Despite enthusiastic predictions in the trade press, an X.509-style PKI has so far failed to eventuate to any significant degree. This paper looks at some of the reasons behind this, examining why a pure X.509-style PKI may never appear outside a few closed, highly-controlled environments such as government agencies. On the other hand there are many instances in which situation-and application-specific uses of certificates can be employed in a manner which avoids the shortcomings of X.509's one-size-(mis)fits-all approach. The paper examines a number of these situation-specific approaches to working with certificates, and concludes with a collection of useful design rules to consider before embarking on a PKI project.
We spent the 1990s building and deploying security that wasn't really needed, and now that it's actually desirable, we're finding that nobody can use it.
This document describes a means of negotiating the use of the encrypt-then-MAC security mechanism in place of the existing MACthen-encrypt mechanism in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The MAC-then-encrypt mechanism has been the subject of a number of security vulnerabilities over a period of many years.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.