In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via tools such as client-side SSL and browser-based keystores. Exploring this vision, we demonstrate that browsers will use personal certificates to authenticate requests that the person neither knew of nor approved (in some ...

Despite enthusiastic predictions in the trade press, an X.509-style PKI has so far failed to eventuate to any significant degree. This paper looks at some of the reasons behind this, examining why a pure X.509-style PKI may never appear outside a few closed, highly-controlled environments such as government agencies. On the other hand there are many instances in which situationand application-s...

Many P2P applications require security services such as privacy, anonymity, authentication, and non-repudiation. Such services could be provided through a hierarchical Public Key Infrastructure. However, P2P networks are usually Internet-scale distributed systems comprised of nodes with undetermined trust level, thus making hierarchical solutions unrealistic. In this paper, we propose Chord-PKI...

This document describes the certification policy and PKI (Public Key Infrastructure) proposed by the ACTS project TRUMPET for inter-domain management between telecommunications providers, and for customer access to management functionality offered by providers. The PKI consists of one Certification Authority (CA) per provider, and one Inter-domain Management CA which certifies these CAs. At pre...

Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. Previously, small exmaples are used to analyze the performance of certification path discovery. In this work, we propose and implement a simulation framework and a probability search tree model for systematic performance evaluation. Built from measurement data collected from ...

Der Einsatz von Peer-to-Peer (P2P) Netzwerken verspricht im Vergleich zu Client-Server-Netzwerken eine bessere Skalierbarkeit, niedrigere Betriebskosten, die Nutzung bislang unausgelasteter Ressourcen und höhere Fehlertoleranz. Eine wichtige Eigenschaft von P2P-Netzwerken ist der Verzicht auf zentrale, vertrauenswürdige Instanzen. Die Realisierung einer Public-Key-Infrastruktur (PKI) basierend ...

Public Key Infrastructure (PKI) is well recognized as the only possible complete solution for network security problem nowadays, and Peerto-Peer (P2P) has also been viewed as one of the most potential network technology today. The design of CERNET (China Education and Research Network) PKI, which make the best of P2P technology to implement certification revocation information distribution, was...

This paper contrasts the use of an ID PKI (Public Key Infrastructure) with the use of delegatable, direct authorization. It first addresses some commonly held beliefs about an ID PKI – that you need a good ID certificate to use digital signatures, that the ID certificate should come from a CA that has especially good private key security, that use of the ID certificate allows you to know with w...

PKIs are complex distributed systems that are responsible for giving users enough information to make reasonable trust judgments about one another. Since the currencies of PKI are trust and certificates, users who make trust decisions (often called relying parties) must do so using only some initial trust beliefs about the PKI and some pile of certificates (and other assertions) they received f...