Public Key Infrastructure and Certification Policy for Inter - domain Management
نویسندگان
چکیده
This document describes the certification policy and PKI (Public Key Infrastructure) proposed by the ACTS project TRUMPET for inter-domain management between telecommunications providers, and for customer access to management functionality offered by providers. The PKI consists of one Certification Authority (CA) per provider, and one Inter-domain Management CA which certifies these CAs. At present, the Inter-domain Management CA is a root-CA for the TRUMPET project, but it is envisaged that this may be placed under the umbrella of an existing (or forthcoming) PKI, for example the ICE-TEL infrastructure. Security requirements for CAs and subjects are outlined, as well as procedures for certification of CAs and subjects. Subjects in this context are not human users, but either management applications or organisational / role identities.
منابع مشابه
PKI-based trust management in inter-domain scenarios
Hierarchical cross-certification fits well within large organizations that want their root CA to have direct control over all subordinate CAs. However, both Peer-to-Peer and Bridge CA cross-certification models suits better than the hierarchical one with organizations where a certain level of flexibility is needed to form and revoke trust relationships with other organizations as changing polic...
متن کاملMemorandum for Multi-Domain Public Key Infrastructure Interoperability
Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract The objective of this document is to establish a terminology framework and to suggest the operational requirements of Public Key Infrastructure (PKI) domain for interoperability of multi-domain Public Key Infrastruc...
متن کاملDomain Based Certification and Revocation
Certificate Authorities (CAs) are considered as a single point of failure in the design of Public Key Infrastructure (PKI). Adversaries can take the advantage of a compromised CA to issue certificates for any domains without being noticed by the domain owners. Another argument regarding PKI is the adoption of Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) for pu...
متن کاملInternational Grid CA Interworking, Peer Review and Policy Management Through the European DataGrid Certification Authority Coordination Group
The Certification Authority Coordination Group in the European DataGrid project has created a unique large-scale Public Key Infrastructure and the policies and procedures to operate it successfully. The infrastructure demonstrates interoperability of multiple certification authorities (CAs) with various technical resources in a novel system of peer-assessment of the roots of trust. Crucial to t...
متن کاملSelf-certified Signatures
A digital signature provides the authenticity of a signed message with respect to a public key and a certificate provides the authorization of a signer for a public key. Digital signature and certificate are generated independently by different parties, but they are verified by the same verifier who wants to verify the signature. In the point of a verifier, verifying two independent digital sig...
متن کامل