ECPV: Efficient Certificate Path Validation in Public-key Infrastructure
نویسندگان
چکیده
In the current public-key infrastructure (PKI) schemes based on X.509, a relying party must validate a user’s certificate as well as the existence of a path from its trust points to the CA of the certificate. The latter part is referred to as certificate path validation. In this paper, we suggest an efficient certificate path validation scheme (ECPV) that employs delegation with efficient computing at relying parties. In particular, in our scheme, a relying party is provided with certificate path validation trees (CPVTs) depending on its trust points and applicable trust policies. This information should enable a relying party to perform certificate path validation locally. The CPVAs can be deployed either as autonomous entities or in a federated mode. We discuss the two major components of ECPV: the data harvester and the data analyzer. Some of the concerns of security, trust, and performance are also discussed.
منابع مشابه
RFC 6487 Resource
This document defines a standard profile for X.509 certificates for the purpose of supporting validation of assertions of "right-of-use" of Internet Number Resources (INRs). The certificates issued under this profile are used to convey the issuer’s authorization of the subject to be regarded as the current holder of a "right-of-use" of the INRs that are described in the certificate. This docume...
متن کاملOptimized Public Key Infrastructure - A PKI to Support Efficient Document's Signatures
Optimized Public Key Infrastructures are traditional PKI in which end users may optimize the signatures of their documents, replacing the signer’s validation data with Optimized Certificates (OC). OCs carry the signer’s identification and public key, but are issued for a specific time, i.e., fields notBefore and notAfter have the same value, thus there are no reasons to revoke them. The OC’s ce...
متن کاملValidation Algorithms for a Secure Internet Routing PKI
A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this “Resource” PKI (RPKI) the resources managed are IP address allocations and Autonomous System number assignments. In a typical PKI the validation problem for each relying party is fairly simple in principle, and is well defined in the standards, e.g. RFC 3280 [3]. The RPKI presen...
متن کاملAn Efficient, Dynamic and Trust Preserving Public Key Infrastructure
Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this paper as alternative to classical PKI. The NPKI formation model is a transition from an existing PKI by issuing nested...
متن کاملTowards efficient certificate status validations with E-ADOPT in mobile ad hoc networks
Each public key infrastructure needs an efficient certificate status validation method to exclude the revoked certificates from network. In this paper, we present a novel certificate validation scheme called E-ADOPT or Enhanced-ADOPT which utilizes a new kind of certificate status information. In this solution, we modify the OCSP response messages to carry information about the accusations issu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003