~ubuntu-branches/ubuntu/karmic/pyca/karmic

« back to all changes in this revision

Viewing changes to htdocs/overview.html

Committer: Bazaar Package Importer
Author(s): Lars Bahner
Date: 2003-12-02 19:39:35 UTC
Revision ID: james.westby@ubuntu.com-20031202193935-fzzt289mntvy6a8q

Tags: upstream-20031118

Import upstream version 20031118

files added:

bin/ca2ldif.py

bin/certs2ldap.py

bin/copy-cacerts.py

bin/ldap2certs.py

bin/ns-jsconfig.py

bin/print-cacerts.py

cgi-bin

cgi-bin/browser-check.py

cgi-bin/ca-index.py

cgi-bin/cert-query.py

cgi-bin/client-enroll.py

cgi-bin/get-cert.py

cgi-bin/ns-check-rev.py

cgi-bin/ns-revoke.py

cgi-bin/pycacnf.py

cgi-bin/scep.py

cgi-bin/view-cert.py

conf

conf/cacert_AuthCerts.cnf

conf/cacert_CodeSigning.cnf

conf/cacert_EmailCerts.cnf

conf/cacert_Root.cnf

conf/cacert_ServerCerts.cnf

conf/openssl.cnf

conf/ssl_server_csr.cnf

docs

help

htdocs

htdocs/changes.html

htdocs/config.html

htdocs/demo.html

htdocs/download.html

htdocs/faq.html

htdocs/features.html

htdocs/feedback.html

htdocs/files.html

htdocs/help

htdocs/help/client-enroll.html.de

htdocs/help/client-enroll.html.en

htdocs/install.html

htdocs/news.html

htdocs/overview.html

htdocs/pyca.html

htdocs/related.html

htdocs/roadmap.html

htdocs/security.html

htdocs/ssi

htdocs/ssi/footer.html

htdocs/ssi/head.html

htdocs/ssi/navigation.html

pylib

pylib/certhelper.py

pylib/cgiforms.py

pylib/cgihelper.py

pylib/cgissl.py

pylib/charset.py

pylib/htmlbase.py

pylib/ipadr.py

pylib/ldapbase.py

pylib/ldif.py

pylib/openssl

pylib/openssl/__init__.py

pylib/openssl/cert.py

pylib/openssl/cnf.py

pylib/openssl/db.py

pylib/vbs.py

sbin

sbin/ca-certreq-mail.py

sbin/ca-cycle-priv.py

sbin/ca-cycle-pub.py

sbin/ca-make.py

sbin/ca-revoke.py

sbin/pickle-cnf.py

Show diffs side-by-side

added added

removed removed

htdocs/overview.html

<p>

This is an overview of the proposed systems architecure for running pyCA.

Note that pyCA implements a certificate authority - not a trust center.

This means:<br />

No private keys of users are stored by pyCA at any time!

The users themselves are responsible for making backup copies of

their private keys and certificates!

</strong>

</p>

<h2>

<a name="Systems">Systems</a>

</h2>

The following systems are part of the public-key infrastructure (PKI):

<dl>

<dt>

<a name="client_system">Client system</a>

</dt>

<dd>

This is the system of the user accessing the PKI services typically

running a Mail, WWW and/or LDAP client software. The user creates the

key pairs himself and stores his own private keys.

</dd>

<dt>

<a name="public_system">Public server system</a>

</dt>

<dd>

The public server system(s) are holding only public certificate data like

issued client-/server certificates and certificate revocation

lists (CRLs) and are running Internet services like Mail, WWW and/or LDAP

to give users access to the certificate data.<br />

No private keys are stored on this system at all.

However the systems administrator has to take care about securing

this system in the usual manner (firewalls, no other users etc.).

The services provided by this system should also be protected by

the SSL protocol to ensure some kind of server authentication and integrity.

</dd>

<dt>

<a name="private_system">Private CA system</a>

</dt>

<dd>

The private keys of the certificate authority should be hold on a

non-networked system which is only accessible by persons authorized to

issue certificates (e.g. a notebook put in a safe might be a

practical choice). Data exchanged between this system and the

<a href="#public_system">public server system</a> is transported with the

help of removable media storage devices.<br />

If better support for cryptographic devices is available in OpenSSL

it is highly recommended that the private key data is stored e.g. on smart cards.

</dd>

</dl>

Older »