Advertisement

PKI Interoperability: Still an Issue? A Solution in the X.509 Realm

  • Ahmad Samer Wazan
  • Romain Laborde
  • François Barrere
  • Abdelmalek Benzekri
  • David W. Chadwick
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 406)

Abstract

There exist many obstacles that slow the global adoption of public key infrastructure (PKI) technology. The PKI interoperability problem, being poorly understood, is one of the most confusing. In this paper, we clarify the PKI interoperability issue by exploring both the juridical and technical domains. We demonstrate the origin of the PKI interoperability problem by determining its root causes, the latter being legal, organizational and technical differences between countries, which mean that relying parties have no one to rely on. We explain how difficult it is to harmonize them. Finally, we propose to handle the interoperability problem from the trust management point of view, by introducing the role of a trust broker which is in charge of helping relying parties make informed decisions about X.509 certificates.

Keywords

PKI X.509 Trust Interoperability 

References

  1. 1.
    Hanna, S.R., Pawluk, J.: Identifying and Overcoming Obstacles to PKI Deployment and Usage. In: 3rd Annual PKI R\&D Workshop. NIST, Gaithersburg (2004)Google Scholar
  2. 2.
    Smith, P.: Internet Based Payments Application - Trust and Digital Certificates. In: 16th Payment Systems Internatoinal Conference (PSIC), Bruges, Belgium (May 2000)Google Scholar
  3. 3.
    Organization for Economic Co-operation and Development (OECD): The OECD report on regulatory reform: Synthesis Paris (1997), http://www.oecd.org/dataoecd/17/25/2391768.pdf
  4. 4.
    PKI Assessment Guidelines of the American Bar Association, http://www.abanet.org/scitech/ec/isc/pagv30.pdf
  5. 5.
    United Nations Commission on International Trade Law: Promoting confidence in electronic commerce: legal issues on international use of electronic authentication and signa-ture methods (2009) ISBN 978-92-1-133663-4Google Scholar
  6. 6.
    Susanna, F.F.: Saving Rosencrantz and Guildenstern in a virtual world? A compara-tive look at recent global electronic signature legislation. Journal of Science and Technology Law 7 (2001)Google Scholar
  7. 7.
    Deffains, B., Winn, J.K.: Governance of Electronic Commerce in Consumer and Business Markets. Social Science Research Network (2008), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1099516
  8. 8.
    Moringiello, J.M., Reynolds, W.L.: Survey of the law of CyperSpace Electronic Contracting Cases 2007-2008. Business Lawyer 64 (2008)Google Scholar
  9. 9.
    Winn, J.K., Bix, B.H.: Diverging Perspectives on Electronic Contracting in the US and EU. Clev. St. L. Rev. 54, 175 (2006)Google Scholar
  10. 10.
    Winn, J.K.: What protection do consumers require in the information economy? Law Ethics & Society 4, 84–102 (2008)Google Scholar
  11. 11.
    Winn, J.K., Yuping, S.: Can China Promote Electronic Commerce through Law Reform-Some Preliminary Case Study Evidence. Colum. J. Asian L. 20, 415 (2006)Google Scholar
  12. 12.
    Winn, J.K., Jondet, N.: A ‘New Approach’ to standards and consumer protection. Journal of Consumer Policy 31(4), 459–472 (2008)CrossRefGoogle Scholar
  13. 13.
    National Strategy for Trusted Identities in Cyberspace, Daft (2010)Google Scholar
  14. 14.
    Winn, J.K.: Information Technology Standards as a Form of Consumer Protection Law (2008), http://www.law.washington.edu/Directory/docs/Winn/Info_Tech_Stds.pdf
  15. 15.
    Guidelines for the issuance and management of extended validation certificates (2007), http://www.cabforum.org/EV_Certificate_Guidelines.pdf
  16. 16.
    Kennedy, S.: The political economy of standards coalitions: Explaining China’s involvement in high-tech standards wars. Asia Policy 2, 41–62 (2006)CrossRefGoogle Scholar
  17. 17.
    Martínez-Nadal, A., Ferrer-Gomila, J.L.: Comments to the UNCITRAL Model Law on Electronic Signatures. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 229–243. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    European Commission: The study on the standardisation aspects of eSignatures (2007), http://ec.europa.eu/information_society/eeurope/i2010/docs/esignatures/e_signatures_standardisation.pdf
  19. 19.
    Van Eecke, P., Pinto Fonseca, P., Egyedi, T.: EU Study on the specific policy needs for ICT standardisation: Final report (2007)Google Scholar
  20. 20.
    Winn, J.K.: US and EU regulatory competition and authentication standards in electronic commerce. Journal of IT Standards and Standardization Research 5(1), 84–102 (2006)Google Scholar
  21. 21.
    Ølnes, J.: PKI Interoperability by an Independent, Trusted Validation Authority. In: 5th Annual PKI R&D Workshop 2006 (2006)Google Scholar
  22. 22.
    Wazan, A.S., Laborde, R., Barrère, F., Benzekri, A.: A formal model of trust for calculating the quality of X.509 certificate. Security and Communication Networks 4(6), 651–665 (2011)CrossRefGoogle Scholar
  23. 23.
    Draft Regulation on “electronic identification and trusted services for electronic transactions in the internal market” (2012)Google Scholar
  24. 24.
    ITU-T Rapporteur Q.11/17. Rec. ITU-T X.509 (2012) | ISO/IEC 9594-8 : 2012 Information Technology - Open systems Interconnection - The Directory: Public-key and attribute certificate frameworks – Working Draft for Adm. 2: Directory-IdM support. TD0241, Geneva, April 17-26 (2013) Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Ahmad Samer Wazan
    • 1
  • Romain Laborde
    • 2
  • François Barrere
    • 2
  • Abdelmalek Benzekri
    • 2
  • David W. Chadwick
    • 3
  1. 1.CNRS UMR 5157 SAMOVARInstitut Mines-Telecom/Telecom SudParisEvryFrance
  2. 2.IRIT UMR 5505Paul Sabatier UniversityToulouseFrance
  3. 3.Computing LaboratoryUniversity of KentCanterburyUK

Personalised recommendations