Second European Symposium on Research in Computer Security (ESORICS 92)
Associating Metrics to Certification Paths
Anas Tarah, Christian Huitema
Keywords :
Abstract : This paper presents a part of our work on open systems' security in conformance with the X509 framework. The Chimaera model tries to cover all X509's lacks especially for what concerns Certification Authorities CA. Although our primary concern was the elaboration of a security scheme, we quickly meet the need for a convenient distribution of CAs and the manipulation of both certificates and certification paths. The main trends of the scheme are: the elaboration of the CA concepts, the elaboration of a communication protocol between these authorities by and the introduction of the evaluation notion of both certificates and Certification Paths CP. In the first part, a brief introduction to major security trends and mechanisms is given, the some implementations and standards are cited. At this level, deficiencies of actual models and the need of more convenient scheme are shown. In the next part, main trends of the Chimaera and its OSI environment are presented. We describe the a protocol for the exchange and evaluation of both certificates and CP, Certification Paths, hence ensuring a secure propagation of trust and knowledge over the network. Finally, the added value of the given scheme is discussed in relation to certificate's establishment and revocation.
(Pages 173-189)