skip to main content
10.1145/1527017.1527025acmotherconferencesArticle/Chapter ViewAbstractPublication PagesidtrustConference Proceedingsconference-collections
research-article

Usable trust anchor management

Published: 14 April 2009 Publication History

Abstract

Security in browsers is based upon users trusting a set of root Certificate Authorities (called Trust Anchors) which they may know little or nothing about. Browser vendors face a difficult challenge to provide an appropriate interface for users. Providing usable Trust Anchor Management (TAM) for users, applications and PKI deployers is a complex task. The PKIX working group at Internet Engineering Task Force (IETF) is working on a new protocol, the Trust Anchor Management Protocol (TAMP), which will provide a standardized method to automatically manage trust anchors in applications and devices. Although promising, this protocol does not go far enough to allow users to gather information about previously unknown trust anchors in an automatic fashion. We have proposed the PKI Resource Query Protocol (PRQP)---which is currently an Internet Draft on Experimental Track with IETF---to provide applications with an automatic discovery system for PKI management. In this paper we describe the basic architecture and capabilities of PRQP that allow Browsers to provide a more complete set of trust anchor management services. We also provide the design of a PRQP enabled infrastructure that uses a trust association mechanism to provide an easy solution for managing Trust Anchors for Virtual Organizations.

References

[1]
EuroPKI Infrastructure. EuroPKI website. {Online} http://www.europki.org.
[2]
GSI working group of the Global Grid Forum. {Online} http://www.gridforum.org/2\_SEC/GSI.htm.
[3]
The European Policy Management Authority for Grid Authentication in e-Science. {Online} http://www.eugridpma.org/.
[4]
The International Grid Federation. {Online} http://www.gridpma.org/.
[5]
Alma Whittenand and J. D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In 8th USENIX Security Symposium, August 1999.
[6]
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, May 2008.
[7]
Denise Anthony, James Kitts, Chris Masone, and Sean W. Smith. Technology and Trust. In Eastern Sociological Society Annual Meetings, Feb 2008.
[8]
T. Dierks and C. Allen. The TLS Protocol. Internet Engineering Task Force: RFC 2246, January 1999.
[9]
ISO/TC68/SC2. Certificate management for financial services -- Part 1: Public key certificates. ISO 15782-1:2003, August 2003.
[10]
Kelvin Yiu. 6th Annual PKI R&D Workshop, "Applications Driven PKI (It's The Apps, Stupid!)", April 2007.
[11]
Massimiliano Pala. PKI Resource Query Protocol (PRQP). Internet-Draft, Experimental Track, June 2008.
[12]
Massimiliano Pala and Sean W. Smith. AutoPKI: A PKI Resources Discovery System. In Public Key Infrastructure, 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, volume 4582. LLNCS, Springer-Verlag, June 2007.
[13]
Massimiliano Pala and Sean W. Smith. PEACHES and Peers. In 5th European PKI Workshop: Theory and Practice, volume 5057, pages 223--238. Lecture Notes in Computer Science, Springer Verlag, June EuroPKI 2008.
[14]
Massimiliano Pala, Marius Marian, Natalia Moltchanova, Antonio Lioy. PKI past, present and future. International Journal on Information Security, 5:18--29, January 2006.
[15]
M. Pala, A. Lioy, M. Marian, and N. Moltchanova. The EuroPKI Experience. In Proceedings of the 1st European Workshop on PKI, volume 3093, pages 14--27, Berlin, Germany, June 2004. Springer-Verlag.
[16]
R. Guida, R. Stahl, T. Bunt, G. Secrest, J. Moorcones. Deploying and Using Public Key Technology: Lessons Learned in Real Life. IEEE Security and Privacy, pages 67--71, September 2004.
[17]
R. Reddy, C. Wallace. Trust Anchor Management Requirements. Internet Draft: Informational, October 2008.
[18]
R. Rivest, A. Shamir, L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21 (2):120--126, 1978.
[19]
Sean W. Smith. A Funny Thing Happened on the Way to the Marketplace. IEEE Security and Privacy, 1 (6):74--78, November/December 2003.
[20]
Simson L. Garfinkel and Robert C. Miller. Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. In Proceedings of the 2005 symposium on Usable privacy and security, pages 13--24, 2005.
[21]
TACAR Project. TERENA Academic CA Repository. {Online}} http://www.tacar.org.
[22]
W. Diffie, M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22 N. 6:644--654, November 1976.

Index Terms

  1. Usable trust anchor management

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    IDtrust '09: Proceedings of the 8th Symposium on Identity and Trust on the Internet
    April 2009
    131 pages
    ISBN:9781605584744
    DOI:10.1145/1527017
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    • Internet2
    • The National Institute of Standards and Technology
    • OASIS IDtrust Member Section
    • FPKIPA: Federal Public Key Infrastructure Policy Authority

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 April 2009

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. PKI
    2. PRQP
    3. digital certificate
    4. discovery system
    5. trust anchor

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    IDtrust '09
    Sponsor:
    • FPKIPA
    IDtrust '09: 8th Symposium on Identity and Trust on the Internet
    April 14 - 16, 2009
    Maryland, Gaithersburg, USA

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 321
      Total Downloads
    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media