Abstract :
Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have put the security and usefulness of the Internet public-key infrastructure (PKI) at stake. In this article, the author argues that such attacks are likely to occur repeatedly and that respective countermeasures must be designed, implemented, and put in place. In particular, he discusses two problem areas in which countermeasures are needed: certificate revocation and certificate authorization. Both areas are related and can be subsumed under the term "certificate legitimation."\´ The author introduces the notion of certificate legitimation, discusses some recent proposals, and outlines new areas of research and development.
Keywords :
Internet; certification; public key cryptography; CAs; Internet public-key infrastructure; PKI; certificate authorization; certificate legitimation; certificate revocation; certification authority; public- key cryptography; Certification; Computer crime; Computer security; Face recognition; Internet; Public key cryptography; Software development; Internet security; SSL; TLS; certificate authorization; certificate legitimation; certificate revocation; man-in-the-middle attack; public-key certificates; public-key infrastructure;
