Use of a validation authority to provide risk management for the PKI relying party

Authors:
Jon Ølnes;Leif Buene
Affiliations:
DNV Research, Høvik, Norway;DNV Certification, Høvik, Norway
Venue:
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Year:
2006

Citing 4
Cited 0

Authentication metric analysis and design

ACM Transactions on Information and System Security (TISSEC)
Modelling a Public-Key Infrastructure

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A question of trust

Communications of the ACM - Special issue: RFID
Classifying public key certificates

EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure

Quantified Score

Hi-index	0.00

Visualization

Abstract

Interoperability between PKIs (Public Key Infrastructure) is a major issue in several electronic commerce scenarios. A Relying Party (RP), in particular in an international setting, should not unduly put restrictions on selection of Certificate Authorities (CA) by its counterparts. Rather, the RP should be able to accept certificates issued by any relevant CA. Such acceptance implies not only the ability to validate certificates, but also an assessment of the risk related to acceptance of a certificate for the purpose at hand. We analyse common PKI trust models with respect to risk management, and argue that an independent, trusted Validation Authority (VA) may be a better approach for this task. A VA as suggested by this paper will also remove the need for complicated certificate path processing.