Skip to main content

Advertisement

Springer Nature Link
Log in

Theory and benefits of recursive certificate structures

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Processing of a set of multi-level digital certificates, particularly path construction and validation, can be excessively resource consuming, and even impractical in some cases. This article introduces classifications of certificate sets as “minimal”, “surplus”, and “deficient” and explains the new paradigm of a “recursive certificate” structure designed to provide the equivalent of a “minimal set” of conventional certificates containing only the necessary and sufficient information to minimize the effort to validate a certificate sequence, with a potential avoidance of duplication of validation previously handled by related Certification Authorities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Russell S (2002) Recursive Certificates: a New Paradigm for PKI Certificates. In: Proceedings of Second International Workshop for Asian Public Key Infrastructure. 30 October–1 November 2002, Chinese Cryptology and Information Security Association, Taiwan, pp. 14–20

  2. CCITT (Nov 1988) The Directory – Authentication Framework. Number CCITT X.509. International Telegraph and Telephone Consultative Committee, Switzerland

  3. Kohnfelder LM (May 1978) Towards a Practical Public-key Cryptosystem. B.S. Thesis, supervised by Adleman L

  4. Government of Canada (June 2001) Government of Canada PKI, web document, http://www.cio-dpi.gc.ca/pki-icp/

  5. Kim H, Cho Y, Jin S, Chung K (2001) Current Status and Trends of PKI in Korea. In: Kim [28], pp 1–21

  6. Dierks T, Allen C (Jan 1999) RFC 2246: The TLS Protocol Version 1.0, RFC 2246

  7. Zimmermann PR (1995) The Official PGP User’s Guide. MIT Press, Cambridge, Massachusetts

  8. Linn J (Feb 1993) RFC 1421. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures

  9. ITU-T (Mar 2000) Recommendation X.509: Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks

  10. Housley R, Ford W, Polk W, Solo D (Jan 1999) Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459

  11. Tezuka S (2001) Trend of Japanese PKI and International Cross Certification. In: Kim [28], pp 22–31

  12. Lam KY (2001) The PKI Experience in Singapore. In: Kim [28], pp 32–39

  13. Laih C-S, Lin C-C (2001) The Developing Process and Future Plan of PKI in ROC. In: Kim [28], pp 51–63

  14. Chung SL (2001) The PKI Development in Hong Kong. In: Kim [28], pp 64–76

  15. Bai S (2001) PKI in China. In: Kim [28], pp 40–50

  16. Alterman P (2001) The U.S. Federal PKI and the Federal Bridge Certification Authority, 7 May

  17. FPKI FBCA (2000) Report of Federal Bridge Certification Authority Initiative and Demonstration (Electronic Messaging Association Challenge 2000)

  18. Moskowitz R (2001) PKI at a Crossroads. Networkcomputing.com, 1 May, http://www.networkcomputing.com/1108/1108colmoskowitz.html

  19. Henderson M, Burmester M, Dawson E, Okamoto E (Nov 2000) Weaknesses in Public Key Infrastructures. Proc. of the First Workshop on Information Security Applications, pp 53–66

  20. Pinkas D, Housley R (Sept 2002) Delegated Path Validation and Delegated Path Discovery Protocol Requirements, RFC 3379. Category: Informational

  21. Cooper M, Dzambasow Y, Hesse P, Joseph S, Nicholas R (Feb 2003) Delegated Path validation and Delegated Path Discovery Protocol Requirements, draft-ietf-pkix-certpathbuild-00.txt, expires August 2003

  22. Pinkas D (Jan 2003) Certificate Validation Protocol, draft-ietf-pkix-cvp-02.txt

  23. Myers M (Jan 2003) DPV and DPD over OCSP, draft-ietf-pkix-ocsp-dpvdpd-00.txt

  24. Housley R, Polk T (2001) Planning for PKI, Wiley

  25. ITU-T Technical Committee JTC 1/SC 6 (1993) Information Technology – Open Systems Interconnection – Systems Management Overview – Procedures for the Operation of OSI Registration Authorities: General Procedures, ISO/IEC 9834

  26. McCullough A, Caelli W, Little P (2001) Signature Stripping: A Digital Dilemma. Journal of Information, Law and Technology 01(1)

    Google Scholar 

  27. Russell S, Okamoto E, Dawson E, Lopez J (2002) Improving Performance in Global PKI using Virtual Certificates and Synthetic Certificates. In: Proceedings of 2002 Symposium on Cryptography and Information Security, Shirahama, Japan, 29 January–1 February 2002, The Institute of Electronics, Information and Communication Engineers, Japan, pp 805–810

  28. Kim K (ed) (2001) Proceedings of the First International Workshop on Asian PKI (IWAP2001), ICU, Daejeon, Korea, 19–20 October 2001. International Research Center for Information Security, Korea and Institute of Industrial Science, Japan

Download references

Author information

Authors and Affiliations

  1. Information Security Research Centre, School of Software Engineering & Data Communications (Information Technology), Queensland University of Technology, 2 George Street, 4000, Brisbane, Australia

    Selwyn Russell

Authors
  1. Selwyn Russell
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Selwyn Russell.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Russell, S. Theory and benefits of recursive certificate structures . IJIS 2, 78–90 (2004). https://doi.org/10.1007/s10207-003-0028-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-003-0028-2

Keywords