Path independence for authentication in large-scale systems
Proceedings of the 4th ACM conference on Computer and communications security
World Wide Web Journal - Special issue on XML: principles, tools, and techniques
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Modelling a Public-Key Infrastructure
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Performance Evaluation of Public-Key Certificate Revocation System with Balanced Hash Tree
ICPP '99 Proceedings of the 1999 International Workshops on Parallel Processing
Toward acceptable metrics of authentication
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Secure Electronic Commerce: Custom Vc Online
Secure Electronic Commerce: Custom Vc Online
Certificate revocation and certificate update
IEEE Journal on Selected Areas in Communications
Towards Certificate-Based Authentication for Future Mobile Communications
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Public-key infrastructures are increasingly being used as foundation for several security solutions, such as electronic documents, secure e-mail (S/MIME), secure web transactions (SSL), and many others.However, there are still many aspects that need careful consideration before these systems can really be used on a very large scale. In this respect, one of the biggest issues to solve is certificate validation in a generic multi-issuer certification environment.This paper begins by introducing the problem, also with the help of a famous security incident related to certificate validation, and then proceeds to review the user and system requirements. We take into account several constraints, such as computational power of the end-user client (workstation, PDA, cellular phone), network connectivity (permanent or intermittent, high or low speed) and security policy to be respected (personal or company-wide trust). We then proceed to define a general certificate validation architecture and show how several proposed certificate management formats and protocols can be used within this general architecture and which are the relative merits and drawbacks. Finally, the support offered by commercial products to certificate validation is analyzed, and the path towards better solutions for an effective deployment of certificates is sketched.