Skip to Main content Skip to Navigation
Journal articles

Trust management for public key infrastructures: implementing the X.509 trust broker

Abstract : A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the certification authority (CA), the certificate holder (or subject), and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However, we argue that the application of this model on the Internet implies that web users need to depend on almost anyone in the world in order to use PKI technology. Thus, we believe that the current TLS system is not fit for purpose and must be revisited as a whole. In response, the latest draft edition of X.509 has proposed a new trust model by adding new entity called the Trust Broker (TB). In this paper, we present an implementation approach that a Trust Broker could follow in order to give RPs trust information about a CA by assessing the quality of its issued certificates. This is related to the quality of the CA’s policies and procedures and its commitment to them. Finally, we present our Trust Broker implementation that demonstrates how RPs can make informed decisions about certificate holders in the context of the global web, without requiring large processing resources themselves.
Keywords : Trust Broker
Complete list of metadatas

Cited literature [30 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01740029
Contributor : Open Archive Toulouse Archive Ouverte (oatao) <>
Submitted on : Wednesday, March 21, 2018 - 3:25:42 PM
Last modification on : Saturday, June 20, 2020 - 3:38:20 AM
Long-term archiving on: : Thursday, September 13, 2018 - 10:47:46 AM

File

wazan_18917.pdf
Files produced by the author(s)

Identifiers

Citation

Ahmad Samer Wazan, Romain Laborde, David W. Chadwick, François Barrère, Abdelmalek Benzekri, et al.. Trust management for public key infrastructures: implementing the X.509 trust broker. Security and Communication Networks, 2017, Vol. 2017 (ID 6907146), pp. 1-23. ⟨10.1155/2017/6907146⟩. ⟨hal-01740029⟩

Share

Metrics

Record views

368

Files downloads

765