• DocumentCode
    1846330
  • Title

    ECL: A TLS Extension for Authentication in Complex PKIs

  • Author

    Rabinovich, Paul

  • Author_Institution
    Exostar LLC, Herndon, VA
  • fYear
    2008
  • fDate
    18-21 Nov. 2008
  • Firstpage
    2210
  • Lastpage
    2215
  • Abstract
    The existing versions of the SSL and TLS protocols allow servers to request end-entity X.509 certificates from clients by specifying a list of certificate authorities (CAs) they trust. This model is insufficient in complex PKI meshes because clients and servers separately may not possess enough information about the trust fabric to which they are attached. To address the problem, we propose a simple TLS extension (called ECL) that permits servers to select a set of suitable certificates from the set of all end-entity certificates available to the client. The extension is especially suitable for low-powered clients since most of the work on path construction and analysis is performed by the server.
  • Keywords
    authorisation; protocols; public key cryptography; ECL; SSL protocols; TLS protocols; certificate authorities; complex PKIs; end-entity X.509 certificates; public key infrastructure; Authentication; Bridges; Certification; Content addressable storage; Fabrics; Performance analysis; Proposals; Protocols; Prototypes; Public key; Authentication; SSL/TLS; X.509 certificate; public key infrastructure;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for
  • Conference_Location
    Hunan
  • Print_ISBN
    978-0-7695-3398-8
  • Electronic_ISBN
    978-0-7695-3398-8
  • Type

    conf

  • DOI
    10.1109/ICYCS.2008.273
  • Filename
    4709316
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1846330