In this paper, we consider the relation of non-repudiation and certificate management. In particular, we analyse a recent proposal by Buldas, Laud and Lipmaa (ACM CCS ’2000) for accountable certificate management and its application for use with SPKI certificates. The main idea of the accountable certificate management model is to provide undeniable attestations about the validity of any particular certificate. The model reduces a Certificate Authority’s possibilities of colluding with a user to produce contradicting evidence of a certificate’s validity. The model was developed for application with the legal system, and not for our “regular” PKIs we use every day. Consequently, it is not directly applicable for e.g. SPKI. Nevertheless, if we slightly modify both the model and the SPKI revocation syntax, the model does work in this setting as well. In this paper, we present some previously unpublished strengths and weaknesses of the accountable certificate management model. In addition, we have proposed a few modifications to the SPKI syntax to accomodate this model.
[1]
Peeter Laud,et al.
New linking schemes for digital time-stamping
,
1998,
ICISC.
[2]
Peeter Laud,et al.
Accountable certificate management using undeniable attestations
,
2000,
CCS.
[3]
Ronald L. Rivest,et al.
Can We Eliminate Certificate Revocations Lists?
,
1998,
Financial Cryptography.
[4]
Tero Hasu,et al.
A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems
,
2000,
NDSS.
[5]
Udo W. Pooch,et al.
Computer system and network security
,
1995
.
[6]
Jaak Henno,et al.
SECURE AND EFFICIENT TIME-STAMPING SYSTEMS
,
1999
.
[7]
Moni Naor,et al.
Certificate revocation and certificate update
,
1998,
IEEE Journal on Selected Areas in Communications.
[8]
Ahto Buldas,et al.
Optimally Efficient Accountable Time-Stamping
,
2000,
Public Key Cryptography.
[9]
Jan Willemson,et al.
Time-Stamping with Binary Linking Schemes
,
1998,
CRYPTO.