Certifying Trust
نویسندگان
چکیده
A basic function of all signatures, digital or not, is to express trust and authority, explicit or implied. This is especially the case with digital signatures used in certificates. In this paper, we study the trust relationships expressed by the certificates used in X.509, PGP and SPKI. Especially, we present and revise the idea of a certificate loop, or a loop of certificates from the verifying party to the communicating peer, requesting access or acceptance. We also show how that kind of certificate loops can be used to explicitly express security policy decisions. In the end of the paper, we briefly describe our own SPKI implementation that is specially tailored towards policy management. The implementation is based on Java and build using Design Patterns. It functions as a separate process, providing security services to the local kernel and applications.
منابع مشابه
Progress on Certifying Algorithms
A certifying algorithm is an algorithm that produces with each output, a certificate or witness (easy-to-verify proof) that the particular output has not been compromised by a bug. A user of a certifying program P (= the implementation of a certifying algorithm) inputs x, receives an output y and a certificate w, and then checks, either manually or by use of a checking program, that w proves th...
متن کاملSFS-HTTP: Securing the Web with Self-Certifying URLs
The current solution to secure Web communication is SSL which relies on certificate authorities for key management, limiting the ability for individuals to independently set up secure Web sites and forcing them to trust a small number of third parties. We propose a new model for Web security— SFS-HTTP—based on SFS. While SFS uses self-certifying pathnames to separate key management from file sy...
متن کاملDistributed Identity Management in the PGP Web of Trust
Testing was conducted in a simulated web of trust derived from the actual PGP strongly connected set, with artificial edge weights assigned in a random normal distribution. High standard deviations and even distributions of trust are preferred. We can also see the correlation between trust strength and path length and the number of disjoint paths between the start key and end key. The aim of th...
متن کاملA Simpl Shortest Path Checker Verification
Verification of complex algorithms with current verification tools in reasonable time is challenging. Certifying algorithms compute not only an output but also a witness certifying that the output is correct. A checker for a certifying algorithm is a simple program that decides whether the witness is correct for a particular input and output. Verification of checkers is feasible and leads to tr...
متن کاملVerification of Certifying Computations
Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves non-trivial mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler tha...
متن کاملTrust in Pervasive Computing
Pervasive environments are comprised of resource-constrained mobile devices “limited” in their connectivity to other devices or networks due to the inherent dynamic nature of the environment. Limited connectivity to the Internet precludes the use of conventional security mechanisms like Certifying Authorities and other forms of server-centric authentication. Under these circumstances peer-to-pe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998