Difference between revisions of "Enterprise Certificate Authority"
From MgmtWiki
(→Context) |
(→Problems) |
||
| Line 8: | Line 8: | ||
==Problems== | ==Problems== | ||
| − | + | There have been multiple vulnerabilities reported to the US Government. | |
| + | * [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34691 CVE-2022-34691] | ||
| + | * [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931 CVE-2022-26931] | ||
| + | * [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923 CVE-2022-26923] | ||
==Solutions== | ==Solutions== | ||
Revision as of 15:33, 8 February 2023
Full Title or Meme
Any Certificate Authority that is designed to apply to people, natural or otherwise, that are known to the Enterprise.
Context
- Typically, an Enterprise Certificate Authority operates via Client Certificates that are issued to a digital Identifier that is issued to an Entity that has some means to control access to a protected Private Key that is used for Authentication.
- The most common form of Authentication is via Client Certificates that bind the Entity Identifier with a Client Certificate that is used in a TCP connection using Mutual Authentication to carry the proof of possession, not only of the key of the server, but also of the key of the Client.
- The most common form of Mutual Authentication uses MTLS or mutual transportation layer security.
Problems
There have been multiple vulnerabilities reported to the US Government.
