C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple public key certificate. Internet Draft draft-ietf-spki-cert-structure-05.txt, 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....to some other pieces of information such as a name or an authorization. To support the interoperability of applications, PKIs define certificate formats and semantics, as well as the process of verifying that a certificate is valid. 18] 4. 1 SPKI certificates Simple Public Key Infrastructure [1, 2, 3] is an Internet draft standard which defines public key certificates for authorization. SPKI is intended to provide mechanisms to support security in a wide range of Internet applications and to solve many of the problems regarding authorization in distributed environments. Some of the main ideas ....

....Distributed Object Oriented Systems 7 key1 key2 Can delegate rights validity subject issuer authorization delegation validity Signed with issuer s private key Figure 5. SPKI certificate structure An SPKI certificate is a signed message which consists of five security relevant elements [1]: issuer, subject, delegation, authorization and validity. The certificate is signed by issuer s private key and grants the specified authorization to subject. The validity field describes the conditions under which the certificate can be considered valid. This validity field is usually given as a ....

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas and T. Ylnen, Simple Public Key Certificate, Internet-Draft draft-ietf-spki-certstructure -05.txt, work in progress, Internet Engineering Task Force, March 1998.

....proofs of authority. SPKI sequences are poorly defined, but they are linear programs apparently intended to run on a simple verifier implemented as a stack machine. When certificates and opcodes are presented to the machine in the correct order, the machine arrives at the desired conclusion [8]. Transmitting proofs in a structured form rather than as SPKI sequences is attractive for three reasons. First, the structured proofs clearly exhibit their own meaning; to quote Abadi and Needham, every message should say what it means [2] Second, the structured proof components map one toone ....

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T. Ylonen. Simple public key certificate. Internet draft draft-ietf-spki-cert-structure-05.txt (expired), Mar. 1998.

....authentication frameworks exist; we mention a few here as examples. The Taos operating system provided support for secure remote procedure call and data structures to represent authority and identity [6] X.509 [15] is a widely used standard for expressing and using digital certificates. SPKI [4] and SDSI [14] since merged under the joint name SPKI) were reactions to the perceived complexity of X.509; in both cases the S stands for simple. PolicyMaker [3] is a language for expressing security policies; it can be applied to distributed security policies. Kerberos [12] unlike the ....

....interoperate, then a new framework does not need near universal deployment in order to attract users. A new framework can be used by a few people at first, while those people exploit interoperation to work with the rest of the world. 7. 1 SPKI As an example, we now describe how to encode the SPKI [4] framework. Certificates are the main data structure in SPKI; a certificate can encode a name to key binding or a name toprivileges binding. The SPKI specification describes how every certificate can be translated into a 5 tuple data 9 structure, and it gives rules for combining 5tuples to ....

[Article contains additional citation context not shown here]

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylonen. Simple Public Key Certificate. Internet Draft draft-ietf-spki-cert-structure-05.txt, 1998.

....information about the identity of the subject, i.e. a name, authorization certificates can also be used in situations where anonymity is desired. The concept of authorization certificates was first independently described in the SDSI [11] and PolicyMaker [3] prototype systems and the SPKI [4] initiative. 2.1 SPKI Certificates SPKI certificates are currently being standardized by the IETF. In the SPKI framework, all principals are keys. Delegations are made to a key, not to a keyholder as in identity certificates. Thus, SPKI certificates are conceptually closer to capabilities than ....

....of A 1 and A 2 , and V is the intersection of V 1 and V 2 . The forming of delegation chains and chain reduction of the corresponding certificates are key properties of SPKI. Reduction certificates can be used to improve chain reduction performance by shortening the chains to be verified. [4] [5] Name certificates. In addition to the normal SPKI certificates that define authorization, the SPKI definition includes a form of identity certificates called name certificates. They bind names to keys, allowing late binding of symbols into keys [5] and easier management by humans. That is, ....

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas and T. Ylnen, Simple Public Key Certificate, InternetDraft draft-ietf-spki-certstructure -05.txt, work in progress, Internet Engineering Task Force, March 1998.

....to be a very demanding task. Building secure cryptographic protocols is even harder, because in this case we have to be prepared for not just random errors in the network and end systems but also premeditated attackers trying to take advantage of any weaknesses in the design or implementation [5] [33] During the last ten years or so, much attention has been focused on the formal modeling and verification of cryptographic protocols (e.g. 26] However, the question how to apply these results to real design and implementation has received considerably less attention [2] 6] 22] Recent ....

....this copy and send it back to B, who can give this certified key record to other users, such as user C. A thus acts as an introducer of B to C. Each user must tell the PGP system which individuals are trusted as introducers. Moreover, a user may specify the degree of trust in each introducer. [5] X.509. As in PGP, X.509 certificates are signed records that associate users IDs with their cryptographic keys. Even if they also contain the names of the signature schemes used to create them and the time interval in which they are valid, their basic purpose is still the binding of users to ....

[Article contains additional citation context not shown here]

C. M. Ellison, B. Frantz, B. Lampson, R. Rivest, B. M. Thomas, and T.Ylnen, Simple Public Key Certificate, Internet-Draft draft-ietf-spki-certstructure -05.txt, work in progress, Internet Engineering Task Force, March 1998.

....on X.509 type certificates and a hierarchical tree of certification authorities (CAs) While this approach works for some application areas, e.g. in relations between governments, it is not suitable for others, since trust is inherently intransitive. The Simple Public Key Infrastructure (SPKI) [9] appears to us as a more widely applicable PKI. The Internet Security Association and Key Management Protocol (ISAKMP) 19] provides us with a standard way of securely generating keys and setting up security contexts. We expect a number of applicationspecific security protocols to be built on top ....

Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas and Tatu Ylönen, Simple Public Key Certificate, Internet-Draft draft-ietf-spki-cert-structure02. txt, work in progress, Internet Engineering Task Force, July 1997.

No context found.

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Simple public key certificate. Internet Draft draft-ietf-spki-cert-structure-05.txt, 1998.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC