Skip to main content
SpringerLink
Log in

Use of a Validation Authority to Provide Risk Management for the PKI Relying Party

  • Conference paper
Public Key Infrastructure (EuroPKI 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4043))

Included in the following conference series:

Abstract

Interoperability between PKIs (Public Key Infrastructure) is a major issue in several electronic commerce scenarios. A Relying Party (RP), in particular in an international setting, should not unduly put restrictions on selection of Certificate Authorities (CA) by its counterparts. Rather, the RP should be able to accept certificates issued by any relevant CA. Such acceptance implies not only the ability to validate certificates, but also an assessment of the risk related to acceptance of a certificate for the purpose at hand. We analyse common PKI trust models with respect to risk management, and argue that an independent, trusted Validation Authority (VA) may be a better approach for this task. A VA as suggested by this paper will also remove the need for complicated certificate path processing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alterman, P., Blanchard, D., Chokani, S., Rea, S.: Bridge-to-Bridge Interoperability. In: Panel presentation at the 5th Annual PKI R&D Workshop (2006)

    Google Scholar 

  2. Backhouse, J., Hsu, C., Tseng, J., Baptista, J.: A Question of Trust – An Economic Perspective on Quality Standards in the Certification Services Market. Communications of the ACM 48(9) (2005)

    Google Scholar 

  3. British Standards Institute: Specification for Information Security Management Systems. British Standard BS 7799-2:2002 (2002)

    Google Scholar 

  4. Bundesnetzagentur: Ordinance on Electronic Signatures (2001)

    Google Scholar 

  5. Certipost: Certification Practices Statement, European IDABC Bridge/Gateway CA for Public Administrations v2.0. EBGCA-DEL-015 (2005)

    Google Scholar 

  6. Chokani, S., Ford, W., Sabett, R., Merrill, C., Wu, S.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. RFC3647 (2003)

    Google Scholar 

  7. Commission of the European Communities: Action Plan for the Implementation of the Legal Framework for Electronic Public Procurement. Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions (2004)

    Google Scholar 

  8. ETSI: Electronic Signatures and Infrastructures; Policy Requirements for Certification Authorities Issuing Qualified Certificates. ETSI TS 101 456 v1.4.1 (2006)

    Google Scholar 

  9. ETSI: Electronic Signatures and Infrastructures; Policy Requirements for Certification Authorities Issuing Public Key Certificates. ETSI TS 102 042 v1.2.2 (2005)

    Google Scholar 

  10. ETSI: Electronic Signatures and Infrastructures; Provision of Harmonized Trust Service Provider Information. Draft ETSI TS 102 231 v1.2.1 (2005)

    Google Scholar 

  11. ETSI: Electronic Signatures and Infrastructures; International Harmonization of Policy Requirements for CAs Issuing Certificates. ETSI TR 102 040 v1.3.1 (2005)

    Google Scholar 

  12. EU: Community Framework for Electronic Signatures. Directive 1999/93/EC of the European Parliament and of the Council (1999)

    Google Scholar 

  13. EuroPKI Top Level Certification Authority: EuroPKI Certificate Policy, Version 1.1 (2004)

    Google Scholar 

  14. Federal PKI Policy Authority (FPKIPA): US Government Public Key Infrastructure: Cross-Certification Criteria and Methodology Version 1.3. (2006)

    Google Scholar 

  15. Federal PKI Policy Authority (FPKIPA): X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) Version 2.1. (2006)

    Google Scholar 

  16. Hallam-Baker, P., Mysore, S.H. (eds.): XML Key Management Specification (XKMS 2.0). W3C Recommendation (2005)

    Google Scholar 

  17. IDA: A Bridge CA for Europe’s Public Administrations – Feasibility Study. European Commission – Enterprise DG, PKICUG project final report (2002)

    Google Scholar 

  18. ISO: Evaluation Criteria for IT Security. ISO 15408 Parts 1-3 (1999)

    Google Scholar 

  19. ITU-T | ISO/IEC: OSI – the Directory: Authentication Framework. ITU-T X.509 | ISO/IEC 9594-8 (2001)

    Google Scholar 

  20. Jøsang, A., Knapskog, S.J.: A metric for trusted systems. In: NSA1998 – 21st National Security Conference (1998)

    Google Scholar 

  21. Kent, S.: Privacy enhancement for Internet electronic mail. Part II: Certificate-Based Key Management. RFC1422 (1993)

    Google Scholar 

  22. Lioy, A., Marian, M., Moltchanova, N., Pala, M.: The euroPKI experience. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 14–27. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  23. Lopez, D.R., Malagon, C., Florio, L.: TACAR: a simple and fast way for building trust among pKIs. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 173–179. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  24. López, J., Oppliger, R., Pernul, G.: Classifying Public Key Certificates. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 135–143. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Malpani, A.: Bridge Validation Authority. ValiCert White Paper (2001)

    Google Scholar 

  26. Maurer, U.: Modeling a public-key infrastructure. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146. Springer, Heidelberg (1996)

    Google Scholar 

  27. McBee, F., Ingle, M.: Meeting the Need for a Global Identity Management System in the Life Sciences Industry – White Paper. SAFE BioPharma Association (2005)

    Google Scholar 

  28. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key In-frastructure Online Certificate Status Protocol – OCSP. RFC2560 (1999)

    Google Scholar 

  29. OASIS: Understanding Certification Path Construction. White Paper from PKI Forum Technical Group (2002)

    Google Scholar 

  30. Pinkas, D., Housley, R.: Delegated Path Validation and Delegated Path Discovery Protocol Requirements. RFC3379 (2002)

    Google Scholar 

  31. Reiter, M.K., Stubblebine, S.K.: Authentication metric analysis and design. ACM Transactions on Information and System Security 2(2), 138–158 (1999)

    Article  Google Scholar 

  32. Ølnes, J.: PKI Interoperability by an Independent, Trusted Validation Authority. In: 5th Annual PKI R&D Workshop (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DNV Research, Veritasveien 1, N-1322, Høvik, Norway

    Jon Ølnes

  2. DNV Certification, Veritasveien 1, N-1322, Høvik, Norway

    Leif Buene

Authors
  1. Jon Ølnes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leif Buene
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dip. di Automatica ed Informatica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129, Turin, Italy

    Andrea S. Atzeni

  2. Dip. Di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129, Torino, Italy

    Antonio Lioy

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ølnes, J., Buene, L. (2006). Use of a Validation Authority to Provide Risk Management for the PKI Relying Party. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_1

Download citation

  • DOI: https://doi.org/10.1007/11774716_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35151-1

  • Online ISBN: 978-3-540-35152-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation