Abstract
If entities wish to use a public key for encryption or signature verification they must retrieve this key and find out to whom it belongs. If this public key has been certified within a hierarchical PKI, the corresponding certificate must be found. Typically, such a certificate is the last element of a certification path. To verify its validity, the appropriate trust anchor must be found and the certification path must be constructed and verified. In this chapter we explain how this is done.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Arends, R. Austein, M. Larson, D. Massey, S. Rose, Resource records for the DNS security extensions, in IETF Request for Comments, 4034, Mar 2005
D. Chadwick, Deficiencies in LDAP when used to support PKI. Commun. ACM 46(3), 99–104 (2003)
D.W. Chadwick, S. Anthony, Using WebDAV for improved certificate revocation and publication, in Proceedings of Public Key Infrastructure: 4th European PKI Workshop: Theory and Practice, EuroPKI 2007, June 2007, Palma de Mallorca. Volume 4582 of Lecture Notes in Computer Science, pp. 265–279
M. Cooper, Y. Dzambasow, P. Hesse, S. Joseph, R. Nicholas, Internet X.509 public key infrastructure: certification path building, in IETF Request for Comments, 4158, Sept 2005
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, in IETF Request for Comments, 5280, May 2008
L. Dusseault, HTTP extensions for web distributed authoring and versioning (WebDAV), in IETF Request for Comments, 4918, June 2007
T. Freeman, R. Housley, A. Malpani, D. Cooper, W. Polk, Server-based certificate validation protocol (SCVP), in IETF Request for Comments, 5055, Dec 2007
P. Gutmann, Internet X.509 public key infrastructure operational protocols: certificate store access via HTTP, in IETF Request for Comments, 4387, Feb 2006
R. Harrison, Lightweight directory access protocol (LDAP): authentication methods and security mechanisms, in IETF Request for Comments, 4513, June 2006
R. Housley, Cryptographic message syntax (CMS), in IETF Request for Comments, 5652, Sept 2009
R. Housley, P. Hoffman, Internet X.509 public key infrastructure operational protocols: FTP and HTTP, in IETF Request for Comments, 2585, May 1999
Internet Assigned Numbers Authority IANA, Simple authentication and security layer (SASL) mechanisms, http://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xml
S. Josefsson, Storing certificates in the domain name system (DNS), in IETF Request for Comments, 4398, Mar 2006
S. Legg, Lightweight directory access protocol (LDAP) and X.500 component matching rules, in IETF Request for Comments, 3687, Feb 2004
S. Legg, Lightweight directory access protocol (LDAP): the binary encoding option, in IETF Request for Comments, 4522, June 2006
S.S. Lim, J.H. Choi, K.D. Zeilenga, Design and implementation of LDAP component matching for flexible and secure certificate access in PKI, in Online Proceedings of the 4th Annual PKI R&D Workshop, Gaithersburg, Apr 2005. http://middleware.internet2.edu/pki05/proceedings/
D. Pinkas, R. Housley, Delegated path validation and delegated path discovery protocol requirements, in IETF Request for Comments, 3379, Sept 2002
Recommendation X.509 ITU-T, Information technology – open systems interconnection – the directory: public-key and attribute certificate frameworks, Aug 2005
M. Smith, Definition of the inetOrgPerson LDAP object class, in IETF Request for Comments, 2798, Apr 2000
M. Smith, T. Howes, Lightweight directory access protocol (LDAP): string representation of search filters, in IETF Request for Comments, 4515, June 2006
M. Smith, T. Howes, Lightweight directory access protocol (LDAP): uniform resource locator, in IETF Request for Comments, 4516, June 2006
K. Zeilenga, Lightweight directory access protocol (LDAP): technical specification road map, in IETF Request for Comments, 4510, June 2006
K. Zeilenga, Lightweight directory access protocol (LDAP) schema definitions for X.509 certificates, in IETF Request for Comments, 4523, June 2006
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Buchmann, J.A., Karatsiolis, E., Wiesmaier, A. (2013). Certification Paths: Retrieval and Validation. In: Introduction to Public Key Infrastructures. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40657-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-40657-7_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40656-0
Online ISBN: 978-3-642-40657-7
eBook Packages: Computer ScienceComputer Science (R0)