The growing number of Public Key Infrastructure (PKI) and the increasing number of situations where partners of a transaction may carry certificates signed by different certification authority (CA) points out the problematic of trust between the different CAs. Several trust models, like the hierarchy model, cross-certification model, and bridge CA model were proposed in order to establish and extend the domain of trust of relying parties (RP). However, each model has disadvantages and especially the scalability in large open networks like Internet. In this paper, we provide users with quantitative information of the confidence a relying party can have about a certificate. We call this information quality of certificate (QoCER). QoCER depends on two parameters which are the quality of procedures announced in the certificate policy (CP) and the quality of CA (QoCA) that represents the evaluation of the CA commitment to its policy. QoCA is calculated based on the recommendation of different actors (audit agency, RP, etc.). QoCER is balanced by another information that represents the confidence on QoCA calculation. We present a formal model of trust to calculate these values. † The person and/or the application that receives a certificate to validate.The task of RPs is both huge and complex. RPs must be able to validate the certificate, its authenticity, its integrity, and the appropriateness of the certificate for the concerned application. The certificate validation ensures that the certificate is not revoked, within the validity period, etc. The authenticity and the integrity of certificates ensure that certificates come from trusted sources and the contained information inside a certificate has not been modified by an unauthorized entity. Finally, the appropriateness of the certificate is determined by RPs and related to the quality of certificate (QoCER).The QoCER depends on the robustness of procedures performed to issue/manage the certificates life cycle and the commitment of CAs to these procedures. CAs publish their procedures for checking the identities of users, generating keys, storing keys, destructing private keys, and maintaining the safety of the systems in documents called certification practice statement (CPS) and certificate policy (CP). Theoretically, RPs belief must be principally based on the reading of these documents, but this requires the RP to be an expert in PKI technology in order to understand these documents which are both long and technical. Clearly, most of RPs would not read these documents. Furthermore these
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.