A PKI Approach Targeting the Provision of a Minimum Security Level within Internet

Abstract

After decades of expansion, Internet became an essential tool useful for professionals and private individuals providing a large range of services like entailing, management of bank accounts, reservation of hotels, train time schedules, real time traffic information, Internet search... If not targeted at the beginning, information system security became rapidly a key challenge for professionals and strong security solutions emerged on the market mainly for professionals. Internet security is thus today two-speed: pretty strong security for professionals or private individuals anxious to protect their computer equipments and no security for professionals or private individuals who can not afford security products and do no have sufficient technical expertise to set up cheap solutions by themselves. In this context, this paper targets the provision of a minimum security level within internet by defining a PKI solution based on LDAP and DNS (extended with DNSSEC). The originality of the paper is related to the design of the chain of trust that is built over both LDAP and DNSSEC PKIs, the certificate verification method, and indications to extend those concepts to the secure emailing application