DocumentCode :
2625310
Title :
A Notary Extension for the Online Certificate Status Protocol
Author :
Ekechukwu, Chikaodili ; Lindskog, Dale ; Ruhl, Ron
Author_Institution :
Dept. of Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
fYear :
2013
fDate :
8-14 Sept. 2013
Firstpage :
1016
Lastpage :
1021
Abstract :
X.509 certificates are data structures that bind public key values to subjects. This binding aids in the proper identification and authentication of communicating parties. The current X.509 certificate status validation method is imperfect, and under certain circumstances it is possible to establish a ´secure´ connection using a rogue X.509 certificate. This paper reviews the current X.509 certificate status validation check and its limitations, and recommends extending the Online Certificate Status Protocol (OCSP) to include a notary query. We argue that this extension will significantly increase detection of rogue certificates presented during TLS/SSL connections.
Keywords :
cryptographic protocols; data structures; public key cryptography; OCSP; TLS-SSL connections; X.509 certificate status validation check; communicating party authentication; communicating party identification; data structures; notary extension; notary query; online certificate status protocol; public key values; rogue certificates; Convergence; Databases; History; Proposals; Protocols; Public key; Servers; Certificate Authority (CA); Man-in-the-Middle (MitM); Notary; Online Certificate Status Protocol (OCSP); Public Key Infrastructure (PKI); Secure Socket Layer (SSL); Transport Layer Protocol (TLS); X.509 Certificate;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Social Computing (SocialCom), 2013 International Conference on
Conference_Location :
Alexandria, VA
Type :
conf
DOI :
10.1109/SocialCom.2013.163
Filename :
6693460
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2625310
بازگشت