Skip to main content
SpringerLink
Log in

How to build evidence in a public-key infrastructure for multi-domain environments

  • Conference paper
  • First Online:
Security Protocols (Security Protocols 1997)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1361))

Included in the following conference series:

  • 233 Accesses

Abstract

We discuss here some of the issues that must be considered to build evidence in an appropriate way in a public-key infrastructure (PKI). Despite the fact that one of the most recurrent motivation by papers advocating the necessity of a PEI, is to support electronic commerce, all the new proposals of PKIs do not define any procedure to specify which evidence must be collected and in which form, when users carry out a commercial transaction.

We think that this is an important issue that requires more attention especially if Internet will succeed to became a marketplace as many people hope. In the conventional world, evidence plays a very important role in any dispute resolution that can occur.

Besides all the services and applications that we can provide to users to facilitate them to buy through the use of PCs, we have to provide them by a sufficiently well founded guarantee that they will be safeguarded against frauds attempts and malicious behaviours. In this paper, we describe which facilities a PEI must provide in order to build the evidence needed to get that guarantee.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. Needham A. Birrell, B. Lampson and M. Schroeder. A Global Authentication Service Without Global Trust. In Proceedings of the IEEE Conference on Security and Privacy, 1986.

    Google Scholar 

  2. P. Hu B. Christianson and F. Snook. File server architecture for an open distributed document system. In Communication and Multimedia Security. Chapman and Hall, 1995.

    Google Scholar 

  3. M. Lomas B. Crispo. A Certification Scheme for Electronic Commerce. In Security Protocol Workshop, volume LNCS series vol. 1189. Springer-Verlag, 1997.

    Google Scholar 

  4. M. Burrows B. Lampson, M. Abadi and E. Wobber. Theory and Practice. ACM Transaction on Computer Systems, 10:265–310, November 1992.

    Article  Google Scholar 

  5. S. Boeyen, R. Housley, T. Howes, M. Myers, and P. Richard. Internet Draft: Internet Public Key Infrastructure Part 2: Operational Protocols. working draft ‘in progress’ available at:, ftp://ietf.org/internet-drafts/draft-ietf-pkix-ipki2opp00. txt, March 1997.

    Google Scholar 

  6. W. E. Burr. Public Key Infrastructure-Technical Specifications (version 2.3) Part C — Concept of Operation. Work ‘in progress’ available at: http://csrc.nist.gov/pki/twg/conops.ps, November 1996.

    Google Scholar 

  7. S. Farrell C. Adams. Internet Draft: Internet Public Key Infrastructure Part III: Certificate Management Protocols. working draft ‘in progress’ available at:, ftp://ietf.org/internet-drafts/draft-ietf-pkix-ipki3cmp-02.txt, June 1997.

    Google Scholar 

  8. D.W.Chadwick, A.J. Young, and N.K.Cicovic. Merging and Extending the PGP and PEM Trust Models — The ICE-TEL Trust Model. IEEE Network, June/July, 1997.

    Google Scholar 

  9. C.M. Ellison. Internet Draft: SPKI Requirements. March 97, working draft ‘in progress’ available at:,ftp://ietf.org/internet-drafts/draft-ietf-spki-cert-req-00.txt, March 1997.

    Google Scholar 

  10. C.M. Ellison, B. Frantz, B. Lampson, R. Rivest, B.M. Thomas, and T. Ylonen. Internet Draft: Simple Public Key Certificate Requirements. July 97, working draft ‘in progress’ available at:, ftp://ietf.org/internet-drafts/draft-ietf-spki-certstructure-02.txt, July 1997.

    Google Scholar 

  11. D. Gligor, S Luan, and J.N.Pato. On Inter-Realm Authentication in Large Distributed Systems. In Proceedings of the IEEE Conference on Security and Privacy, 1992.

    Google Scholar 

  12. Information Technology-Open Systems Interconnection, Geneva. Draft Technical Corrigendum to Recommendation X.509, December 1995. The Directory: Authentication Framework.

    Google Scholar 

  13. Information Technology-Open Systems Interconnection, Geneva. Recommendation X.509, June 1995. The Directory: Authentication Framework.

    Google Scholar 

  14. U. Maurer. Modeling a public-key infrastructure. In ESORICS 96, Roma, 1996. Springer-Verlag N.Y. LNCS 1146.

    Google Scholar 

  15. M.K.Reiter and S.G.Stubblebine. Toward Acceptable Metrics of Authentication. In Proceedings of the IEEE Conference on Security and Privacy, 1997.

    Google Scholar 

  16. W. Polk R. Housley, W. Ford and D. Solo. Internet Draft: Internet Public Key Infrastructure Part I: X.509 Certificate and CRL Profile, working draft ‘in progress’ available at:, ftp://ietf.org/internet-drafts/draft-ietf-pkix-ipki-partl-04.txt, March 1996.

    Google Scholar 

  17. T. Beth R. Yahalom, B. Klein. Trust Relationships in a Secure Systems-A Distributed Authentication Perspective. In Proceedings of the IEEE Conference on Security and Privacy, May 1993.

    Google Scholar 

  18. T. Beth R. Yahalom, B. Klein. Trust-based navigation in distributed systems. Computing System 7(1), Winter, 1994

    Google Scholar 

  19. B. Lampson R.L. Rivest. SDSI-A Simple Distributed Security Infrastructure. http://theory.Ics.mit.edu/ cis/sdsi.html, April 1996.

    Google Scholar 

  20. M.D. Schroeder R.M. Needham. Using Encryption for Authentication in Large Network of Computers. Communications of ACM, 21:993–999, 1978.

    Article  Google Scholar 

  21. W. Ford S. Chokhani. Internet Draft: Internet Public Key Infrastructure Part IV: Certificate Policy and Certification Practices Framework, working draft ‘in progress’ available at:, ftp://ietf.org/internet-drafts/draft-ietf-pkix-ipki-part40l.txt, July 1997.

    Google Scholar 

  22. Gustav J. Simmons. Subliminal Channel:Past and Present. Europen Transactions on Telecommunications, 5:459–473, July-August 1994.

    Google Scholar 

  23. W. Stallings. Protect I'Our Privacy. Prentice-Hall, Englewood Cliffs, New Jersey, 1995.

    Google Scholar 

  24. S. Stornetta and S. Haber. Secure Digital Names. In Proceedings of the 4th ACM Conference on Computer and Communication Security, 1997.

    Google Scholar 

  25. B. Klein T. Beth, M. Borcherding. Valuation of trust in open network. In ESORICS 94, Brighton, Uk, November 1985. Springer-Verlag N.Y.

    Google Scholar 

  26. VISA and MaserCard, http://www.mastercard.com/set or http://www.visa.com/set. SET: Secure Electronic Transactions, 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Laboratory, Cambridge University, Pembroke Street, CB2 3QG, Cambridge

    Bruno Crispo

  2. Dipartimento di Scienze dell'Informazione, Universita di Torino, UK

    Bruno Crispo

Authors
  1. Bruno Crispo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bruce Christianson Bruno Crispo Mark Lomas Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Crispo, B. (1998). How to build evidence in a public-key infrastructure for multi-domain environments. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds) Security Protocols. Security Protocols 1997. Lecture Notes in Computer Science, vol 1361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028159

Download citation

  • DOI: https://doi.org/10.1007/BFb0028159

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64040-0

  • Online ISBN: 978-3-540-69688-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation