The nature of a useable PKI

Ellison, Carl M.

doi:10.1016/s1389-1286(98)00018-8

Cited by 40 publications

(30 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A very different approach is taken by PGP [22], where certificates define a `web of trust` and there is no central CA. We share the view advocated by many [22,4,5,9,15,1,2,14,7,17,8,12], that a relying party may not necessarily completely trust the issuers of the credentials. Instead, these works advocate a model where the relying application may need multiple credentials to make its decisions, and has a non-trivial policy for the necessary credentials.…”

Section: Related Worksupporting

confidence: 70%

“…More recent works, in particular [15,4], suggested that names should only be unique with respect to a given issuer, and do not necessarily have to have global meaning (and therefore liability). In fact, in this approach the name field in a certificate becomes just a convenience and an option, and the subject is really identified by possessing the private key corresponding to the public key in the certificate.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Relying Party Credentials Framework

Herzberg

Mass

2004

Electronic Commerce Research

View full text Add to dashboard Cite

Abstract. We present architecture for framework to allow a relying-party to decide if and how to handle requests coming over the Net, by relying on the credentials of the requesting party. Relying party applications will be provided with uniform interface to the credentials of the requesting party. This will allow use of simple, widely available credentials as well as more advanced credentials such as public key certificates, attribute certificates and `Negative` credentials (which result in reduced trust) such as certificate revocation lists (CRL). The core of the architecture is a Credential Manager who will provide all credential management functions, including collection of credentials, providing uniform interface to credentials, and extracting semantics relevant to the relying party's applications.

show abstract

Section: Related Worksupporting

confidence: 70%

Section: Related Workmentioning

confidence: 99%

Relying Party Credentials Framework

Herzberg

Mass

2004

Electronic Commerce Research

View full text Add to dashboard Cite

show abstract

“…This advantage of R-trust is not shared by familiarity-based trust, which deals with individuals. It is true that public-key infrastructures (PKIs), provides for massive and scalable authentication of the identity and roles of principals [19,8] via distribution of certificates; but each such certificate require a degree of familiarity, by somebody, with the individual being certified. The advantage of F-trust, on the other hand, is that it can provide one with comprehensive information about a given individual; while R-trust provides just the common denominator of a class of entities, and thus cannot be very specific.…”

Section: Introductionmentioning

confidence: 99%

Regularity-Based Trust in Cyberspace

Minsky

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. One can distinguish between two kinds of trust that may be placed in a given entity e (a person or a thing), which we call: familiarity-based trust and regularity-based trust. A familiarity-based trust in e is a trust based on personal familiarity with e, or on testimonial by somebody who is familiar, directly or indirectly, with e; or even on some measure of the general reputation of e. A regularity-based trust is based on the recognition that e belongs to a class, or a community, that is known to exhibits a certain regularity-that is, it is known that all members of this class satisfy a certain property, or that their behavior conforms to a certain law. These two types of trust play important, and complementary, roles in out treatment of the physical world. But, as we shall see, the role of regularity-based trust in out treatment of the cyberspace has been limited so far because of difficulties in establishing such trust it in this context. It is this latter kind of trust, which is the focus of this paper. We will describe a mechanism for establishing a wide range of regularity-based trusts, and will demonstrate the effectiveness of this mechanism, by showing how it can enhance the trustworthiness of a certain type of commercial client-server interactions over the internet.

show abstract

“…Additional components of the attributes field include the expiration time of the certificate, the URL of the server that maintains CRLs for this type of certificates, a certificate id (used to identify it in CRLs), etc. (Currently we support SPKI format of certificates [6]). What happens when the certified event is triggered depends, of course, on the law.…”

Section: The Treatment Of Certificates Under Lgimentioning

confidence: 99%

“…To date, several certificate frameworks [9,6,15] and revocation mechanisms [13,14,8] have been proposed and intensively studied. What interests us here is an orthogonal aspect of certificate management, which has received considerably less attention, namely in what conditions can these mechanisms be legitimately used.…”

Section: Introductionmentioning

confidence: 99%

A regulated approach to certificate management

Ungureanu

Seventeenth Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

The nature of a useable PKI

Cited by 40 publications

References 2 publications

Relying Party Credentials Framework

Relying Party Credentials Framework

Regularity-Based Trust in Cyberspace

A regulated approach to certificate management

Contact Info

Product

Resources

About