A Notary Extension for the Online Certificate Status Protocol

Author

Ekechukwu, Chikaodili ; Lindskog, Dale ; Ruhl, Ron

Author_Institution

Dept. of Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada

fYear

2013

fDate

8-14 Sept. 2013

Firstpage

1016

Lastpage

1021

Abstract

X.509 certificates are data structures that bind public key values to subjects. This binding aids in the proper identification and authentication of communicating parties. The current X.509 certificate status validation method is imperfect, and under certain circumstances it is possible to establish a ´secure´ connection using a rogue X.509 certificate. This paper reviews the current X.509 certificate status validation check and its limitations, and recommends extending the Online Certificate Status Protocol (OCSP) to include a notary query. We argue that this extension will significantly increase detection of rogue certificates presented during TLS/SSL connections.

Keywords

cryptographic protocols; data structures; public key cryptography; OCSP; TLS-SSL connections; X.509 certificate status validation check; communicating party authentication; communicating party identification; data structures; notary extension; notary query; online certificate status protocol; public key values; rogue certificates; Convergence; Databases; History; Proposals; Protocols; Public key; Servers; Certificate Authority (CA); Man-in-the-Middle (MitM); Notary; Online Certificate Status Protocol (OCSP); Public Key Infrastructure (PKI); Secure Socket Layer (SSL); Transport Layer Protocol (TLS); X.509 Certificate;

fLanguage

English

Publisher

ieee

Conference_Titel

Social Computing (SocialCom), 2013 International Conference on

Conference_Location

Alexandria, VA

Type

conf

DOI

10.1109/SocialCom.2013.163

Filename

6693460