AutoPKI: A PKI Resources Discovery System
نویسندگان
چکیده
The central goal of Public Key Infrastructure (PKI) is to enable trust judgments between distributed users. Although certificates play a central role in making such judgments, a PKI’s users need more than just knowledge of certificates. Minimally, a relying party must able to locate critical parameters such the certificate repositories and certificate validation servers relevant to the trust path under consideration. Users in other scenarios may require other resources and services. Surprisingly, locating these resources and services remains a largely unsolved problem in real-world X.509 PKI deployment. In this paper, we present the design and prototype of a new and flexible solution for automatic discovery of the services and data repositories are available from a Certificate Service Provider (CSP). This contribution will take realworld PKI one step closer to achieving its goal.
منابع مشابه
PEACHES and Peers
How to distribute resource locators is a fundamental problem in PKI. Our PKI Resource Query Protocol (PRQP), recently presented at IETF, provides a standard method to query for PKI resources locators. However the distribution of locators across PKIs is still an unsolved problem. In this paper, we propose an extension to PRQP in order to distribute PRQP messages over a Peer-to-Peer (P2P) network...
متن کاملImproving Resource Discovery in the Arigatoni Overlay Network
Arigatoni is a structured multi-layer overlay network providing various services with variable guarantees, and promoting an intermittent participation to the virtual organization where peers can appear, disappear and organize themselves dynamically. Arigatoni mainly concerns with how resources are declared and discovered in the overlay, allowing global computers to make a secure, PKI-based, use...
متن کاملModeling and Evaluation of Certification Path Discovery in the Emerging Global PKI
Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. Previously, small exmaples are used to analyze the performance of certification path discovery. In this work, we propose and implement a simulation framework and a probability search tree model for systematic performance evaluation. Built from measurement data collected from ...
متن کاملSecuring the Networked e-Business Throughout an Internet Distributed Organization
This paper explores an Internet-based VPN solution, built upon IPSec, which combines tunneling with PKI authentication and encryption. To protect the valuable company resources, an efficient intrusion/misuse detection and response system was incorporated into deployed security solution. This approach enabled a large-scale customer provide their global e-business safely. As a result, an integrat...
متن کاملFinding the PKI needles in the Internet haystack
Public key cryptography can uniquely enable trust within distributed settings. Employing it usually requires deploying a set of tools and services collectively known as a Public Key Infrastructure (PKI). PKIs have become a central asset for many organizations, due to distributed IT and users. Even though the usage of PKIs in closed and controlled environments is quite common, interoperability a...
متن کامل