outlook’sOpeningScreen…

Outlook‐‐>Preferences…

Accounts

AdvancedBubon…

PickingACertontheAccountSecurityTab

WhatTheSenderSeesWhenSendingASignedMessageinOutlook

OutlookAsksForConfirma)onTheFirstTimeItUsesYourPrivateKey/Cer)ficate

[Note:ifyou'reparPcularlysecurityconscious,youmayjustwanttoclick"Allow"ratherthan"AlwaysAllow"]

WhatTheRecipientSeesInOutlookWhenGelngAMessageThat’sSigned

WhatIfWeWantToEncryptAMessage?

XII."WhatIfIUseGmailWebEmailAndIWanttoDoS/MIME?"

GmailDoesNOTNa)velySupportS/MIME

•  YouCANdoS/MIMEwithaGmailaccountifyoureadyourGmailviaadedicatedmailclient(suchasThunderbirdorOutlook)

•  However,ifyoureadyourGmailviaGmail’swebemailinterface,youwon’tbeabletonaPvelyS/MIMEsignorencryptyourmailtraffic.Why?Well,rememberthatGmail’sbusinessmodelisbasedaroundsellingcontextualads(e.g.,ifyousendanemailmessagetalkingaboutgoingonvacaPontoHonolulu,don’tbesurprisedifyousuddenlystarttoseeGmailadsforairfaretoOahuordiscounthotelroomsoverlookingAlaMoana).

•  Fortunately,youcangetathirdpartybrowserplugin,Penango,thatwillhelp.PenangoisfreeforfreeGmailaccounts.ThankyouPenango!(clickonthe“Pricing”linktorequestadownloadlink)

•  Warning:PenangoiscloselyintegratedwithFirefox,andonlysupportssomeversions.Checktheversionyou'reusing!

OnceYouHavePenangoInstalled,OpenPenango’sPreferencesinFirefox

PlugInYourGmailAddress

129[someaccountdetailselidedabove]

Uncheck"Automa)callyencryptnewmessages"

130[someaccountdetailselidedabove]

ComposingaSignedGmailMsgWithPenango

[someaccountdetailselidedabove]

SomePenango‐RelatedSendingIdiosyncrasies

•  WhenyousendasignedorencryptedmessageusingPenango,themessagegetssubmiEed“outside”ofGmail'swebinterface(e.g.,viaSMTPStosmtp.gmail.com).ItdoesNOTgetsentwithintheGmailwebinterface.ThisisnecessarybecausePenangoneedstosetthetop‐levelmessageContent‐TypeappropriatelyforS/MIME.

•  Theysubmitviaport465(grr!)andnotSTARTTLSonport587;ifproxiesareinuse,Penangowillendeavortousethem,too.

•  TheIPofthehandoffhostdoesappearintheGmailheaders.

•  Thebodyofthemessagemaybebase64encodedevenifthemessageyou'resigningisplain‐text‐only.Penangoalsousesalong/uglynameforthe.p7saEachment

•  Speakingof,somemessagetext/messageformamngmaymakeitappearasifyoumustusePenangotoprocessaPenango‐generatedS/MIMEmessage.That'sanincorrectimpression.

XIII.HardTokens/SmartCards

Alterna)vesToStoringYourKeysandCertsOnYourDesktoporLaptop

•  InhighereducaPon,manyusersdon'thaveacleanone‐to‐onemappingofuserstosystems.

•  Forexample,asecurityconscioususermighthavebothadesktopandalaptop,andmightwanttousetheircerPficatesonboththosesystems,butmightnotwanttoleavetheircredenPalsstoredonmulPplesystemsiftheydon'thaveto.

•  Alesswell‐offusermightnothaveasystemoftheirown,workingfromsharedsystemsinacampuscomputerlab,instead.ObviouslyitwouldbebadforthatusertodownloadandinstalltheircredenPalsonasharedsysteminthatlabifthatsystemwillsoonbeusedbysomeoneelse,oriftheymaybeassignedtousesomeothersystemthenextPmetheyvisitthelab.

•  WhatwereallyneedisawayforuserstosaveandcarrytheirS/MIMEcertswiththemwherevertheygo.

HardTokens/SmartCardsAdvantages

•  UserscanuseonesetofPKIcredenPalseverywhere.•  UserscancarrytheircredenPalswiththemwherevertheygo(it's

justanotherblobonyourkeychain,oranother"creditcard"inyourwalletorpurse)

•  Theuser'sprivate/publickeypaircanpotenPally*begeneratedon‐token(oron‐smartcard),withtheprivatekeyneverleavingthedevice

•  Theusercaninsertandunlocktheirtokenorsmartcardonlywhentheyneedit,keepingthatcredenPaloffline(andshelteredfromonlineaEack)therestofthePme

•  Clientcertissuancecanmimicotherwellestablishedcreden)alissuanceprocesses(suchasthoseforIDcardsordoorkeys);diboforclientcertuseprocesses.

* NotcurrentlypossibleforInCommonclientcerPficates. 135

GeTngAnIns)tu)onalID(orDoorKey)

GemngauniversityIDcardora doorkeyusuallyinvolves:‐‐ObtainingproofofauthorizaPon,suchasaleEerofadmissionorasignedcontract(oracompletedkeyauthform)‐‐Takingyourpaperworkandadriverslicenseorpassport,andvisiPngthecampuscardoffice(oradistributedcredenPaldistribuPonsite,perhapslocatedinthestudenthousingofficeorpersonneldepartment)‐‐PaperworkandcurrentproofofidenPtygetreviewedandOK’d‐‐One'sphotogetstaken(fortheIDcard)oradepositgetscollectedforakey,anditgetsissuedwhile‐you‐wait.

Thisworks.Notpainless,butnothorrible,andit'srelaPvelysecure.NowvisualizetheIDcardasactuallyasmartcard(withaclientcertonit),orthe"key"actuallybeingaUSBformatPKIhardtoken...wouldthatprocessneedtobemateriallydifferentthanthecurrentprocessofissuingIDcardsordoorkeys?No...

UsingAnIns)tu)onalID(orDoorKey)

EveryoneknowshowtousetheirIDcard(orkeys):

‐‐Carryitwithyou,soyouhaveitwithyouwhenyouneedit‐‐Whenneeded,allowyourcardtobescannedorinspected(orsPckyourkeyinthelockandturnittoopenthedoor);thisissimple,sotrainingisnotrequired.

‐‐IfyouloseyourIDoryourkey(s),youreportitsoyoucangetareplacement,andsoyouroldonecanbemarkedasinvalid(orsoanylocksassociatedwiththelostkeycanbepotenPallychanged)‐‐Ifyourkeydoesn'tgetyouintoaspaceyouneedtoaccess,you'llbegivenanotherone(repeatthe"gemngakey"process).‐‐YourIDcardorkeysgetcollectedifyouleaveorarekickedout.

UsingclientcertsneedstobeaseasyasusinganIDcardordoorkey,andcanbeifhardtokens/smartcardsareused.

USB‐FormatPKIHardTokens

•  USB‐formatPKIhardtokenslookalotlikearegularUSBthumbdrive,butaUSB‐formatPKIhardtokenisactuallyacompletelydifferentanimalthatjustcoincidentallylookslikeathumbdrive.

•  Specifically,aUSB‐formatPKIhardtokenisactuallyahighlyspecializedsecurecryptographicprocessorwithintegratedsecurestorage.Correctlyconfigured,itallowsyoutosaveandUSEyourS/MIMEkeysandcerPficate,butwithoutpumngthosecredenPalsatriskofbeing"harvested"/stolen.Thesedays,withallthecredenPalharvesPngmalwarethat'soutthere,that'sapreEycoolthing.

•  Infact,USB‐formatPKIhardtokenshavetheabilitytopotenPallygenerateprivate/publickeypairs*onthetokenitself*,sothattheprivatekeyNEVERleavesthetoken,althoughwewillnotbetakingadvantageofthatcapabilityduringtoday'ssession(andinfactthat'salsonotsupportedforInCommonClientCerPficates)

SafeneteTokenPRO72K

•  ThroughthegenerosityofChenArbelatSafenet,we'reabletoprovideeachSecurityProfessionalsclientcerttrainingparPcipantwithafreeUSBformatPKIhardtokentoday,theSafeneteTokenPRO72K,aswellasthedriversofwareanddocumentaPon.Thankyou,ChenandSafenet!

•  Thistoken,formerlymarketedbyAladdin,isthemostpopularUSBformatPKIhardtokenusedinhighereducaPon,andisparPcularlyniceifyouworkinacrosspla�ormenvironmentsinceitissupportedunderMicrosofWindows,MacOSX,andLinux.

Imagecredit:hEp://commons.wikimedia.org/wiki/File:EToken_PRO_USB.jpg139

"ThanksforOne,ButINeedABunchofThem!"

•  USB‐formatPKIhardtokensareavailablefrommanymajorITchannels.Forexample,CDW‐GcurrentlyofferstheSafenete‐TokenProfor$38.89/each(qty1‐100),andtheSAC(requiredsofwaredrivers)costs$18.94.IfyouthrowononeoftheliEleprotecPveshells(liketheoneweprovidedforyoutoday),that'sanothercouplebucksfromCDW‐G,bringingthepricerightuptoaround$60.00/unit.Naturally,while~$60/unitisn'tabigdealforasmallnumberofusers,itaddsuppreEyquicklyifyouwanttoissuehardtokenstoawholecampus,parPcularlyiftherearecompePngtwofactorauthsoluPonsthatmaybe~$5/user.

•  Fortunately,InCommonhasarrangedtobeabletoselldeeplydiscountedSafeNetPKIhardtokenstoInCommonhighereducaPonsubscribers.FormoreinformaPon,seehEp://www.incommon.org/safenet/index.html(note:aminimumorderoftwohundredunitsapplies)

"ButIOnlyWantToOrderADozenTokens!"

•  If you're only buying a small number of tokens for a test deployment, you can already get those on the open market. Internet2/InCommon doesn't need to get involved in order for that to be practical. Our goal is explicitly not to make small-scale test PKI deployments cheap(er).

•  On the other hand, if the community is trying to deploy thousands, tens of thousands, hundreds of thousands, or even millions of client certificates, THAT's the sort of process we want to facilitate, and where central coordination may be critical.

•  Put another way, Internet2/InCommon is, and should be, all about facilitating "deployment at scale."

•  This is an important principle that Randy Frank deserves special acknowledgement for correctly emphasizing.

SafenetDrivers,LocalTokenManagementSoKware,AndDocumenta)on

•  MostsystemswillrequiretheinstallaPonoftokendriversand/orlocaltokenmanagementsofware(soyoucanloadyourexisPngcerPficateontothetoken).WithSafenet'spermissionwearemakingthatsofwareanddocumentaPonforthisproduct,availabletoyouforinstallaPonviaCD‐ROM.WeaskthatyourespectthiscopyrightedsoKware:pleasedoNOTredistributeit!

•  Youshouldseethreefiles:‐‐SAC8_1SP1.zip(Windows) 206.9MBMD5sum=55876842e6e13e6c8ee6cdf9dd16986a‐‐610‐011815‐002_SAC_Linux_v8.1.zip 42.2MBMD5sum=d66c9ff919f3b35180dba137857eb88c‐‐610‐001816‐002_SAC8.1Mac.zip 18.2MBMD5sum=c2e9e9b0e2706ffab310538574cf009b

InstallingtheSACOntheMac

•  InserttheCD‐ROManddragthe610‐011816‐002_SAC8.1Mac.zipfiletoyourdesktop.UnzipitwiththeArchiveUPlity,Stuffit,orwhateverapplicaPonyounormallyusetounzipfiles.Youshouldendupwithafoldercalled"SAC8.1.0.5"withtwosubfolders:"DocumentaPon"and"MacInstaller."

•  READTHEDOCUMENTATIONINTHEDOCUMENTATIONFOLDER!Inpar)cular,readtheAdministrator'sGuideandreadtheReadMefile,par)cularly"KnownIssues/Limita)ons"

•  Really,Ikidyounot,readthedangdocumenta)on,please!

•  ThengototheMacInstallerfolder,andruntheinstallerthat'sinthere:SafeNetAuthenPcaPonClient.8.1.0.5.dmg

•  Whenyoumountthatdmgfile,youwillseeInstallSafeNetAuthenPcaPonClient8.1.mpkg

•  Installit.You'llneedtorebootwhenitfinishes143

FirefoxSecurityModule

•  AsmenPonedinthedocument(whichyouAREgoingtoread,right?)whenyouinstalltheSafenetAuthenPcaPonClient,itdoesn'tautomaPcallyinstallthesecuritymoduleinFirefox.Youneedtodothatmanually.

•  Firefox‐‐>Preferences...‐‐>AdvancedIntheEncrypPontab,clickonSecurityDevicesIntheDeviceManagerwindow,clickLoadIntheLoadPKCS#11Devicewindow,Modulefilename,enter:/usr/local/lib/libeTPkcs11.dylibIntheConfirmwindow,clickOK

•  RepeatthisprocessforThunderbird,too.

"ButI'mUsingWindows,NotAMac!"

•  WindowsusersshouldseeAppendixIattheendoftheseslides.

IthasinstrucPonsforsemngupyourSafeNethardtokenwithaWindows7box.

•  We'dhavebundledtheminhere,inline,butwedidn'twanttointerruptthings/confusetheMacusers.

NowLaunchtheSafeNetAuthen)ca)onTools

GoToTheGearMenu("Advanced")

Select"ViewTokenInforma)on,"ThenIni)alizeIt

EnterYourNewPasswordsandThenGoToTheAdvancedScreen

149DO*NOT*FORGETTHESECRITICALPASSWORDS!

BeSureToAskfor2048bitkeysupport

NowActuallyIni)alizeTheHardToken...

LoginToTheHardToken

You'llNeedToEnterYourPasswordForIt

GoToTheImportCertScreen

ImportOurCer)ficate

Pickthep12backupfilewesavedearlier.

Notethatyou'llneedtoprovidethepasswordforthatbackupfileinordertoloaditontothetoken.

BeSureToIncludetheCACertsOnTheToken,Too

ViewOurCertOnTheHardToken

AnAside:What'sThat"UnknownPurpose"Note?

Butcomingbacktoactuallyusingourhardtoken...

TellingThunderbirdToUseTheHardToken(WeNeedToUnlockTheToken,First)

We'reThenShownTheTokenandItsCert

NowWeGoToThunderbirdAccounts‐‐>Security,AndSelectTheHardTokenToUse

AndAtThatPointWe'reGoodToGoUsingTheHardTokenForOurCert...Huzzah!

XI.DoingAllThis"AtScale"

GetALibleExperience,First•  It'ssomePmestempPngto"swingforthebleachers,"tryingtohita

grandslamthefirstPmeyou'reuptobat,wheninfacttheprudentthingmightbetomakesureyoujustgetonbase.Thisistrueforclientcerts,asforbaseball.

•  I'dliketourgeyou,beforeyouembarkonabigprojectinvolvingclientcerts,orevenapilotscaleprojectthatmightinvolvesomeofyourmostsensiPvesystems,tofirstspendaliElePmejustexperimenPngwithclientcerts.

•  Getafreeclientcertforyourself,andforyourteammembers.

•  UsethemforrelaPvelylowimpactacPviPes,suchassigningyouremail,whileyougainfamiliaritywiththem.

•  Trypurchasingandusinghardwaretokensorsmartcards.Whatworks?Whatdoesn'tworkonyourdevicesorinyourenvironment?Inanexperimentalenvironment,you'vegotthefreedomtopushtheenvelopewithoutworryingtoomuch.

ClientCertDeploymentScale:Test,Departmental,Site‐Wide,edu‐Wide?

•  Wecanimaginefourdifferent"scales"ofclientcertdeployment:‐‐Testdeployment(maybehalfadozenoradozenclientcerts,perhapsissuedonlytohighlytechnicalsystemsorsecuritystaff)‐‐Departmental‐scaledeployment(hundredsoreventhousandsofcerts,perhapsissuedtoallauthorizedadministraPvecompuPngusersortoallauthorizedhighperformancecompuPngusersatasite)‐‐Site‐widedeploymentto"everyone"(allfaculty/staff,allstudents,andpotenPallyeventoall"other"users)‐‐Ormaybeevenbroadedu‐wide(cross‐realm)deployment?

•  Theseareradicallydifferentanimals.IfweDON'Tneedtodothecross‐realmcase,wemightevenbeabletogetalongwithlocallyissuedclientcerts.Doyouthinkthat'sonereasonwhyemail,aclassicinter‐realmapp,hasleadtoclientcertsofenbeingcalled'S/MIMEcerts?'(Ifyou'reonlyissuingclientcertsforintra‐realmuse,atthesamePmeyouissueacert,youcouldjustpushalocalrootcert).

SmallDeployments?==>TargetedBenefitsLargerDeployments?==>BroadAcceptance

•  WhileIdon'tmeantoimplythatthere'snobenefittofolksdoingPKItesPng,orevensmallscaledeploymentsforacarefullydefinedlocalcommunity,thosesortofprojectsdeliveradifferentsortofbenefitthanmorebroadlyadoptedefforts.Hasthe)mecomeforustoconsiderabroadlyacceptedcross‐ins)tu)onalclientcerteffort?

•  Contrastalocally‐issuedlibrarycardwithapassport:‐‐Alocally‐issuedlibrarycardisterrificallyusefulifIwanttocheckoutsomebooks,butunfortunatelynooneexceptmylibrary,e.g.,theonethatissuedit,willrecognizeoracceptit‐‐Apassport,ontheotherhand,whilenotadocumentthatwillbeacceptedforthepurposeofcheckingoutlibrarymaterials,isuniversallyacceptedasaproofofpersonalidenPty(includingbeingpotenPallyusedorthingslikegeUngalocallibrarycard)

TimeForAStandardizedHigher‐Ed‐WideIDCard?

•  Oneofthereasonspassportsareusefulisthatthey'restandardized.CurrentlyeachuniversityissuesitsownuniquetypeofIDcard,withliEleinthewayofformalhighered‐widestandardizaPon.Mosthaveaname,anumber(hopefullynotaSSN!)andapicture.Mostalsohaveamagswipestrip,abarcode,andmaybeanRFIDtag.

•  Hasthe)mecomeforcollegeanduniversityIDcardstoalsohavesmartcardfunc)onalityandaclientcert?Infact,shouldhigheredbestrivingtoestablishacommunity‐widegeneralstandardforcollegeanduniversityIDcards?(arguably,there'salreadyconsiderabledefactostandardiza)on)

•  Note:Iexplicitlyhavenodesiretosteponcardoffice"turf"atschoolsallacrossthecountrybyinnocentlyaskingthoseques9ons!Idoalsorecognizethattherearea*lot*ofsubtleissuesthatareraisedjustbyaskingthosetwoques9ons.

WhatWorksForOnesie‐TwosieWon'tWorkForTensofThousands

•  Theprocessesyousawearlierinthissession,whichcanbemadetoworkforasmallnumberoftechnicallysavvyusers,won'tworkifyou'retryingto"cookforthousands"(ortensofthousands)ofusers.Amorescalableapproachisneeded.

•  Forexample,ifyou'regoingtoinstallcerPficatesdirectlyonusersystems,youneedabeEerwaytodropcerPficatesonthosesystems,andabeEerwaytoconfiguretheuser'sapplicaPonstoknowaboutandusethem(InCommonisworkingonthis).

•  Similarly,ifyou'regoingtousehardwaretokens,instead,youlikelyneedenterprisegradetoolstoprovisionandmanagethosedevices.Thosetoolscanbepurchased,ormaybewriEenlocally.

•  Heck,ifwe'rethinkingaboutabigdeployment,weevenneedtocarefullyconsiderwhatSORTofhardwaretokenswemightwanttouse...USBformatPKIhardtokensareNOTtheonlyopPon.

Smartcards?

•  TheUSBformatPKIhardtokensyoureceivedarebasicallyasmartcardwithanintegratedsmartcardreader(withabuilt‐inUSBinterface).Thatcanbeveryconvenient–it's"allinone."

•  However,smartcardstendtobesomewhatcheaperthanUSBformattokens(e.g.,$15.13vs.$19.80),whichcanbeimportantifyou'rebuyingthousandsofthem.Ontheotherhand,theydoneedsmartcardreaderswhereverthecardsaregoingtobeused(fortunatelysmartcardreadersneednotbeveryexpensive)

•  AdisPnctadvantageofsmartcardsisthattheycanbeusedasanemployeebadgeorIDcard,formaEedtoincludethingsliketheemployee'snameandpicture,amagstripeandoneormorebarcodes,whileALSOcontainingasmartcardinasecurecerPficatestore.Thismaybethebestofallpossibleworlds.

•  Butwhatwillyoudoformobiledevices,suchassmartphonesortablets?

Slick‐SidedMobileDevicesandHardTokens

•  Mobiledevicesareincreasinglyimportantoncampus,soweshouldbesuretothinkabouthowwe'llintegratehardtokensorsmartcardswithmobiledevicesthatyourusersmayhave,suchastheiPad,theiPhone,Androiddevices,Blackberries,etc.

•  Theproblemisthatmosthardtokens,andmostsmartcardreadersforthatmaEer,connectviaUSB.SomeportabledevicesmaynothaveareadilyaccessibleUSBportintowhichyoucanplugahardtokenorsmartcardreader.

•  ThesoluPon?YoucantryBluetooth‐connectedsmartcardreaders(somePmesalsoknownas"CACsleds"),buttheyaren'tcheapandtheydon'tsupportalldevicesorallsmartcards.

•  Inthefuture,itmaybepossibletostoreclientcertssecurelybystoringpartoftheclientcertdirectlyonthedevice,whilestoringtherestoftheclientcertinthecloud,usingthresholdcryptographytoreconsPtutetheclientcertsecurely.

WhatAboutDirectories

•  Oneofthesubtlethingsthatcanreallymakelifeeasierifyou'redeployingclientcerPficatesatscaleisadirectoryofallthepublickeysandcerPficatesfortheusersyoumightneedtocommunicatewith(thatmeansthatpeopledon'tfirstneedtoexchangesignedemailmessagesbeforetheycanexchangeencryptedemailmessages).

•  TradiPonalkeydistribuPonalsobreaksdownifyouneednon‐repudiablekeysfordigitalsigning,butescrowedkeysforencrypPon.YouneedanalternaPvesourceforkeysinthatcase.

•  Whenitcomestodeployingadirectory,deployingoneforyourcompanyisonething.EvendeployingadirectoryforanenPtyasbigasthefederalgovernmentissomethingthat'sdoable(heck,they'vedoneit!).Butit'snotcleartomethatthere'sascalableInternet‐widedirectorysoluPonthatwouldworktoholdclientcerPficatesforallInternetusers(assumingeveryonehadthem).

SomeDirectoryComplica)ons

•  Organiza)onaldirectoriesareforlocalcorrespondents:Ifallmyemailislocal,andmysiteisdoingclientcerts,Icanprobablyjustcheckmylocaldirectory,butthesedays,manyusersexchangemoreemailoff‐sitethanon.AndwhatifI'man"isolatedadopter,"andthere'snotevenanorganizaPonaldirectoryformetoevenuse?

•  Organiza)onaldirectories(distributed,Internet‐wide):HowdoIfindtherightdirectorytousetolookupsomeoneelse'sS/MIMEcreds?There'scurrentlyno"directoryofdirectories"(nordoIthinkthere'smomentum/communitysupporttocreatesuchananimal,givenspamproblemsandsecurityworries–manysitesmaybereluctanttoallowunfeEeredpublicdirectoryaccessduetopotenPalharvesPngissues).

•  Whataboutacentralized/consolidateInternet‐widedirectorythatlists"everyone?"Um,no.Peoplejustwon'twanttocontributetheirdata,itwouldbeimpossibletokeepcurrent,andthereareO(20million)usersinUShighered!WeneedtotakealessonfromDNS.ThearchitectsofDNSdidadistributedmodelforgoodreasons!

PGP/GPG‐ishS/MIMEKeyservers?

•  ThereisonealternaPvecryptographicdirectorymodelthatseemstohaveworkedpreEywellto‐date,andthat'sthePGP/GPGmodel.Userscansubmittheirkeysiftheywantto.Otheruserscanlookforkeysinthosedirectoriesiftheywantto.Ifyoucan'tfindtheoneyouneed,youcanalwaysfallbackonoldstandbyapproaches,likeaskinguserstosendtheirkeydirectly.

•  I'vedevelopedaveryroughprototypeserverthatdemonstratesthatitisatleastconceptuallypossibletoconstructaPGP/GPG‐likekeyserverforS/MIME.Ifyou'reinterested,seehEp://pages.uoregon.edu/joe/simple‐keyserver/foradetaileddescripPonofwhatIhaveinmind.

S/MIMEIsn'tTheOnlyUseforClientCerts

•  ClientcerPficatescanbeusedforabunchofthingsotherthanjustsigningorencrypPngemail.

•  Forexample,clientcerPficatescanalsobeusedtosigndocuments,orforauthenPcaPon,orasabuildingentrycredenPal.(Notethatifyou'reheadedinthe"authenPcaPon"or"buildingaccesscontrol"direcPon,youwillprobablyneedatradiPonalenterprisePKIdirectorytosupportthatapplicaPon)

•  Onceyouhaveclientcertsdeployed,youmightbesurprisedathowmanydifferentwaystheycanactuallybeused.

•  NOTE:Clientcertsshouldonlybeusedforpurposesconsistentwiththeirapproveduses.Forexample,theclientcertwedownloadedearlierspecifiedthatitwasforuseinconjunc)onwithsecureemail.However,manyapplicaPonsdoNOTstrictlycheck/enforcetheObjectIDs("OIDs")associatedwithacert,soyoumaybeabletouseagivencertforotherpurposes,too.

SigningStuff(OtherThanJustS/MIMESigning)

•  SigningMicrosoKWorddocuments(Windowsonly),seehEp://pages.uoregon.edu/joe/signing‐a‐word‐document/

•  NeedtosigndocumentsonaMac?TryOpenOffice:hEp://Pnyurl.com/openoffice‐signing

•  AdobehasanextensiveguidetosecuringPDFs,includinguseofdigitalcerPficatesforsigningPDFs,see:hEp://Pnyurl.com/adobe‐signing(PDF,114pages)

NotethatthisisdifferentthanAdobe's"CerPfiedDocumentServices"programwhichalsoinvolvesdigitalsignatures,butismoreexpensive(andnotsupportedbyComodo/InCommonclientcertsatthisPme)

Encryp)onUsingClientCerts(OtherThanS/MIME)

•  PGPWholeDiskEncryp)on(seethedatasheetlinkedfromhEp://www.symantec.com/business/whole‐disk‐encrypPon)

•  MicrosoKWindowsEncryptedFileSystemhEp://technet.microsof.com/en‐us/library/bb457116.aspx

•  IPsecVPNs(MostIPsecVPNsaredeployedwithoutuseofclientcerPficates,howeveratleastsomeVPNscanbeconfiguredtouseclientcerPficatesifdesired—see,forexample,hEp://www.strongswan.org/andhEp://www.cisco.com/en/US/docs/soluPons/Enterprise/Security/DCertPKI.html)

Authen)ca)onUsingSmartCards/ClientCerts

•  RedHatEnterpriseLinuxSmartCardLoginSeehEp://Pnyurl.com/redhat‐smartcards

•  WindowsAc)veDirectoryLoginwithSmartCardsSeehEp://support.microsof.com/kb/281245

•  OpenSSHauthen)ca)on(viathirdpartyX.509patches)hEp://roumenpetrov.info/openssh/

•  MacOSXhasbeengoingthroughsomechangeswhenitcomestonaPvesupportforsmartcards,butseehEp://smartcardservices.macosforge.org/andhEp://www.thursby.com/mac‐enterprise‐management‐high‐security‐smart‐cards.html

Authen)ca)onUsingClientCerts(cont.)

•  ControllingaccesstowebcontentservedbyApache:www.dwheeler.com/essays/apache‐cac‐configuraPon.html(it'smuchmorehelpfulthanthemoregeneralpageathEpd.apache.org/docs/2.5/mod/mod_ssl.html#sslrequire)

•  ControllingaccesstowebcontentservedbyMicrosoKIIS7hEp://technet.microsof.com/en‐us/library/cc732996%28v=ws.10%29.aspx

•  ControllingaccesstowirelessnetworksviaEAP‐TLS,includingconfiguringEduroam.See

hEp://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a008009256b.shtmland

hEp://www.internet2.edu/presentaPons/jt2011summer/20110710‐hagley‐eduroamtutorial.pdf

ClientCer)ficatesCanEvenPoten)allyBeUsedForBuildingAccessControlPurposes

XII.Don'tForgetAboutPolicies,GovernanceAndPoten)alLegalIssues

ClientCerts(TheTechnology)NeedtoBeSupportedByAppropriatePoliciesandGovernanceStructures

•  Inlookingatsuccessfuldeploymentsofclientcerts,suchasthefederalgovernment'sHSPD‐12CAC/PIVcardproject,oneofthethingsthat'shardtomissisthatitssuccessisnotjustatechnologicalthing,it'sasignthatappropriatepoliciesweredevelopedbytheissuingandrelyingcommuniPes.

•  Ifyou'replanningondoingamajorclientcertproject,pleasebesureyouarealsoconsideringthepolicyimplicaPonsofmovingtoclientcerts,notjustthetechnologyissues.

•  Forexample,whataboutprivacy?Doesuseofclientcertshaveanyimpactonuserprivacy?Maybe...

•  Whatifyouremailclientcheckedadirectoryforapublickey/certforeveryemailcorrespondentyouexchangedemailwith?

•  OrhowaboutthisliEleexposure...seethenextslide...181

AnyWebSiteCanAskForYourBrowser'sClientCertAndThusPoten)allyGetYourName/EmailAddress

AnotherPrivacyThreat:ClientCertsAreNowBeingTargetedByMalware

•  UserswhoemployedclientcertsfortwofactorauthenPcaPonhavelongenjoyedfeelingrelaPvely"abovethefray"whenitcametohacker/crackeraEacks.However,in2012,itbecameclearthatatleastonemalwarefamily,Sykipot,hasbeguntospecificallytargetfederalCAC/PIVclientcerPficatecredenPals.See,forexample:hEp://labs.alienvault.com/labs/index.php/2012/when‐the‐apt‐owns‐your‐smart‐cards‐and‐certs

•  BecauseclientcertcredenPalsaretypically"nonexportable"fromsmartcards,malwaretargePngclientcertswillnormallyaEempttoexecutea"maninthebrowser"or"maninthemachine"aEack:‐‐intercepttheuser'ssmartcardPIN,‐‐usetheclientcert"in‐situ,"proxyingrequestsforresourcescontrolledbycertsthroughthecompromisedmachineitself,then‐‐exfiltratethesurrepPPouslyaccessedmaterialsoffsite.

•  ConscienPouspatchingandaggressivemeasurestocontrolmalware,remainextremelyimportant,evenif(especiallyif?)you'reusingclientcerPficatestocontrolaccesstosensiPvecontent.

KeepYourLawyersInTheLoop,Too

•  Why?Well,letmegiveyouoneclosingexample...strongcryptographyisexportcontrolledbytheU.S.BureauofIndustryandSecurity,includingbeingsubjecttothe"deemedexport"rule.

IfyouplantoissueclientcerPficatestoallyouremployeesrememberthatsomeusers,asmenPonedatthebeginningofthistalk,maynotbeeligibleforaccesstostrongcryptographictechnologies,includingpotenPallyclientcerPficates.Formoreonthispoint,pleaseconsultwithyouraEorneyregardingtheprovisionsofthe"DeemedExport"rule.AsastarPngpoint,seehEp://www.bis.doc.gov/deemedexports/deemedexportsfaqs.html

•  IncreaseduseofencrypPonforofficialrecords,mayalsoraiselongtermrecordmanagementandaccessissues.

ThanksfortheChanceToTalkToday!

•  ArethereanyquesPons?

AppendixI:UsingTheSafeNetHardTokenonWindows7

"I'mUsingWindows,NotAMac!"

•  There'saversionoftheSACforWindows7ontheCDwegaveyou,too.

•  DragtheSAC8_1SP1zippedarchivefromtheCDtoyourdesktop.Doubleclickonit,thenselecttheSAC8_1SP1folder.

•  Gotothe32X64Installerfolder.DragtheapplicaPonyou’llseethereontoyourdesktop.

•  Assumingyou'rerunningWindows7,rightclickontheinstallerandselectRunasAdministrator.

•  Youshouldseethengothroughaseriesofscreenswherethedefaultanswerswillusuallyfine...seethenextslides.

TheCD'sContents

PlugInYourToken

•  Whenyoudo,itmayautomaPcallydownloadaddiPonaldriversfromWindowsUpdate.ThefirstPme,whenitfinishes,itwillpromptyoutochangeyourtoken'spassword.Thedefaultpasswordis1234567890asmenPonedinthedocumentaPon.

ThunderbirdCan'tSeeTheSafeNetHardTokens?

•  IniPally,Thunderbird(andpotenPallyFirefox)maynot"see"theSafeNethardtoken.Ifyouexperiencethat,you'llneedtomanuallyloadtheeTPKCS11.dllfilefromeither

c:\Windows\System32\eTPKCS11.dll (32bit)orc:\Windows\SysWOW64\eTPKCS11.dll (64bit)

Firefox‐‐>Preferences...‐‐>AdvancedIntheEncrypPontab,clickonSecurityDevicesIntheDeviceManagerwindow,clickLoadIntheLoadPKCS#11Devicewindow,underModulefilename,entertheappropriatefilename(asshownabove)IntheConfirmwindow,clickOK

Client Cerﬁcates · Use of encrypon makes it harder for naonal security agencies and law...

Documents

Fidelity Naonal Home Warranty · 12/10/2015 · • Fidelity Naonal Home Warranty • HomeStreet Home Loans // Bookspan Baker Team • Movement Mortgage • Liberty Inspec+ons •

How$Organizaons$Implementand$Sustain$ …How$Organizaons$Implementand$Sustain$ Evidence:Based$Prac,ces:$Strategies,$Tips$and$Tools$ ©$2013$Council$of$State$Governments$Jus,ce$Center$

AKTIF DIS TICARET - ikmib.org.tr · quality cerﬁcates: iso 9001, iso 13485, iso 14002,ce, tse products: hospital beds, examination tables, stretchers, overbed tables, bedside cabinets,

NPIN Naonal Prevenon Informaon Network · PDF file• NPIN Naonal Prevenon Informaon Network www ... Windows Internet Explorer provided by ITSO asianhealth org 794.htm ... Natural

2017 Naonal DNP Conferencednpconferenceaudio.s3.amazonaws.com/2017/NOLAPresentations/HowieB_Plenary_2017.pdf2017 Naonal DNP Conference ... checklist - a technical solution - can solve

Key$Characteris-cs$of$innovave$organizaons$€¦ · Agendafor$session$ Introduc-on$ Example$ FAQ$–Panel$ Speaker’s$Corner$ac-vity$ Closing$remarks$

Naonal Cyber Summit

Creang Mindful Inclusion: Building Organizaons that Migate Biaspgediversitysummit.com/program/2018presentations/Howard... · 2018-06-07 · Creang Mindful Inclusion: Building Organizaons

1 IMF Conference$on$Economic$ Development ... · // 9 !$ $ Sources:&Naonal&Agency&for&Civil&Aviaon&(ANAC),&Naonal&Agency&for&Aquac&Transportaon&(ANTAQ),&Brazilian&Associaon&of&Highway&

How$Organizaons$Implementand$Sustain$ … · 6.06.2013 · How$Organizaons$Implementand$Sustain$ Evidence:Based$Prac,ces:$Strategies,$Tips$and$Tools$ ©$2013$Council$of$State$Governments$Jus,ce$Center$

Naonal Academies Review of NASA’s Planetary …...Naonal Academies Review of NASA’s Planetary Science Division’s Restructured Research and Analysis Programs Steve Mackwell OPAG

CYBERSECURITY AND CYBERINFRASTRUCTURE ...Cybersecurity programs are scoped to key assets, resources, and lifespan of organizaons” - CTSC Credit: Center for Trustworthy ScienAﬁc

BusinessObjects - Location Intelligence & Location ... · Galigeo Location Intelligence: Mapping Solutions for SAP BusinessObjects A soluon for all industries How can organizaons

Associaon Française de Cristallographie Comité Naonal de

Nigeria’sFinancial)InclusionStrategy · FinancialInclusionOutlook Naonal Financial* Inclusion Strategy Financial* Inclusion iniavesby stakeholders* 1 Idenﬁesrolesand responsibilies*

Supportive Measures for Scaling Swedish Social ...1336664/FULLTEXT01.pdf · Supporve Measures for Scaling Swedish Social Organizaons Abroad: Intermediaries’ Percepon of Iniaves

IN THIS ISSUE · The second day was organised in Naonal Park Podyjí being both SCI and Special protected Area (SPA) and a transboundary naonal park with Naonal park Thayatal in Austria

!! OﬃceofPublicHealth! “Atomic!Veteran”! Related!Programs! · 2016-04-12 · VETERANSHEALTHADMINISTRATION% VA’s Administrations Veterans% Health% Administraon% (VHA)% Naonal%

Organizaons+ThatOppose+Physician+Assisted++ …...Organizaons+ThatOppose+Physician+Assisted++ Suicide+And+WhatThey+Say+AboutIt home+supports,+counseling,+and+assis(ve+technology+ to+maximize+autonomy.+Let’s+focus

Climate Change and Its Impact on Naonal and …Climate Change and Its Impact on Naonal and Human Security The evidence that we are experiencing global warming is substan3al, as Bush