• DocumentCode
    1453
  • Title

    Certification Authorities Under Attack: A Plea for Certificate Legitimation

  • Author

    Oppliger, Rolf

  • Volume
    18
  • Issue
    1
  • fYear
    2014
  • fDate
    Jan.-Feb. 2014
  • Firstpage
    40
  • Lastpage
    47
  • Abstract
    Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have put the security and usefulness of the Internet public-key infrastructure (PKI) at stake. In this article, the author argues that such attacks are likely to occur repeatedly and that respective countermeasures must be designed, implemented, and put in place. In particular, he discusses two problem areas in which countermeasures are needed: certificate revocation and certificate authorization. Both areas are related and can be subsumed under the term "certificate legitimation."\´ The author introduces the notion of certificate legitimation, discusses some recent proposals, and outlines new areas of research and development.
  • Keywords
    Internet; certification; public key cryptography; CAs; Internet public-key infrastructure; PKI; certificate authorization; certificate legitimation; certificate revocation; certification authority; public- key cryptography; Certification; Computer crime; Computer security; Face recognition; Internet; Public key cryptography; Software development; Internet security; SSL; TLS; certificate authorization; certificate legitimation; certificate revocation; man-in-the-middle attack; public-key certificates; public-key infrastructure;
  • fLanguage
    English
  • Journal_Title
    Internet Computing, IEEE
  • Publisher
    ieee
  • ISSN
    1089-7801
  • Type

    jour

  • DOI
    10.1109/MIC.2013.5
  • Filename
    6407464
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1453