Enhanced Certificate Transparency and End-to-End Encrypted Mail
نویسنده
چکیده
The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend certificate transparency, a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-topeer key-signing arrangements such as PGP. This makes endto-end encrypted mail possible, with apparently few additional usability issues compared to unencrypted mail (specifically, users do not need to understand or concern themselves with keys or certificates). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call “malicious-butcautious”.
منابع مشابه
Bringing Deployable Key Transparency to End Users
We present CONIKS, an end-user key verification service capable of integration in end-to-end encrypted communication systems. CONIKS builds on related designs for transparency of web server certificates but solves several new challenges specific to key verification for end users. In comparison to prior designs, CONIKS enables more efficient monitoring and auditing of keys, allowing small organi...
متن کاملA First Look at the CT Landscape: Certificate Transparency Logs in Practice
Many of today’s web-based services rely heavily on secure end-to-end connections. The “trust” that these services require builds upon TLS/SSL. Unfortunately, TLS/SSL is highly vulnerable to compromised Certificate Authorities (CAs) and the certificates they generate. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains, to help improve the overal...
متن کاملAn End-to-End Secure Mail System Based on Certificateless Cryptography in the Standard Security Model
Most of the existing mailing systems provide limited authentication mechanisms, including web trust model, password authentication or identity based cryptography. Few existing mailing systems found in the literature provide strong authentication based on public key infrastructure (PKI). However, PKI based-systems generally suffer from certificate management and scalability problems. This paper ...
متن کاملPKCS # 1 : RSA Encryption Standard
This standard describes a method for encrypting data using the RSA public-key cryp-tosystem [1]. Its intended use is in the construction of digital signatures and digital envelopes , as described in PKCS #7 [2]: • For digital signatures, the content to be signed is first reduced to a message digest with a message-digest algorithm (such as MD5 [3]), and then an octet string containing the messag...
متن کاملShedding Light on the Adoption of Let's Encrypt
Let’s Encrypt is a new entrant in the Certificate Authority ecosystem that offers free and automated certificate signing. It is visionary in its commitment to Certificate Transparency. In this paper, we shed light on the adoption patterns of Let’s Encrypt “in the wild” and inform the future design and deployment of this exciting development in the security landscape. We analyze acquisition patt...
متن کامل