summaryrefslogtreecommitdiffstats
path: root/design/hs_pki_templates
diff options
context:
space:
mode:
authord3llf <d3llf@hackerspace.pl>2017-02-05 17:15:28 +0100
committerd3llf <d3llf@hackerspace.pl>2017-02-05 17:15:28 +0100
commite44a25b64378eddbe5c0c402e8def082b2c65fa6 (patch)
treefc4e69c67fbfc5fa55b591cc2b8f0d47dab21a4c /design/hs_pki_templates
parentf5c69eaf0b7359d0ce9be655d9fdce9212b57352 (diff)
downloadhs_pki-e44a25b64378eddbe5c0c402e8def082b2c65fa6.tar.gz
hs_pki-e44a25b64378eddbe5c0c402e8def082b2c65fa6.tar.bz2
hs_pki-e44a25b64378eddbe5c0c402e8def082b2c65fa6.tar.xz
hs_pki-e44a25b64378eddbe5c0c402e8def082b2c65fa6.zip
RootCA Init; Interesting external resources
Diffstat (limited to 'design/hs_pki_templates')
-rw-r--r--design/hs_pki_templates43
1 files changed, 29 insertions, 14 deletions
diff --git a/design/hs_pki_templates b/design/hs_pki_templates
index 3196fc6..b4f1f5d 100644
--- a/design/hs_pki_templates
+++ b/design/hs_pki_templates
@@ -1,19 +1,34 @@
-End user:
- End user split in:
- - soft stored certs
- - obfuscated certs
- - hardware secured certs
+Category depending on how keys are protected
+ - soft stored certs
+ - obfuscated certs
+ - hardware secured certs
+ - fips secured certs
- End user:
- - Client certs (auth)
- - E-mail certs (signing)
- - Encryption
+Usage:
+ - Signing
+ * Code
+ * E-Mails
+ * WS Requests / RPC / Messages
+ - Authentication
+ * TLS
+ * SSH(?)
- Device:
- - TLS certs (encr/auth)
- * server
- * client
- * server+client(?)
+ * Server
+ * Client
+ * Server + Client (?)
+
+ - Encryption
+ * Recovery
+
+Algos:
+ -Encrypt / auth: RSA, EC
+ -Integrity: SHA-1,SHA-2,SHA-3
+
+Network Zone:
+ - External (public certificates)
+ - DMZ
+ - Internal
+ - Core
All above should be issued per application or generally applications should
leverage main user certificate