PKI Interoperability: Still an Issue? A Solution in the X.509 Realm
نویسندگان
چکیده
There exist many obstacles that slow the global adoption of public key infrastructure (PKI) technology. The PKI interoperability problem, being poorly understood, is one of the most confusing. In this paper, we clarify the PKI interoperability issue by exploring both the juridical and technical domains. We demonstrate the origin of the PKI interoperability problem by determining its root causes, the latter being legal, organizational and technical differences between countries, which mean that relying parties have no one to rely on. We explain how difficult it is to harmonize them. Finally, we propose to handle the interoperability problem from the trust management point of view, by introducing the role of a trust broker which is in charge of helping relying parties make informed decisions about X.509 certificates.
منابع مشابه
Managing Interoperability in Non-Hierarchical Public Key Infrastructures
This paper discusses considerations for certificate issuing systems and certificate processing applications, and directory systems in environments that employ nonhierarchical public key infrastructures (PKIs). The observations and recommendations here, while applicable to almost any non-hierarchical PKI, are most relevant to situations where the establishment of interoperability among the PKIs ...
متن کاملFinding the PKI needles in the Internet haystack
Public key cryptography can uniquely enable trust within distributed settings. Employing it usually requires deploying a set of tools and services collectively known as a Public Key Infrastructure (PKI). PKIs have become a central asset for many organizations, due to distributed IT and users. Even though the usage of PKIs in closed and controlled environments is quite common, interoperability a...
متن کاملRemoving Interoperability Barriers Between theX
This paper concerns the barriers to interoperability that exist between the X.509 and EDIFACT Public Key Infrastructures (PKI), and proposes a method to overcome them. The solution lies in the DED-ICA 1 (Directory based EDI Certiicate Access and management) TELEM-ATIC Project, funded by the European Union. The main objective of this project is to deene and provide means to make these two infras...
متن کاملEtag: "304be8-907a-35d435fc" Accept-ranges: Bytes Content-length: 36986 Connection: Close Content-type: Text/plain Pkix Working Group Internet X.509 Certificate Management Messages over Cms 3.2 Interior Encapsulation of Pki Messages
This document defines the means by which PKI clients and servers may exchange PKI messages when using the Cryptographic Message Syntax [CMS] as a transaction envelope. It extends concepts established in the draft [CRS] version of this material by accommodating external specification of message bodies in the Certificate Management Message Formats [CMMF] and Certificate Request Message Format [CR...
متن کاملPQR Finding the PKI Needles in the Internet Haystack∗
Public-key cryptography can uniquely enable trust within distributed settings. Employing it usually requires deploying a set of tools and services collectively known as a public key infrastructure (PKI). PKIs have become a central asset for many organizations, due to distributed IT and users. Even though the usage of PKIs in closed and controlled environments is quite common, interoperability a...
متن کامل