John Iliadis

mastersthesis

There has been an increasing interest in the deployment of Public Key Infrastructures, the past few years. Security issues emerge from the operation of Certification Authorities, as well as the operation of other PKI ‑ related security service providers. Most of them have been addressed and efficient solutions have been found. One of the areas which has to be studied further is the generation and dissemination of information regarding the status of a digital certificate. In this dissertation, we present a set of evaluation criteria for mechanisms that are used to generate and disseminate Certificate Status Information (CSI). We evaluate the proposed CSI mechanisms according to the aforementioned criteria, and identify the security and performance issues that emerge from their use. Finally, we develop a prototype specification for a CSI dissemination mechanism, which we call Alternative Dissemination of Certificate Status Information (ADOCSI). This mechanism uses the functionality offered by Software Agents in order to disseminate CSI, and also uses some of the properties and functionality offered by the other CSI mechanisms. We believe that ADOCSI addresses some of the issues that emerge from the use of the other Certificate Status Information dissemination mechanisms.

PDF

1999 – 09

ILIADIS

Royal Holloway and Bedford New College, University of London, UK

University of the Aegean, Greece

2001-09-01

-Taxonomy of Certificate Status Information mechanisms -Evaluation of certificate status information mechanisms -Towards an alternative mechanism for CSI -Future work on CSI

certificate revocation, certificate status information, PKI agents

English

Taxonomy and evaluation of existing Certificate Status Information mechanisms and proposal for an alternative mechanism