Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework

Chokhani, Santosh; Ford, Warwick; Sabett, R.; Merrill, C.; Wu, S. Felix

doi:10.17487/rfc2527

Cited by 168 publications

(107 citation statements)

References 1 publication

Supporting

Mentioning

107

Contrasting

Order By: Relevance

“…They include usage, profile, and security. There are some standard templates of CPs such as RFC 3647 [6], and PKI lite [21].…”

Section: Related Workmentioning

confidence: 99%

Design of Graded Trusts by Using Dynamic Path Validation

Kubo¹,

Satō²

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. In modern information service architectures, security is one of the most critical criteria. Almost every standard on information security is concerned with internal control of an organization, and particularly with authentication. If an RP (relying party) has valuable information assets, and requires a high level to authentication for accepting access to the valuable assets, then a strong mechanism is required. Here, we focus on a trust model of certificate authentication. Conventionally, a trust model of certificates is defined as a validation of chains of certificates. However, today, this trust model does not function well because of complexity of paths and of requirement of security levels. In this paper, we propose "dynamic path validation," together with another trust model of PKI for controlling this situation. First, we propose Policy Authority. Policy Authority assigns a level of compliance (LoC) to CAs in its domain. LoC is evaluated in terms of a common criteria of Policy Authority. Moreover, it controls the path building with considerations of LoC. Therefore, we can flexibly evaluate levels of CP/CPS's in one server. In a typical bridge model, we need as many bridge CAs as the number of required levels of CP/CPS's. In our framework, instead, we can do the same task in a single server, by which we can save the cost of maintaining lists of trust anchors of multiple levels.

show abstract

“…They include usage, profile, and security. There are some standard templates of CPs such as RFC 3647 [6], and PKI lite [21].…”

Section: Related Workmentioning

confidence: 99%

Design of Graded Trusts by Using Dynamic Path Validation

Kubo¹,

Satō²

2010

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…Each CSP has to specify a set of policies-certificate policies (CPs) and/or certification practice statements (CPSs)-to specify and nail down its offerings (see informational RFC3647 [6] for a corresponding framework). Unfortunately, most policies are written in a terminology of their own.…”

Section: Related Workmentioning

confidence: 99%

Classifying Public Key Certificates

López

Oppliger²,

Pernul

2005

Public Key Infrastructure

View full text Add to dashboard Cite

Abstract. In spite of the fact that there are several companies that (try to) sell public key certificates, there is still no unified or standardized classification scheme that can be used to compare and put into perspective the various offerings. In this paper, we try to start filling this gap and propose a four-dimensional scheme that can be used to uniformly describe and classify public key certificates. The scheme distinguishes between (i) who owns a certificate, (ii) how the certificate owner is registered, (iii) on what medium the certificate (or the private key, respectively) is stored, and (iv) what type of functionality the certificate is intended to be used for. We think that using these or similar criteria to define and come up with unified or even standardized classes of public key certificate is useful and urgently needed in practice.

show abstract

“…A subscriber, whose certificate is being revoked or suspended, should be notified; it might be necessary to inform other entities, such as a Revocation Authority or a Suicide Note collecting bureau, as well (mentioned as a possible policy requirement in [7]). …”

Section: Notification Of Revocation or Suspensionmentioning

confidence: 99%

“…Certificates are considered to be ``qualified'' [2] if they meet the requirements set forth in Annex I of the Directive and are provided by a Certification Service Provider meeting the requirements laid out in Annex II of the Directive. We have also considered the draft or final requirements and recommendations contained in [6], [7], [8], [9], [10], [11], [12]. Most European countries have rewritten their legislation so that digital signatures produced with a secure signature creation device must be considered as a handwritten signature if that digital signature comes with a qualified certificate.…”

Section: Introductionmentioning

confidence: 99%

Towards a framework for evaluating certificate status information mechanisms

Iliadis

Gritzalis

Spinellis

et al. 2003

Computer Communications

View full text Add to dashboard Cite

A wide spectrum of certificate revocation mechanisms is currently in use. A number of them have been proposed by standardisation bodies, while some others have originated from academic or private institutions. What is still missing is a systematic and robust framework for the sound evaluation of these mechanisms. We present a mechanism-neutral framework for the evaluation of certificate status information (CSI) mechanisms. These mechanisms collect, process and distribute CSI. A detailed demonstration of its exploitation is also provided. The demonstration is mainly based on the evaluation of Certificate Revocation Lists, as well as of the Online Certificate Status Protocol. Other well-known CSI mechanisms are also mentioned for completeness.

show abstract

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework

Cited by 168 publications

References 1 publication

Design of Graded Trusts by Using Dynamic Path Validation

Design of Graded Trusts by Using Dynamic Path Validation

Classifying Public Key Certificates

Towards a framework for evaluating certificate status information mechanisms

Contact Info

Product

Resources

About