Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Simplifying PKI usage through a client-server architecture and dynamic propagation of certificate paths and repository addresses

: Hunter, B.


Tjoa, A.M.:
13th International Workshop on Database and Expert Systems Applications 2002. Proceedings : 2 - 6 September 2002, Aix-en-Provence, France
Los Alamitos, Calif.: IEEE Computer Society, 2002
ISBN: 0-7695-1668-8
ISBN: 0-7695-1669-6
ISBN: 0-7695-1670-X
International Conference on Database and Expert Systems Applications (DEXA) <13, 2002, Aix-en-Provence>
Conference Paper
Fraunhofer SIT ()
public key infrastructure (PKI); Client/Server-Architektur; dynamic certificate path propagation; dynamic certificate repository address propagation; PKIX; logic; certificate parsing; certificate path building; policy management; certificate discovery; certificate retrieval; PKI server; client API; small client library; application development time; complexity; PKI server-to-server protocol

PKI deployment and use has not met its expectations. One reason that PKIX has not been fully accepted is due to the complexity of the system. Any application wishing to use PKI must implement complicated logic for certificate parsing, certificate path building and policy management. Certificate path building, in particular, is further complicated by the non-standardized method of certificate discovery and retrieval. Thus, many applications do not utilize or cannot utilize public key technology. We propose a new PKI server which offers access to PKI services and only requires a simple client API and a small client library that enables even resource-limited clients to be supported. This can greatly reduce application development time and complexity and allow PKI usage to propagate into more applications. Furthermore, we introduce the concept of a PKI server-to-server protocol which allows knowledge of certificate repositories and certificate paths to be shared among different PKI Servers. This technique will simplify the task of certificate retrieval and path building for individual PKI Servers.