A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)

Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support system for trust infrastructure deployment: the Public Key System (PKS). We describe the general architecture based on Distributed Hash Tables (DHTs), how it simplifies the deployment and usability of federated identities, and how existing infrastructures can be integrated into our system. This paper lays down the basis for the deployment of collaborative Internet-scale trust infrastructures.

[1]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[2]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part II - certificate-based key management , 1987, RFC.

[3]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[4]  Massimiliano Pala PKI Resource Query Protocol (PRQP) , 2009 .

[5]  S. Santesson Certificate and Certificate Revocation List (CRL) Profile , 2005 .

[6]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[7]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[8]  Ben Y. Zhao,et al.  Tapestry: An Infrastructure for Fault-tolerant Wide-area Location and , 2001 .

[9]  Karl Aberer,et al.  P-Grid: a self-organizing structured P2P system , 2003, SGMD.

[10]  Edward Fredkin,et al.  Trie memory , 1960, Commun. ACM.

[11]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[12]  Paul Traina,et al.  BGP-4 Protocol Analysis , 1995, RFC.

[13]  Tim Howes,et al.  Lightweight Directory Access Protocol , 1995, RFC.

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Abhay K. Bhushan,et al.  The File Transfer Protocol , 1971, Request for Comments.

[16]  Ben Y. Zhao,et al.  An Infrastructure for Fault-tolerant Wide-area Location and Routing , 2001 .

[17]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[18]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[19]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[20]  Steve Kent,et al.  Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management , 1989, RFC.

[21]  Rohit Khare,et al.  Upgrading to TLS Within HTTP/1.1 , 2000, RFC.

[22]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[23]  Sean W. Smith,et al.  PEACHES and Peers , 2008, EuroPKI.