论文信息 - Cert'eM: Certification System Based on Electronic Mail Service Structure

Cert'eM: Certification System Based on Electronic Mail Service Structure

Public-Key Infrastructures are considered the basis of the protocols and tools needed to guarantee the security demanded for new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert'eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert'eM provides secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. The system, developed and tested at the University of Malaga, was recently selected by RedIRIS, the National Research and Academic Network in Spain, to provide the public key service for its secure electronic mail.

Antonio Maña | Javier López | Juan J. Ortega

[1] Derek R. Atkins,et al. Scaling the Web of Trust: Combining Kerberos and PGP to Provide Large Scale Authentication , 1995, USENIX Winter.

[2] John T. Kohl,et al. The Kerberos Network Authentication Service (V5 , 2004 .

[3] Donald E. Eastlake,et al. Storing Certificates in the Domain Name System (DNS) , 1999, RFC.

[4] Ronald L. Rivest,et al. Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[5] Ravi Ganesan,et al. Yaksha: augmenting Kerberos with public key cryptography , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[6] Carl M. Ellison,et al. SPKI Requirements , 1999, RFC.

[7] Don Davis. Kerberos Plus RSA for World Wide Web Security , 1995, USENIX Workshop on Electronic Commerce.

[8] Butler W. Lampson,et al. SPKI Certificate Theory , 1999, RFC.

[9] John T. Kohl. The use of Encryption in Kerberos for Network Authentication , 1989, CRYPTO.

[10] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[11] Donald E. Eastlake,et al. Domain Name System Security Extensions , 1997, RFC.

[12] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.