Abstract
Public key cryptography is widely recognised as the technology to develop effective authentication, integrity, confidentiality and non-repudiation services. The provision of public key-based security services for complex and large scale organisations requires a Public Key Infrastructure (PKI) in charge of securely managing cryptographic keys/certificates. An essential PKI service is the certificate status validation (CSV) system that supports the publishing and the consistent usage of certificate status information for wide range of applications. Several CSV solutions, such as Certificate Revocation Lists or the On-line Certificate Status Protocol, are available, but none can meet the requirements for all applications, in particular of timeliness and performance. The lack of a comprehensive CSV solution calls for the development of a flexible framework that can integrate all available validation mechanisms and permit the selection of alternative validation strategies, depending on application requirements. The paper describes this framework that provides PKI users with a flexible, dynamic and transparent CSV support. In addition, the paper claims that the framework flexibility, dynamicity and transparency can greatly benefit from the adoption of the Mobile Agent (MA) technology because it exhibits the same intrinsic features, by presenting an MA-based prototype for CSV.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35515-3_53
Chapter PDF
Similar content being viewed by others
Reference
W. Stallings, “Network and Internetwork Security: Principle and Practice”, Prentice Hall, 1995.
W. Ford, M. Baum, “Secure Electronic Commerce ”, Prentice-Hall, 1996.
R. Housley, et alii, RFC 2459, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”, Internet Engineering Task Force, 1999.
M. Myers, et alii, RFC 2560, “X509 Internet Public Key Infrastructure Online Certificate Status Protocol — OCSP”, Internet Engineering Task Force, 1999.
P. Kocher, “On Certificate Revocation and Validation”, Financial Cryptography, Anguilla, 1998.
M. Myers, “Revocation: Options and Challenges”, Financial Cryptography, Anguilla, 1999.
B. Fox, B. LaMacchia, “Online Certificate Status Checking in Financial Transactions: The Case for Re-issuance”, Financial Cryptography, Anguilla, 1999.
Valicert Validator Suite, http://www.valicert.com/html/validator_suite.html.
A. Fuggetta, et alii, “Understanding Code Mobility”, IEEE Transactions on Software Engineering, Vol. 24, No. 5, 1998.
P. Bellavista, et alii., “A Secure and Open Mobile Agent Programming Environment”, ISADS’99 — IEEE International Symposium on Anonymous Decentralized Systems, Tokyo, 1999.
D. Lange, M. Oshima, “Programming and Deploying Java Mobile Agents with Aglets “, 1998, Addison Wesley.
Object Management Group, CORBA/IIOP Rev 2.2, OMG Document formal/98–07–01, 1998.
T. Dierks, C. Allen, RFC 2246, “The TLS Protocol Version 1.0”, Internet Engineering Task Force, 1999
A. Corradi, et alii., “Mobile Agents Integrity for Electronic Commerce Applications”, Information Systems, Elsevier, Vol. IS24, No. 6, 1999.
R. Perlman, “An Overview of PKI Trust Models”, IEEE Network, Vol. 13, No. 6, 1999.
D. Johansen, et alii., “NAP: Practical Fault-Tolerance for Itinerant Computations”, ICDCS’99 — IEEE 19 th International Conference on Distributed Computer Systems, Austin (TX), 1999.
D. Chadwick, A. Young, “Merging and Extending the PGP and PEM Trust Models - The ICE-TEL Trust Model”, IEEE Network, Vol. 11, No. 3, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this paper
Cite this paper
Corradi, A., Montanari, R., Stefanelli, C., Berbecaru, D., Lioy, A., Maino, F. (2000). A Flexible Management Framework for Certificate Status Validation. In: Qing, S., Eloff, J.H.P. (eds) Information Security for Global Information Infrastructures. SEC 2000. IFIP — The International Federation for Information Processing, vol 47. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35515-3_49
Download citation
DOI: https://doi.org/10.1007/978-0-387-35515-3_49
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5479-7
Online ISBN: 978-0-387-35515-3
eBook Packages: Springer Book Archive