Policy‐directed certificate retrieval

Any large scale security architecture that uses certificates to provide security in a distributed system will need some automated support for moving certificates around in the network. We believe that for efficiency, this automated support should be tied closely to the consumer of the certificates: the policy verifier. As a proof of concept, we have built QCM, a prototype policy language and verifier that can direct a retrieval mechanism to obtain certificates from the network. Like previous verifiers, QCM takes a policy and certificates supplied by a requester and determines whether the policy is satisfied. Unlike previous verifiers, QCM can take further action if the policy is not satisfied: QCM can examine the policy to decide what certificates might help satisfy it and obtain them from remote servers on behalf of the requester. This takes place automatically, without intervention by the requester; there is no additional burden placed on the requester or the policy writer for the retrieval service we provide. We present examples that show how our technique greatly simplifies certificate‐based secure applications ranging from key distribution to ratings systems, and that QCM policies are simple to write. We describe our implementation, and illustrate the operation of the prototype. Copyright © 2000 John Wiley & Sons, Ltd.

[1]  Angelos D. Keromytis,et al.  A secure PLAN , 1999, IEEE Trans. Syst. Man Cybern. Part C.

[2]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[3]  François Rouaix A Web Navigator with Applets in Caml , 1996, Comput. Networks.

[4]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Joan Feigenbaum,et al.  Managing trust in an information-labeling system , 1997, Eur. Trans. Telecommun..

[6]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[7]  Carl A. Gunter,et al.  Generalized certificate revocation , 2000, POPL '00.

[8]  P. Resnick FILTERING INFORMATION ON THE INTERNET , 1997 .

[9]  Paul Resnick,et al.  PICS: Internet access controls without censorship , 1996, CACM.

[10]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[11]  Carl A. Gunter,et al.  PLANet: an active internetwork , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[12]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[13]  Carl A. Gunter,et al.  PLAN: a packet language for active networks , 1998, ICFP '98.

[14]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[15]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[16]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.