A Notary Extension for the Online Certificate Status Protocol

X.509 certificates are data structures that bind public key values to subjects. This binding aids in the proper identification and authentication of communicating parties. The current X.509 certificate status validation method is imperfect, and under certain circumstances it is possible to establish...

Full description

Saved in:
Bibliographic Details
Published in2013 International Conference on Social Computing pp. 1016 - 1021
Main Authors Ekechukwu, Chikaodili, Lindskog, Dale, Ruhl, Ron
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.09.2013
Subjects
Certificate Authority (CA)
Convergence
History
Man-in-the-Middle (MitM)
Notary
Online Certificate Status Protocol (OCSP)
Proposals
Protocols
Public key
Public Key Infrastructure (PKI)
Secure Socket Layer (SSL)
Servers
Transport Layer Protocol (TLS)
X.509 Certificate
Online AccessGet full text
DOI10.1109/SocialCom.2013.163

Cover

More Information
Summary:X.509 certificates are data structures that bind public key values to subjects. This binding aids in the proper identification and authentication of communicating parties. The current X.509 certificate status validation method is imperfect, and under certain circumstances it is possible to establish a 'secure' connection using a rogue X.509 certificate. This paper reviews the current X.509 certificate status validation check and its limitations, and recommends extending the Online Certificate Status Protocol (OCSP) to include a notary query. We argue that this extension will significantly increase detection of rogue certificates presented during TLS/SSL connections.
DOI:10.1109/SocialCom.2013.163