Abstract
We propose a new Public Key Infrastructure model for long-term signatures. It is based on X.509 and the real world of handwritten signatures. In the model, notaries certify that a signer’s certificate is trustworthy to verify a particular signature at a specific time. An end user issues his own X.509 certificate, whose validity period is meaningless and whose trustworthiness is accepted only if the certificate was certified by a notary. After the certification, the certificate remains trustworthy even if later keys are compromised or notaries disappear. The benefits for signed document users are: i) the maintenance of a document signature is simple and only necessary to prevent the obsolescence of cryptographic algorithms; ii) the overhead to store and verify a document signature does not increase significantly in the long term; and iii) there is only one trust decision when verifying a document signature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ministère de la Justice: Livre Foncier, https://www.livrefoncier.fr (accessed: July 22, 2012)
Centre of Registers and Information Systems: e-Land Register, http://www.egov-estonia.eu/e-land-register (accessed: September 20, 2012)
Adams, C., Cain, P., Pinkas, D., Zuccherato, R.: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP). RFC 3161 (Proposed Standard) (August 2001)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Stallings, W.: Cryptography and network security - principles and practice, 3rd edn. Prentice Hall (2003)
ITU-T: Recommendation X.509 information technology - open systems interconnection - the directory: Authentication framework. Technical report, ITU-T (2005)
ETSI: XML Advanced Electronic Signatures (XAdES). 1.8.3 edn. Number TS 101 903 (January 2010)
Gutmann, P.: Pki: It’s not dead, just resting. IEEE Computer 35(8), 41–49 (2002)
Martinez-Peláez, R., Satizábal, C., Rico-Novella, F., Forné, J.: Efficient certificate path validation and its application in mobile payment protocols. In: IEEE Third International Conference on Availability, Reliability and Security, ARES 2008, pp. 701–708 (2008)
Levi, A., Caglayan, M., Koc, C.: Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure. ACM Transactions on Information and System Security (TISSEC) 7(1), 21–59 (2004)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard) (May 2008)
Rivest, R.L.: Can we eliminate certificate revocation lists? In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 178–183. Springer, Heidelberg (1998)
Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Lim, T.-L., Lakshminarayanan, A., Saksen, V.: A practical and efficient tree-list structure for public-key certificate validation. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 392–410. Springer, Heidelberg (2008)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. RFC 2560 (Proposed Standard) (June 1999)
Micali, S.: Scalable certificate validation and simplified pki management. In: 1st Annual PKI Research Workshop, p. 15 (2002)
Custódio, R.F., Vigil, M.A.G., Romani, J., Pereira, F.C., da Silva Fraga, J.: Optimized certificates – A new proposal for efficient electronic document signature validation. In: Mjølsnes, S.F., Mauw, S., Katsikas, S.K. (eds.) EuroPKI 2008. LNCS, vol. 5057, pp. 49–59. Springer, Heidelberg (2008)
Justino, E., Bortolozzi, F., Sabourin, R.: Off-line signature verification using hmm for random, simple and skilled forgeries. In: Proceedings of the Sixth International Conference on Document Analysis and Recognition, pp. 1031–1034. IEEE (2001)
Kunz, T., Okunick, S., Pordesch, U.: Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC). RFC 5698 (Proposed Standard) (November 2009)
ETSI: Electronic Signatures and Infrastructures (ESI); Provision of harmonized Trust-service status information. Technical report, ETSI (2006)
The H Open: Fake Google certificate is the result of a hack (2011), http://h-online.com/-1333728 (accessed: November 01, 2011)
Maniatis, P., Giuli, T.J., Baker, M.: Enabling the long-term archival of signed documents through time stamping. CoRR cs.DC/0106058 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vigil, M.A.G., Moecke, C.T., Custódio, R.F., Volkamer, M. (2013). The Notary Based PKI. In: De Capitani di Vimercati, S., Mitchell, C. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2012. Lecture Notes in Computer Science, vol 7868. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40012-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-40012-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40011-7
Online ISBN: 978-3-642-40012-4
eBook Packages: Computer ScienceComputer Science (R0)