Internet X.509 Public Key Infrastructure: Certification Path Building

Dzambasow, Yuriy; Joseph, Susan; Nicholas, Richard W.; Hesse, P; Cooper, Matt

doi:10.17487/rfc4158

Cited by 65 publications

(35 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Any entity can authenticate itself via its certificate, as long as it owns the associated private key, which is never transmitted over the network. The certificate management requires a Public Key Infrastructure (PKI) [20], in which specific trusted entities, called Certification Authorities (CA), are in charge of certificate delivery. The TeSLA architecture has its own PKI, to manage the certificates within the TeSLA domain on one hand; and within the institution domain on the other hand.…”

Section: Securing the Tesla Architecturementioning

confidence: 99%

Security Challenges in e-Assessment and Technical Solutions

Kiennert

Rocher

Ivanova

et al. 2017

2017 21st International Conference Information Visualisation (IV)

View full text Add to dashboard Cite

Section: Securing the Tesla Architecturementioning

confidence: 99%

Security Challenges in e-Assessment and Technical Solutions

Kiennert

Rocher

Ivanova

et al. 2017

2017 21st International Conference Information Visualisation (IV)

View full text Add to dashboard Cite

“…Path building [7], and validation [8] have been central issues in PKI domain extensions. There have been proposed three major methods of path construction models: hierarchical, mutual, and bridge models.…”

Section: Related Workmentioning

confidence: 99%

Design of Graded Trusts by Using Dynamic Path Validation

Kubo¹,

Satō²

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. In modern information service architectures, security is one of the most critical criteria. Almost every standard on information security is concerned with internal control of an organization, and particularly with authentication. If an RP (relying party) has valuable information assets, and requires a high level to authentication for accepting access to the valuable assets, then a strong mechanism is required. Here, we focus on a trust model of certificate authentication. Conventionally, a trust model of certificates is defined as a validation of chains of certificates. However, today, this trust model does not function well because of complexity of paths and of requirement of security levels. In this paper, we propose "dynamic path validation," together with another trust model of PKI for controlling this situation. First, we propose Policy Authority. Policy Authority assigns a level of compliance (LoC) to CAs in its domain. LoC is evaluated in terms of a common criteria of Policy Authority. Moreover, it controls the path building with considerations of LoC. Therefore, we can flexibly evaluate levels of CP/CPS's in one server. In a typical bridge model, we need as many bridge CAs as the number of required levels of CP/CPS's. In our framework, instead, we can do the same task in a single server, by which we can save the cost of maintaining lists of trust anchors of multiple levels.

show abstract

“…For example, typical operations in the context of a public-key infrastructure may involve extra network communication handshakes with the public-key infrastructure and with certification authorities and may typically involve additional processing steps in the end systems. These operations would include validating digital certificates (RFC 3029, [24]), ascertaining the revocation status of digital certificates (RFC 2560, [23]), asserting certificate policies, construction of certification path(s) ( [26]), requesting and obtaining necessary certificates (RFC 2511, [25]), and management of certificates for such purposes ( [22]). Such steps and tasks all result in further delay of the key agreement or key establishment phase among the end systems, which negatively affects setup time.…”

Section: Euchner Standards Track [Page 3]mentioning

confidence: 99%

HMAC-Authenticated Diffie-Hellman for Multimedia Internet KEYing (MIKEY)

Euchner¹

2006

View full text Add to dashboard Cite

Internet X.509 Public Key Infrastructure: Certification Path Building

Cited by 65 publications

References 1 publication

Security Challenges in e-Assessment and Technical Solutions

Security Challenges in e-Assessment and Technical Solutions

Design of Graded Trusts by Using Dynamic Path Validation

HMAC-Authenticated Diffie-Hellman for Multimedia Internet KEYing (MIKEY)

Contact Info

Product

Resources

About