Title :
ECL: A TLS Extension for Authentication in Complex PKIs
Author :
Rabinovich, Paul
Author_Institution :
Exostar LLC, Herndon, VA
Abstract :
The existing versions of the SSL and TLS protocols allow servers to request end-entity X.509 certificates from clients by specifying a list of certificate authorities (CAs) they trust. This model is insufficient in complex PKI meshes because clients and servers separately may not possess enough information about the trust fabric to which they are attached. To address the problem, we propose a simple TLS extension (called ECL) that permits servers to select a set of suitable certificates from the set of all end-entity certificates available to the client. The extension is especially suitable for low-powered clients since most of the work on path construction and analysis is performed by the server.
Keywords :
authorisation; protocols; public key cryptography; ECL; SSL protocols; TLS protocols; certificate authorities; complex PKIs; end-entity X.509 certificates; public key infrastructure; Authentication; Bridges; Certification; Content addressable storage; Fabrics; Performance analysis; Proposals; Protocols; Prototypes; Public key; Authentication; SSL/TLS; X.509 certificate; public key infrastructure;
Conference_Titel :
Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for
Conference_Location :
Hunan
Print_ISBN :
978-0-7695-3398-8
Electronic_ISBN :
978-0-7695-3398-8
DOI :
10.1109/ICYCS.2008.273
