OATAO - Open Archive Toulouse Archive Ouverte Open Access Week

Trust management for public key infrastructures: implementing the X.509 trust broker

Wazan, Ahmad Samer and Laborde, Romain and Chadwick, David W. and Barrère, François and Benzekri, Abdelmalek and Kaiiali, Mustafa and Habbal, Adib Trust management for public key infrastructures: implementing the X.509 trust broker. (2017) Security and Communication Networks, 2017 (ID 6907146). 1-23. ISSN 1939-0114

(Document in English)

PDF (Author's version) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader

Official URL: https://doi.org/10.1155/2017/6907146


A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.

Item Type:Article
Additional Information:Distributed under the terms of a Creative Commons Attribution Non-Commercial License, this papers appears in Volume 2017 of Security and Communication Networks ISSN: 1939-0114 The original PDF is available at: https://www.hindawi.com/journals/scn/2017/6907146/
HAL Id:hal-01740029
Audience (journal):International peer-reviewed journal
Uncontrolled Keywords:
Institution:French research institutions > Centre National de la Recherche Scientifique - CNRS (FRANCE)
Université de Toulouse > Institut National Polytechnique de Toulouse - Toulouse INP (FRANCE)
Other partners > University of Kent (UNITED KINGDOM)
Université de Toulouse > Université Toulouse III - Paul Sabatier - UT3 (FRANCE)
Université de Toulouse > Université Toulouse - Jean Jaurès - UT2J (FRANCE)
Université de Toulouse > Université Toulouse 1 Capitole - UT1 (FRANCE)
Other partners > Universiti Utara Malaysia - UUM (MALAYSIA)
Laboratory name:
Deposited On:16 Mar 2018 10:49

Repository Staff Only: item control page