summaryrefslogtreecommitdiffstats
path: root/design/hs_pki_templates
blob: b4f1f5d95281591a8ddd8879a51da35e3a769385 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Category depending on how keys are protected
	- soft stored certs
	- obfuscated certs
	- hardware secured certs
	- fips secured certs

Usage:
	- Signing
	 * Code
	 * E-Mails
	 * WS Requests / RPC / Messages
	- Authentication
	 * TLS
	 * SSH(?)

	 * Server
	 * Client
	 * Server + Client (?)
	
	- Encryption
	 * Recovery

Algos:
	-Encrypt / auth: RSA, EC
	-Integrity: SHA-1,SHA-2,SHA-3

Network Zone:
	- External (public certificates)
	- DMZ
	- Internal
	- Core

	All above should be issued per application or generally applications should
	leverage main user certificate