PKI at Scale Using Short-Lived Certificates - USENIX Enigma 2016
Offered By: USENIX Enigma Conference via YouTube
Course Description
Overview
Explore the challenges and solutions of deploying Public Key Infrastructure (PKI) at scale for cloud applications in this 21-minute conference talk from USENIX Enigma 2016. Dive into the world of PKI deployments, focusing on protecting internally facing microservices using TLS with mutual authentication. Learn about the pros and cons of using short-lived certificates, operational challenges in scaling certificate authority services, handling certificate reloading at runtime, and determining instance trustworthiness for credential renewal. Gain insights into high-profile attacks, revocation methods, OCSP challenges, and the "Penny Analogy" for understanding short-lived certificates. Discover how chaos engineering and AWS keys play a role in PKI management at scale.
Syllabus
Intro
High profile attacks
PKI at scale
What do people do today
Revocation
OCSP
OCSP Challenges
OCSP Staple
The Problem
Penny Analogy
Shortlived Certificates
Chaos
AWS Keys
Taught by
USENIX Enigma Conference
Related Courses
Adventures in Authentication and AuthorizationUSENIX Enigma Conference via YouTube Navigating the Sandbox Buffet
USENIX Enigma Conference via YouTube Meaningful Hardware Privacy for a Smart and Augmented Future
USENIX Enigma Conference via YouTube Working on the Frontlines - Privacy and Security with Vulnerable Populations
USENIX Enigma Conference via YouTube Myths and Lies in InfoSec
USENIX Enigma Conference via YouTube