Overview of Certification Systems: X.509, CA, PGP and SKIP
نویسنده
چکیده
Cryptography and certification are considered necessary Internet features and must be used together, for example in ecommerce. This work deals with certification issues and reviews the three most common methods in use today, which are based on X.509 Certificates and Certification Authorities (CAs), PGP and, SKIP. These methods are respectively classified as directory, referral and collaborative based. For two parties in a dialogue the three methods are further classified as extrinsic, because they depend on references which are outside the scope of the dialogue. A series of conceptual, legal and implementation flaws are catalogued for each case, emphasizing X.509 and CAs, which helps to provide users with safety guidelines to be used when resolving certification issues. Governmental initiatives introducing Internet regulations on certification, such as by TTP, are also discussed with their pros and cons regarding security and privacy. Throughout, the paper stresses the basic paradox of security versus privacy when dealing with extrinsic certification systems, whether with X.509 or in combination with PGP. This paper has benefited from the feedback of the Internet community and its expanded on-line version has received more than 50,000 Internet visitors from more than 20,000 unique Internet sites, in 1997/98. * The author is with Novaware, Av. Albert Einstein 1301, SOFTEX/UNICAMP Campinas – SP Brazil; http://novaware.cps.softex.br Overview of Certification Systems – E. Gerck, 1998. 2 Overview of Certification Systems: X.509, CA, PGP and SKIP E. Gerck [email protected] MCG Meta-Certificate Group http://www.mcg.org.br
منابع مشابه
A Multiple Signature Based Certificate Verification Scheme
In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same...
متن کاملA Multiple Signature Based Certificate Verification Scheme
In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same...
متن کاملMerging and Extending the PGP and PEM Trust Models - The ICE-TEL Trust Model
The ICE-TEL project is a pan-European project that is building an Internet X.509 based certification infrastructure throughout Europe, plus several secure applications that will use it. This paper describes the trust model that is being implemented by the project. A trust model specifies the means by which a user may build trust in the assertion that a remote user is really who he purports to b...
متن کاملRethinking OpenPGP PKI and OpenPGP Public Keyserver
OpenPGP, an IETF Proposed Standard based on PGP R © application, has its own Public Key Infrastructure (PKI) architecture which is different from the one based on X.509, another standard from ITU. This paper describes the OpenPGP PKI; the historical perspective as well as its current use. We also compare three PKI technologies standardized by IETF: OpenPGP, PKIX(X.509), and SPKI/SDSI. Since the...
متن کاملManaging Interoperability in Non-Hierarchical Public Key Infrastructures
This paper discusses considerations for certificate issuing systems and certificate processing applications, and directory systems in environments that employ nonhierarchical public key infrastructures (PKIs). The observations and recommendations here, while applicable to almost any non-hierarchical PKI, are most relevant to situations where the establishment of interoperability among the PKIs ...
متن کامل