Abstract
User authentication, data integrity and non-repudiation services using public-key infrastructure(PKI) are based on the assumption of the trust toward the root CA key in its domain. This root CA key which is commonly encoded as a self-signed certificate has a validity period and it must be updated before the expiration date of it. To do so, an appropriate root CA key update procedure must be proceeded. This paper explains the requirements and a concrete procedure for a root CA key update and the related security issues. Also we will provide an effective root CA key update mechanism considering a security and efficiency, which can be a best practice for handling the root CA certificate expiration.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
References
Moses, T.: PKI Trust Models (2000), available at http://www.itu.dk/courses/DSK/E2003/DOCS/PKI-Trust-models.pdf
Housley, R., Polk, T.: Planning for PKI, pp. 103–105. Wiley Computer Publishing, Chichester (2001)
Londy, M.: ZDNet(UK), Last week’s mini-Y2K:What went wrong? January 13 (2004), available at http://zdnet.com.com/2100-1107-2-5140009.html
Housley, R., et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC3280, IETF (April 2002)
ITU-T Recommendation X.509 (1997) | ISO/IEC 9594-8:1998, Information technology - Open Systems Interconnection - The Directory: Authentication Framework (1998)
Information Security Committee, American Bar Association, PKI Assessment Guidelines (June 2001)
Chokhani, S., et al.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, RFC2527, IETF
Adams, C., et al.: Internet X.509 Public Key Infrastructure Certificate Management Protocols, RFC2510, IETF (1999)
Interoperability Working Group, Asia PKI Interoperability Guideline v1.0, Asia PKI Forum (March 2003)
Kaliski, B.: RSA Laboratories TWIRL and RSA Key Size Revised May 6 (2003), available at http://www.rsasecurity.com/rsalabs/technotes/twirl.html
RegTP, Notification in accordance with the Electronic Signature Act and the Electronic Signature Ordinance, Federal Gazette No 49, pp. 4202-4203 of 11 Match (2003)
Lenstra, A.K., Verheul, E.R.: Selecting Cryptographic Key Sizes (2001)
Perlman, R.: Sun Microsystems, An Overview of PKI Trust Models, IEEE Network (1999)
Freeman, T.: Certificate Trust List, Microsoft Corporation
A RSA Laboratories, PKCS7: Cryptographic Message Syntax Standard, Revised November 1 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jeun, I. et al. (2004). A Best Practice for Root CA Key Update in PKI. In: Jakobsson, M., Yung, M., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol 3089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24852-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-24852-1_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22217-0
Online ISBN: 978-3-540-24852-1
eBook Packages: Springer Book Archive