OATAO - Open Archive Toulouse Archive Ouverte Open Access Week

How Can I Trust an X.509 Certificate? an Analysis of the Existing Trust Approaches

Wazan, Ahmad Samer and Laborde, Romain and Chadwick, David W. and Barrère, François and Benzekri, Abdelmalek How Can I Trust an X.509 Certificate? an Analysis of the Existing Trust Approaches. (2016) In: 41st IEEE Conference on Local Computer Networks (LCN 2016), 7 November 2016 - 11 November 2016 (Dubai, United Arab Emirates).

[img]
Preview
(Document in English)

PDF (Author's version) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
461kB

Official URL: http://dx.doi.org/10.1109/LCN.2016.85

Abstract

A Public Key Infrastructure (PKI) is based on a trust model defined by the original X.509 standard and is composed of three entities: the Certification Authority, the certificate holder (subject) and the Relying Party. The CA plays the role of a trusted third party between the subject and the RP. A trust evaluation problem is raised when an RP receives a certificate from an unknown subject that is signed by an unknown CA. Different approaches have been proposed to handle this trust problem. We argue that these approaches work only in the closed deployment model where RPs are also subjects, but cannot work in the open deployment model where they are not. Our objective is to identify the deficiencies in the existing trust approaches that try to help RPs to make trust decisions about certificates in the Internet, and to introduce the new X.509 approach based on a trust broker.

Item Type:Conference or Workshop Item (Paper)
Additional Information:Thanks to IEEE editor. The definitive version is available at http://ieeexplore.ieee.org This papers appears in Proceedings of LCN 2016. Electronic ISBN: 978-1-5090-2054-6 The original PDF of the article can be found at: http://ieeexplore.ieee.org/document/7796833/ Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
HAL Id:hal-01690136
Audience (conference):International conference proceedings
Uncontrolled Keywords:
Institution:French research institutions > Centre National de la Recherche Scientifique - CNRS (FRANCE)
Université de Toulouse > Institut National Polytechnique de Toulouse - INPT (FRANCE)
Other partners > University of Kent (UNITED KINGDOM)
Université de Toulouse > Université Toulouse III - Paul Sabatier - UPS (FRANCE)
Université de Toulouse > Université Toulouse - Jean Jaurès - UT2J (FRANCE)
Université de Toulouse > Université Toulouse 1 Capitole - UT1 (FRANCE)
Laboratory name:
Statistics:download
Deposited By: IRIT IRIT
Deposited On:09 Jan 2018 16:00

Repository Staff Only: item control page