From cd03b6d85930eaf8f68240cd3e91a6bcf5035c53 Mon Sep 17 00:00:00 2001
From: Holger Dengler <dengler@linutronix.de>
Date: Fri, 28 Oct 2016 16:57:24 +0200
Subject: security: Review findings (Holger, John)

Signed-off-by: Holger Dengler <dengler@linutronix.de>
---
 security/crypto/pres_pki_en.tex | 39 ++++++++++++++-------------------------
 1 file changed, 14 insertions(+), 25 deletions(-)

(limited to 'security/crypto/pres_pki_en.tex')

diff --git a/security/crypto/pres_pki_en.tex b/security/crypto/pres_pki_en.tex
index ff0133b..f385550 100644
--- a/security/crypto/pres_pki_en.tex
+++ b/security/crypto/pres_pki_en.tex
@@ -27,21 +27,21 @@
 \begin{frame}
 \frametitle{Roles}
 \begin{itemize}
+\item Registration Authority
+ \begin{itemize}
+ \item Process Certificate Signing Requests
+ \item Ensure Clients Identity
+ \end{itemize}
 \item Certificate Authority
-\begin{itemize}
-\item Issue CA-Certificate (CA Public Key)
-\item Sign Public Keys (with CA Private Key)
-\end{itemize}
+ \begin{itemize}
+ \item Issue CA-Certificate (CA Public Key)
+ \item Sign Certificates (with CA Private Key)
+ \end{itemize}
 \item Validation Authority
-\begin{itemize}
-\item Provide signed Certificates
-\item Unique relation between Client and Certificate
-\end{itemize}
-\item Registration Authority
-\begin{itemize}
-\item Process Certificate Signing Requests
-\item Ensure Clients Identity
-\end{itemize}
+ \begin{itemize}
+ \item Confirm CA-signature of client certificate
+ \item Validate lifetime and revocation of client certificate
+ \end{itemize}
 \end{itemize}
 \end{frame}
 
@@ -92,17 +92,6 @@
 % ----------------------------
 \subsubsection{Workflows}
 
-\begin{frame}
-\frametitle{Create CA-Certificate}
-\begin{itemize}
-\item Create Key-Pair
-\item Self-Sign Public Key
-\item opt: generate Certificate Signing Request for Root CA
-\item Send CA-Certificate to Directory Server and/or Validation Authority
-\end{itemize}
-\end{frame}
-
-% ----------------------------
 \begin{frame}
 \frametitle{Process Client Certificate}
 \begin{itemize}
@@ -141,7 +130,7 @@
 \end{itemize}
 \item Validation Authority
 \begin{itemize}
-\item Retrieve Clients Certificate in Directory Server
+\item Retrieve CA Certificate in Directory Server
 \item Check Certificate Revocation List
 \item Validate Clients Certificate with CA-Certificate
 \item Validate Signature with Clients Certificate
-- 
cgit v1.2.3