Skip to Main content Skip to Navigation
Conference papers

How Can I Trust an X.509 Certificate? an Analysis of the Existing Trust Approaches

Abstract : A Public Key Infrastructure (PKI) is based on a trust model defined by the original X.509 standard and is composed of three entities: the Certification Authority, the certificate holder (subject) and the Relying Party. The CA plays the role of a trusted third party between the subject and the RP. A trust evaluation problem is raised when an RP receives a certificate from an unknown subject that is signed by an unknown CA. Different approaches have been proposed to handle this trust problem. We argue that these approaches work only in the closed deployment model where RPs are also subjects, but cannot work in the open deployment model where they are not. Our objective is to identify the deficiencies in the existing trust approaches that try to help RPs to make trust decisions about certificates in the Internet, and to introduce the new X.509 approach based on a trust broker.
Complete list of metadatas

Cited literature [7 references]  Display  Hide  Download
Contributor : Open Archive Toulouse Archive Ouverte (oatao) <>
Submitted on : Monday, January 22, 2018 - 4:45:51 PM
Last modification on : Saturday, June 20, 2020 - 3:38:19 AM
Long-term archiving on: : Thursday, May 24, 2018 - 9:30:15 AM


Files produced by the author(s)


  • HAL Id : hal-01690136, version 1
  • OATAO : 18789


Ahmad Samer Wazan, Romain Laborde, David W. Chadwick, François Barrère, Abdelmalek Benzekri. How Can I Trust an X.509 Certificate? an Analysis of the Existing Trust Approaches. 41st IEEE Conference on Local Computer Networks (LCN 2016), Nov 2016, Dubai, United Arab Emirates. pp. 531-534. ⟨hal-01690136⟩



Record views


Files downloads