Managing Interoperability in Non-Hierarchical Public Key Infrastructures.
作者: David Lemire , Peter Hesse
DOI:
关键词:
摘要: This paper discusses considerations for certificate issuing systems and processing applications, directory in environments that employ nonhierarchical public key infrastructures (PKIs). The observations recommendations here, while applicable to almost any non-hierarchical PKI, are most relevant situations where the establishment of interoperability among PKIs disparate organizations is a primary goal. They based on our work with PKI testbed comprised bridge certification authority (CA) interconnecting multiple CA products from several vendors. Our view more sophisticated aspects X.509 issuance (e.g., policies mappings, name constraints) tools allow establish limits security between [1]. Consequently, we believe extensions these features should be routinely populated by systems, expected processed applications. goal herein promote relying parties, still allowing owning maintain control.
ndss-symposium.org
isoc.org参考文章(4)
Yassir Elley, Seth Proctor, Sean Mullan, Anne H. Anderson, Steve Hanna, Radia J. Perlman, Building Certifications Paths: Forward vs. Reverse. network and distributed system security symposium. ,(2001)
C. Adams, S. Farrell, Internet X.509 Public Key Infrastructure Certificate Management Protocols RFC. ,vol. 2510, pp. 1- 72 ,(1999)
S. Kille, M. Wahl, T. Howes, Lightweight Directory Access Protocol (v3) RFC 2251. ,vol. 2251, pp. 1- 50 ,(1997)
D. Solo, R. Housley, W. Ford, W. Polk, Internet X.509 Public Key Infrastructure Certificate and CRL Profile RFC. ,vol. 2459, pp. 1- 129 ,(1999)