Secure in-band update of trusted certificates

Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99) Pub Date : 1999-06-16 DOI:10.1109/ENABL.1999.805194

James M. Hayes

{"title":"Secure in-band update of trusted certificates","authors":"James M. Hayes","doi":"10.1109/ENABL.1999.805194","DOIUrl":null,"url":null,"abstract":"The certificate authority (CA) is the central trust point in a public key infrastructure (PKI). Great care should be taken by users when they make a decision to trust a CA. Unfortunately, the average user will rely on the software to provide an appropriate security warning when something has gone wrong and therefore may not give much thought to the decision when performing such a security operation. The updating of a CA certificate is an issue that needs to be accomplished in a secure manner with little or no intervention by a user. Techniques are now in use that can allow for update of a CA's certificate. The Secure Electronic Transaction's (SET) root certificate update method is just one example, but in a specialized case. This paper discusses a practical solution that potentially any CA could use to provide a secure in-band update of a CA's X.509 v3 certificate into a user's personal security environment (PSE). A method is also discussed that Java programmers can use for update of self-signed X.509 v1 personal certificates in Java keystores as well.","PeriodicalId":287840,"journal":{"name":"Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.1999.805194","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The certificate authority (CA) is the central trust point in a public key infrastructure (PKI). Great care should be taken by users when they make a decision to trust a CA. Unfortunately, the average user will rely on the software to provide an appropriate security warning when something has gone wrong and therefore may not give much thought to the decision when performing such a security operation. The updating of a CA certificate is an issue that needs to be accomplished in a secure manner with little or no intervention by a user. Techniques are now in use that can allow for update of a CA's certificate. The Secure Electronic Transaction's (SET) root certificate update method is just one example, but in a specialized case. This paper discusses a practical solution that potentially any CA could use to provide a secure in-band update of a CA's X.509 v3 certificate into a user's personal security environment (PSE). A method is also discussed that Java programmers can use for update of self-signed X.509 v1 personal certificates in Java keystores as well.

查看原文本刊更多论文

安全的受信任证书带内更新

证书颁发机构(CA)是公钥基础设施(PKI)中的中心信任点。当用户决定信任CA时，应该非常小心。不幸的是，当出现问题时，普通用户将依赖软件提供适当的安全警告，因此在执行此类安全操作时，可能不会对决策考虑太多。CA证书的更新是一个需要以安全的方式完成的问题，很少或根本不需要用户的干预。现在正在使用的技术允许更新CA的证书。安全电子事务(Secure Electronic Transaction, SET)根证书更新方法只是一个例子，但它是一种特殊情况。本文讨论了一种实用的解决方案，任何CA都可以使用它向用户的个人安全环境(PSE)提供CA的X.509 v3证书的安全带内更新。本文还讨论了一种方法，Java程序员也可以使用这种方法来更新Java密钥库中的自签名X.509 v1个人证书。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99)

自引率

0.00%

发文量