Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys

Kohlas, Reto; Maurer, Ueli

doi:10.1007/3-540-48390-x_7

Cited by 12 publications

(9 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A very different approach is taken by PGP [22], where certificates define a `web of trust` and there is no central CA. We share the view advocated by many [22,4,5,9,15,1,2,14,7,17,8,12], that a relying party may not necessarily completely trust the issuers of the credentials. Instead, these works advocate a model where the relying application may need multiple credentials to make its decisions, and has a non-trivial policy for the necessary credentials.…”

Section: Related Worksupporting

confidence: 70%

Relying Party Credentials Framework

Herzberg

Mass

2004

Electronic Commerce Research

View full text Add to dashboard Cite

Abstract. We present architecture for framework to allow a relying-party to decide if and how to handle requests coming over the Net, by relying on the credentials of the requesting party. Relying party applications will be provided with uniform interface to the credentials of the requesting party. This will allow use of simple, widely available credentials as well as more advanced credentials such as public key certificates, attribute certificates and `Negative` credentials (which result in reduced trust) such as certificate revocation lists (CRL). The core of the architecture is a Credential Manager who will provide all credential management functions, including collection of credentials, providing uniform interface to credentials, and extracting semantics relevant to the relying party's applications.

show abstract

Section: Related Worksupporting

confidence: 70%

Relying Party Credentials Framework

Herzberg

Mass

2004

Electronic Commerce Research

View full text Add to dashboard Cite

show abstract

“…A certificate is a digitally signed statement by which a certification authority (e.g., called trusted third party or introducer) asserts that a key is bound to an entity. The term "binding" is ambiguous [8] but for the purpose of this paper this is not relevant. The term public-key infrastructure (PKI) is used to refer to the complete legal, technical and organizational framework for drawing conclusions from a given set of certificates, trust relations and other pieces of evidence.…”

Section: Motivationmentioning

confidence: 99%

Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence

Kohlas

Maurer

2000

Public Key Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. Public-key authentication based on public-key certificates is a special case of the general problem of verifying a hypothesis (that a public key is authentic), given certain pieces of evidence. Beginning with PGP, several authors have pointed out that trust is often an uncertain piece of evidence and have proposed ad hoc methods, sometimes referred to as trust management, for dealing with this kind of uncertainty. These approaches can lead to counter-intuitive conclusions as is demonstrated with examples in the PGP trust management. For instance, an introducer marginally trusted by a user can make him accept an arbitrary key for any other user. In this paper we take a general approach to public-key authentication based on uncertain evidence, where not only trust, but also other pieces of evidence (e.g. entity authentication) can be uncertain. First, we formalize the assignment and the valuation of confidence values in the general context of reasoning based on uncertain evidence. Second, we propose a set of principles for sound confidence valuation. Third, we analyze PGP and some other previous methods for dealing with uncertainty in the light of our principles.

show abstract

“…PKI designers need tools which can accurately evaluate the correctness of their designs and clearly illustrate what types of trust judgments their systems enable. The literature contains a number of approaches for applying formal methods to the PKI problem (e.g., [11,13,15,20,23]). The modeling work of Ueli Maurer [20] stands out, as it is simple, flexible, and is used to reason about PKI.…”

Section: Introductionmentioning

confidence: 99%

Modeling Public Key Infrastructures in the Real World

Marchesini

Smith

2005

Public Key Infrastructure

View full text Add to dashboard Cite

Abstract. PKIs are complex distributed systems that are responsible for giving users enough information to make reasonable trust judgments about one another. Since the currencies of PKI are trust and certificates, users who make trust decisions (often called relying parties) must do so using only some initial trust beliefs about the PKI and some pile of certificates (and other assertions) they received from the PKI. Given a certificate, a relying party needs to conclude that the keyholder described by the certificate actually possesses the properties described by the certificate. In this paper, we present a calculus that allows relying parties to make such trust judgements. Our calculus extends Maurer's deterministic model, and is focused on real world issues such as time, revocation, delegation, and heterogeneous certificate formats. We then demonstrate how our calculus can be used to reason about numerous situations that arise in practice.

show abstract

Reasoning about Public-Key Certification: On Bindings between Entities and Public Keys

Cited by 12 publications

References 18 publications

Relying Party Credentials Framework

Relying Party Credentials Framework

Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence

Modeling Public Key Infrastructures in the Real World

Contact Info

Product

Resources

About