Title :
The problem with multiple roots in Web browsers-certificate masquerading
Author_Institution :
Office of INFOSEC Res. & Technol., Fort George G. Meade, MD, USA
Abstract :
Much work is going into securing the public key infrastructure (PKI). Various models for trust exist; Pretty Good Privacy (PGP) and the Progressive-Constraint Trust model are examples. These models describe how to protect and ensure the interrelationships of their certificate based structures; however, vulnerabilities may arise when structures based on certificate authorities (CAs) are involved. The vulnerability is based upon multiple root certificate authorities. The paper examines the need for improved methods for verifying the binding of a certificate authority (root) to the source of a protocol´s messages. The protection mechanisms developed for protecting and ensuring this binding within a CA hierarchy can break down in environments where multiple roots exist. This can lead to the possibility of a CA undermining the trust placed in a peer CA
Keywords :
Internet; certification; data privacy; online front-ends; protocols; public key cryptography; Pretty Good Privacymodel; Progressive-Constraint Trust model; Web browsers; certificate authority binding verification; certificate masquerading; multiple root certificate authorities; protection mechanisms; protocol message source; public key infrastructure; security; Authentication; Internet; Monitoring; Network servers; Protocols; Public key; Stock markets; Telecommunication traffic; Uniform resource locators; Web server;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998. (WET ICE '98) Proceedings., Seventh IEEE International Workshops on
Conference_Location :
Stanford, CA
Print_ISBN :
0-8186-8751-7
DOI :
10.1109/ENABL.1998.725710
