Certificate validation in untrusted domains
نویسنده
چکیده
Abstract. Authentication of other parties on the Internet using a Public Key Infrastructure (PKI) is still an open area for research. The current authentication method consists of building a certification path connecting a trust anchor1 and the target, a public key to be validated. All the existing solutions cover the validation of a domain, which could be hierarchical, single, crosscertification or bridge [1], which holds the trust anchor and the target in the same domain of the CA root. Alternatively, the trust anchor and the target are in different domains but there is a link between the domains (crosscertification). This proposal presents a solution for domains that do not have a cross-certificate; therefore these domains could apply the proposed solution to authenticate their targets. In addition, a method for traversing and constructing a path will be presented.
منابع مشابه
Virtual Host Confusion: Weaknesses and Exploits
Transport Layer Security (TLS) is commonly used to provide server-authenticated secure channels for HTTPS web applications. From the viewpoint of the client, however, the server authentication guarantees of HTTPS are frequently misconstrued to identify a single HTTPS endpoint or origin whereas, in practice, the HTTPS server may be serving any one of a large set of origins. This issue is even mo...
متن کاملAn Extended OCSP Protocol for Grid CA Cross-certification
In grid environment, there are many administrative domains, each domain has its own CA, and entities in different domains need authentication when accessing each other. The OCSP (Online Certificate Status Protocol) stands out due to its ability to carry near real time certificate status information and meet the need of grid. The paper proposes an extended OCSP protocol that can provide trust st...
متن کاملAdvanced certificate validation service for secure Service-Oriented Architectures
One of the most important components in e-commerce systems is the validation of digital signatures, which implies the validation of certificates in order to check the validity status of the certificates used to create a signature. Nowadays, several mechanisms to accomplish this process exist, but there is no agreement with which particular mechanism should be used in every scenario. On the othe...
متن کاملHarvesting SSL Certificate Data to Identify Web-Fraud
Web-fraud is one of the most unpleasant features of today’s Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright sinister (especially, when typosquatting is combined with phishing). This paper presents a novel technique to detect web-fraud domains that utilize HTTPS. T...
متن کاملAn Abstract Interpretation-based Approach to Mobile Code Safety
Recent approaches to mobile code safety, like proof-carrying code, involve associating safety information to programs. The code supplier provides a program and also includes with it a certificate (or proof ) whose validity entails compliance with a predefined safety policy. The intended benefit is that the program consumer can locally validate the certificate w.r.t. the “untrusted” program by m...
متن کامل