Skip to main content
SpringerLink
Log in

Certification Paths: Retrieval and Validation

  • Chapter
  • First Online:
Introduction to Public Key Infrastructures

  • 2002 Accesses

Abstract

If entities wish to use a public key for encryption or signature verification they must retrieve this key and find out to whom it belongs. If this public key has been certified within a hierarchical PKI, the corresponding certificate must be found. Typically, such a certificate is the last element of a certification path. To verify its validity, the appropriate trust anchor must be found and the certification path must be constructed and verified. In this chapter we explain how this is done.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. Arends, R. Austein, M. Larson, D. Massey, S. Rose, Resource records for the DNS security extensions, in IETF Request for Comments, 4034, Mar 2005

    Google Scholar 

  2. D. Chadwick, Deficiencies in LDAP when used to support PKI. Commun. ACM 46(3), 99–104 (2003)

    Article  Google Scholar 

  3. D.W. Chadwick, S. Anthony, Using WebDAV for improved certificate revocation and publication, in Proceedings of Public Key Infrastructure: 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, June 2007, Palma de Mallorca. Volume 4582 of Lecture Notes in Computer Science, pp. 265–279

    Google Scholar 

  4. M. Cooper, Y. Dzambasow, P. Hesse, S. Joseph, R. Nicholas, Internet X.509 public key infrastructure: certification path building, in IETF Request for Comments, 4158, Sept 2005

    Google Scholar 

  5. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, in IETF Request for Comments, 5280, May 2008

    Google Scholar 

  6. L. Dusseault, HTTP extensions for web distributed authoring and versioning (WebDAV), in IETF Request for Comments, 4918, June 2007

    Google Scholar 

  7. T. Freeman, R. Housley, A. Malpani, D. Cooper, W. Polk, Server-based certificate validation protocol (SCVP), in IETF Request for Comments, 5055, Dec 2007

    Google Scholar 

  8. P. Gutmann, Internet X.509 public key infrastructure operational protocols: certificate store access via HTTP, in IETF Request for Comments, 4387, Feb 2006

    Google Scholar 

  9. R. Harrison, Lightweight directory access protocol (LDAP): authentication methods and security mechanisms, in IETF Request for Comments, 4513, June 2006

    Google Scholar 

  10. R. Housley, Cryptographic message syntax (CMS), in IETF Request for Comments, 5652, Sept 2009

    Google Scholar 

  11. R. Housley, P. Hoffman, Internet X.509 public key infrastructure operational protocols: FTP and HTTP, in IETF Request for Comments, 2585, May 1999

    Google Scholar 

  12. Internet Assigned Numbers Authority IANA, Simple authentication and security layer (SASL) mechanisms, http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xml

  13. S. Josefsson, Storing certificates in the domain name system (DNS), in IETF Request for Comments, 4398, Mar 2006

    Google Scholar 

  14. S. Legg, Lightweight directory access protocol (LDAP) and X.500 component matching rules, in IETF Request for Comments, 3687, Feb 2004

    Google Scholar 

  15. S. Legg, Lightweight directory access protocol (LDAP): the binary encoding option, in IETF Request for Comments, 4522, June 2006

    Google Scholar 

  16. S.S. Lim, J.H. Choi, K.D. Zeilenga, Design and implementation of LDAP component matching for flexible and secure certificate access in PKI, in Online Proceedings of the 4th Annual PKI R&D Workshop, Gaithersburg, Apr 2005. http://middleware.internet2.edu/pki05/proceedings/

  17. D. Pinkas, R. Housley, Delegated path validation and delegated path discovery protocol requirements, in IETF Request for Comments, 3379, Sept 2002

    Google Scholar 

  18. Recommendation X.509 ITU-T, Information technology – open systems interconnection – the directory: public-key and attribute certificate frameworks, Aug 2005

    Google Scholar 

  19. M. Smith, Definition of the inetOrgPerson LDAP object class, in IETF Request for Comments, 2798, Apr 2000

    Google Scholar 

  20. M. Smith, T. Howes, Lightweight directory access protocol (LDAP): string representation of search filters, in IETF Request for Comments, 4515, June 2006

    Google Scholar 

  21. M. Smith, T. Howes, Lightweight directory access protocol (LDAP): uniform resource locator, in IETF Request for Comments, 4516, June 2006

    Google Scholar 

  22. K. Zeilenga, Lightweight directory access protocol (LDAP): technical specification road map, in IETF Request for Comments, 4510, June 2006

    Google Scholar 

  23. K. Zeilenga, Lightweight directory access protocol (LDAP) schema definitions for X.509 certificates, in IETF Request for Comments, 4523, June 2006

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. FB Informatik, TU Darmstadt, Darmstadt, Germany

    Johannes A. Buchmann

  2. FlexSecure GmbH, Darmstadt, Germany

    Evangelos Karatsiolis

  3. AGT International, Darmstadt, Germany

    Alexander Wiesmaier

Authors
  1. Johannes A. Buchmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Evangelos Karatsiolis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Wiesmaier
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Buchmann, J.A., Karatsiolis, E., Wiesmaier, A. (2013). Certification Paths: Retrieval and Validation. In: Introduction to Public Key Infrastructures. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40657-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40657-7_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40656-0

  • Online ISBN: 978-3-642-40657-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation