Web浏览器中存在多个根的问题——证书伪装

Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253) Pub Date : 1998-06-17 DOI:10.1109/ENABL.1998.725710

James M. Hayes

{"title":"Web浏览器中存在多个根的问题——证书伪装","authors":"James M. Hayes","doi":"10.1109/ENABL.1998.725710","DOIUrl":null,"url":null,"abstract":"Much work is going into securing the public key infrastructure (PKI). Various models for trust exist; Pretty Good Privacy (PGP) and the Progressive-Constraint Trust model are examples. These models describe how to protect and ensure the interrelationships of their certificate based structures; however, vulnerabilities may arise when structures based on certificate authorities (CAs) are involved. The vulnerability is based upon multiple root certificate authorities. The paper examines the need for improved methods for verifying the binding of a certificate authority (root) to the source of a protocol's messages. The protection mechanisms developed for protecting and ensuring this binding within a CA hierarchy can break down in environments where multiple roots exist. This can lead to the possibility of a CA undermining the trust placed in a peer CA.","PeriodicalId":321059,"journal":{"name":"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"The problem with multiple roots in Web browsers-certificate masquerading\",\"authors\":\"James M. Hayes\",\"doi\":\"10.1109/ENABL.1998.725710\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Much work is going into securing the public key infrastructure (PKI). Various models for trust exist; Pretty Good Privacy (PGP) and the Progressive-Constraint Trust model are examples. These models describe how to protect and ensure the interrelationships of their certificate based structures; however, vulnerabilities may arise when structures based on certificate authorities (CAs) are involved. The vulnerability is based upon multiple root certificate authorities. The paper examines the need for improved methods for verifying the binding of a certificate authority (root) to the source of a protocol's messages. The protection mechanisms developed for protecting and ensuring this binding within a CA hierarchy can break down in environments where multiple roots exist. This can lead to the possibility of a CA undermining the trust placed in a peer CA.\",\"PeriodicalId\":321059,\"journal\":{\"name\":\"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1998-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ENABL.1998.725710\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ENABL.1998.725710","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

摘要

在确保公钥基础设施(PKI)的安全方面正在进行大量工作。存在各种各样的信任模式;Pretty Good Privacy (PGP)和Progressive-Constraint Trust模型就是例子。这些模型描述了如何保护和确保其基于证书的结构之间的相互关系;但是，当涉及到基于证书颁发机构(ca)的结构时，可能会出现漏洞。该漏洞基于多个根证书颁发机构。本文探讨了验证证书颁发机构(根)到协议消息源的绑定的改进方法的必要性。为在CA层次结构中保护和确保这种绑定而开发的保护机制在存在多个根的环境中可能会失效。这可能导致CA破坏对对等CA的信任。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

The problem with multiple roots in Web browsers-certificate masquerading

Much work is going into securing the public key infrastructure (PKI). Various models for trust exist; Pretty Good Privacy (PGP) and the Progressive-Constraint Trust model are examples. These models describe how to protect and ensure the interrelationships of their certificate based structures; however, vulnerabilities may arise when structures based on certificate authorities (CAs) are involved. The vulnerability is based upon multiple root certificate authorities. The paper examines the need for improved methods for verifying the binding of a certificate authority (root) to the source of a protocol's messages. The protection mechanisms developed for protecting and ensuring this binding within a CA hierarchy can break down in environments where multiple roots exist. This can lead to the possibility of a CA undermining the trust placed in a peer CA.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253)

自引率

0.00%

发文量