Public-key infrastructures are increasingly being used as foundation for several security solutions, such as electronic documents, secure e-mail (S/MIME), secure web transactions (SSL), and many others. However, there are still many aspects that need careful consideration before these systems can really be used on a very large scale. In this respect, one of the biggest issues to solve is certificate validation in a generic multi-issuer certification environment. This paper begins by introducing the problem, also with the help of a famous security incident related to certificate validation, and then proceeds to review the user and system requirements. We take into account several constraints, such as computational power of the end-user client (workstation, PDA, cellular phone), network connectivity (permanent or intermittent, high or low speed) and security policy to be respected (personal or company-wide trust). We then proceed to define a general certificate validation architecture and show how several proposed certificate management formats and protocols can be used within this general architecture and which are the relative merits and drawbacks. Finally, the support offered by commercial products to certificate validation is analyzed, and the path towards better solutions for an effective deployment of certificates is sketched.

On the complexity of public-key certificate validation / Berbecaru, DIANA GRATIELA; Lioy, Antonio; Marian, Marius Adrian. - STAMPA. - 2200:(2001), pp. 183-203. (Intervento presentato al convegno Information Security 4th International Conference, ISC 2001 tenutosi a Malaga (ESP) nel October 1–3, 2001) [10.1007/3-540-45439-X_13].

On the complexity of public-key certificate validation

BERBECARU, DIANA GRATIELA;LIOY, ANTONIO;MARIAN, Marius Adrian
2001

Abstract

Public-key infrastructures are increasingly being used as foundation for several security solutions, such as electronic documents, secure e-mail (S/MIME), secure web transactions (SSL), and many others. However, there are still many aspects that need careful consideration before these systems can really be used on a very large scale. In this respect, one of the biggest issues to solve is certificate validation in a generic multi-issuer certification environment. This paper begins by introducing the problem, also with the help of a famous security incident related to certificate validation, and then proceeds to review the user and system requirements. We take into account several constraints, such as computational power of the end-user client (workstation, PDA, cellular phone), network connectivity (permanent or intermittent, high or low speed) and security policy to be respected (personal or company-wide trust). We then proceed to define a general certificate validation architecture and show how several proposed certificate management formats and protocols can be used within this general architecture and which are the relative merits and drawbacks. Finally, the support offered by commercial products to certificate validation is analyzed, and the path towards better solutions for an effective deployment of certificates is sketched.
2001
3540426620
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/1728517
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo