diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/bpki-asymmetric.dot | 18 | ||||
| -rw-r--r-- | docs/bpki-asymmetric.pdf | bin | 5150 -> 5811 bytes | |||
| -rw-r--r-- | docs/bpki-symmetric.dot | 19 | ||||
| -rw-r--r-- | docs/bpki-symmetric.pdf | bin | 4586 -> 5392 bytes | |||
| -rw-r--r-- | docs/bpki.pdf | bin | 45985 -> 47594 bytes | |||
| -rw-r--r-- | docs/bpki.tex | 46 |
6 files changed, 57 insertions, 26 deletions
diff --git a/docs/bpki-asymmetric.dot b/docs/bpki-asymmetric.dot index 9497b27e..739cd6ee 100644 --- a/docs/bpki-asymmetric.dot +++ b/docs/bpki-asymmetric.dot @@ -42,12 +42,18 @@ digraph bpki_asymmetric { Ellen_Frank_EE [ label = "Ellen-Frank\nBSC EE|{HTTPS up-down client|CMS up-down}" ]; Ellen_Ginny_EE [ label = "Ellen-Ginny\nBSC EE|{HTTPS up-down client|CMS up-down}" ]; Ellen_Harry_EE [ label = "Ellen-Harry\nBSC EE|{HTTPS up-down client|CMS up-down}" ]; + Bob_EE [ label = "Bob\nEE|{HTTPS up-down|CMS up-down}" ]; + Carol_EE [ label = "Carol\nEE|{HTTPS up-down|CMS up-down}" ]; + Dave_EE [ label = "Dave\nEE|{HTTPS up-down|CMS up-down}" ]; + Frank_EE [ label = "Frank\nEE|{HTTPS up-down|CMS up-down}" ]; + Ginny_EE [ label = "Ginny\nEE|{HTTPS up-down|CMS up-down}" ]; + Harry_EE [ label = "Bob\nEE|{HTTPS up-down|CMS up-down}" ]; edge [ color = black, style = solid ]; TA -> Alice_CA; TA -> Ellen_CA; - edge [ color = black, style = dashed ]; + edge [ color = black, style = dotted ]; TA -> rpkid; TA -> irdbd; TA -> irbe; @@ -60,11 +66,19 @@ digraph bpki_asymmetric { Ellen_CA -> Ginny_CA; Ellen_CA -> Harry_CA; - edge [ color = red, style = dashed ]; + edge [ color = red, style = dotted ]; Bob_CA -> Alice_Bob_EE; Carol_CA -> Alice_Carol_EE; Dave_CA -> Alice_Dave_EE; Frank_CA -> Ellen_Frank_EE; Ginny_CA -> Ellen_Ginny_EE; Harry_CA -> Ellen_Harry_EE; + + edge [ color = red, style = solid ]; + Bob_CA -> Bob_EE; + Carol_CA -> Carol_EE; + Dave_CA -> Dave_EE; + Frank_CA -> Frank_EE; + Ginny_CA -> Ginny_EE; + Harry_CA -> Harry_EE; } diff --git a/docs/bpki-asymmetric.pdf b/docs/bpki-asymmetric.pdf Binary files differindex ffdb9623..fbd0362d 100644 --- a/docs/bpki-asymmetric.pdf +++ b/docs/bpki-asymmetric.pdf diff --git a/docs/bpki-symmetric.dot b/docs/bpki-symmetric.dot index 968715d9..48e89483 100644 --- a/docs/bpki-symmetric.dot +++ b/docs/bpki-symmetric.dot @@ -35,12 +35,19 @@ digraph bpki_symmetric { Frank_CA; Ginny_CA; Harry_CA; + node [ shape = record ]; + Bob_EE [ label = "Bob\nEE|{HTTPS up-down|CMS up-down}" ]; + Carol_EE [ label = "Carol\nEE|{HTTPS up-down|CMS up-down}" ]; + Dave_EE [ label = "Dave\nEE|{HTTPS up-down|CMS up-down}" ]; + Frank_EE [ label = "Frank\nEE|{HTTPS up-down|CMS up-down}" ]; + Ginny_EE [ label = "Ginny\nEE|{HTTPS up-down|CMS up-down}" ]; + Harry_EE [ label = "Bob\nEE|{HTTPS up-down|CMS up-down}" ]; edge [ color = black, style = solid ]; TA -> Alice_CA; TA -> Ellen_CA; - edge [ color = black, style = dashed ]; + edge [ color = black, style = dotted ]; TA -> rpkid; TA -> irdbd; TA -> irbe; @@ -53,7 +60,15 @@ digraph bpki_symmetric { Ellen_CA -> Ginny_CA; Ellen_CA -> Harry_CA; - edge [ color = blue, style = dashed ] + edge [ color = blue, style = dotted ]; Alice_CA -> Alice_EE; Ellen_CA -> Ellen_EE; + + edge [ color = red, style = solid ]; + Bob_CA -> Bob_EE; + Carol_CA -> Carol_EE; + Dave_CA -> Dave_EE; + Frank_CA -> Frank_EE; + Ginny_CA -> Ginny_EE; + Harry_CA -> Harry_EE; } diff --git a/docs/bpki-symmetric.pdf b/docs/bpki-symmetric.pdf Binary files differindex 172e14e5..9db46451 100644 --- a/docs/bpki-symmetric.pdf +++ b/docs/bpki-symmetric.pdf diff --git a/docs/bpki.pdf b/docs/bpki.pdf Binary files differindex dfdfed0e..979c1380 100644 --- a/docs/bpki.pdf +++ b/docs/bpki.pdf diff --git a/docs/bpki.tex b/docs/bpki.tex index 19860121..c07c6534 100644 --- a/docs/bpki.tex +++ b/docs/bpki.tex @@ -39,21 +39,22 @@ each hosted entity, which scales poorly, or to rely on the TLS ``Server Name Indication'' extension (RFC 4366 3.1) which is not yet widely implemented. -Here's my engine's view of the BPKI tree in the symmetric model -(explanation follows): - -\begin{center} +\begin{figure}[hbp] \includegraphics[width = 6.5in]{bpki-symmetric} -\end{center} +\caption{Symmetric BPKI model} +\label{bpki-symmetric} +\end{figure} -Black objects belong to the hosting entity, blue objects belong to the -hosted entities, red objects are cross-certified objects from peers. -The arrows indicate certificate issuance: solid arrows are the ones -that my own RPKI engine will care about during certificate validation, -dashed arrows show the origin of EE certificates my engine uses to -sign things. ``BSC'' stands for ``business signing context,'' which -is a database object in my implementation representing the context -needed to sign a CMS message or TLS session. +Figure \ref{bpki-symmetric} shows my engine's view of the BPKI tree in +the symmetric model. Black objects belong to the hosting entity, blue +objects belong to the hosted entities, red objects are cross-certified +objects from peers. The arrows indicate certificate issuance: solid +arrows are the ones that my own RPKI engine will care about during +certificate validation, dotted arrows show the origin of EE +certificates my engine uses to sign things. ``BSC'' stands for +``business signing context,'' which is a database object in my +implementation representing the context needed to sign a CMS message +or TLS session. Other than the above-mentioned annoyance with the HTTPS server certificate, the ``symmetric'' BPKI model worked out pretty much as @@ -63,16 +64,17 @@ again excepting the HTTPS server case, where client certificate is the first hint that the engine has of the client's identity, so the server must be prepared to accept any current client certificate. -Here's my engine's view of the BPKI tree in the asymmetric model: - -\begin{center} +\begin{figure}[hbp] \includegraphics[width = 6.5in]{bpki-asymmetric} -\end{center} +\caption{Asymmetric BPKI model} +\label{bpki-asymmetric} +\end{figure} -Note that not much has changed here from the symmetric case. As far -as I can tell, the asymmetric model is just as complex for my engine -as the symmetric model; the only real difference is that the engine -has to keep track of a larger number of BSC EE certificates in the -asymmetric case. +Figure \ref{bpki-asymmetric} shows my engine's view of the BPKI tree +in the asymmetric model. Note that not much has changed here from the +symmetric case. As far as I can tell, the asymmetric model is just as +complex for my engine as the symmetric model; the only real difference +is that the engine has to keep track of a larger number of BSC EE +certificates in the asymmetric case. \end{document} |