More Web Proxy on the site http://driver.im/

Article

Public key distribution through "cryptoIDs"

Author:

Trevor PerrinAuthors Info & Claims

NSPW '03: Proceedings of the 2003 workshop on New security paradigms

Pages 87 - 102

https://doi.org/10.1145/986655.986669

Published: 13 August 2003 Publication History

Abstract

In this paper, we argue that person-to-person key distribution is best accomplished with a key-centric approach, instead of PKI: users should distribute public key fingerprints in the same way they distribute phone numbers, postal addresses, and the like. To make this work, fingerprints need to be small, so users can handle them easily; multipurpose, so only a single fingerprint is needed for each user; and long-lived, so fingerprints don't have to be frequently redistributed. We show how these qualities can be achieved with simple and well-understood techniques. The chief technique is for each user to store a root key in a highly secure environment and use it to certify subkeys for use in more convenient environments. Certificate formats like X.509, PGP, and SPKI could be used for this, but we argue that a format designed expressly for this could do a better job; thus we design the cryptoID certificate format.

References

[1]

T. Aura. Cryptographically Generated Addresses (CGA). To Appear in Information Security Conference 2003, 2003. http://research.microsoft.com/users/tuomaura/CGA/

[2]

P. V. Biron and A. Malhotra. W3C Recommendation: XML Schema Part 2: Datatypes, May 2001. http://www.w3.org/TP/xmlschema-2/

[3]

I. Brown. RE: OpenPGP Sub Keys (Was: key flag for authentication). OpenPGP Mailing List, June 2003. http://www.imc.org/ietf-openpgp/mail- archive/msg05207.html

[4]

I. Brown, A. Back, and B. Laurie. Internet-Draft: Forward Secrecy Extensions for OpenPGP, April 2002. http://www.cs.ucl.ac.uk/staff/I.Brown/draft-brown-pgp-pfs-03.txt

[5]

R. Butler, D. Engert, I. Foster, C. Kesselman and S. Tuecke. A National-Scale Authentication Infrastructure. IEEE Computer, 33(12), 2000. http://www.globus.org/documentation/incoming/butler.pdf

Digital Library

[6]

J. Callas, L Donnerhacke, H. Finney, and R. Thayer. RFC 2440: OpenPGP Message Format, November 1998 http://www.ietf.org/rfc/rfc2440.txt

Digital Library

[7]

T. Close. What Does the 'y' Refer to?, July 2003. http://www.waterken.com/dev/YURL/Definition/

[8]

M. Cooper et. al. Internet Draft: Internet X.509 Public Key Infrastructure: Certification Path Building, February 2003. http://www.ietf.org/internet-drafts/draft-ietf-pkix-certpathbuild-00.txt

[9]

T. Dierks and C. Allen. RFC 2246: The TLS Protocol Version 1.0, January 1999 http://www.ietf.org/rfc/rfc2246.txt

Digital Library

[10]

W. Diffie and M. E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22, 1976. http://citeseer.nj.nec.com/340126.html

[11]

D. Eastlake, J. Reagle, and D. Solo. RFC 3075: XML-Signature Syntax and Processing, March 2001. http://www.ietf.org/rfc/rfc3075.txt

Digital Library

[12]

D. Eastlake and J. Reagle. W3C Recommendation: XML Encryption Syntax and Processing, December 2002. http://www.w3.org/TR/xmlenc-core/

[13]

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. Internet Draft: Simple Public Key Certificate, July 1999. http://world.std.com/~cme/spki.txt

[14]

C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. RFC 2693: SPKI Certificate Theory, September 1999. http://www.ietf.org/rfc/rfc2693.txt

Digital Library

[15]

Ibid., 1.1.

[16]

Ibid., 4.5.3.4

[17]

Ibid., 5.3.

[18]

Ibid., 5.5.

[19]

Ibid., 7.

[20]

Ibid., 7.6.

[21]

I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A Security Architecture for Computational Grids. Proceedings of the 5th ACM Conference on Computer and Communications Security, 1998. ftp://ftp.globus.org/pub/globus/papers/security.pdf

Digital Library

[22]

P. Gutmann. X.509 Style Guide, October 2000. http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

[23]

P. Gutmann. Everything you Never Wanted to Know about PKI but were Forced to Find Out. http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf

[24]

P. Hallam-Baker. W3C Working Draft: XML Key Management Specification Version 2.0, April 2003. http://www.w3.orgTR/xkms2/

[25]

R. Housley, W. Polk, W. Ford, and D. Solo. RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, April 2002 http://www.ietf.org/rfe/rfc3280.txt

Digital Library

[26]

C. Kaufman. Internet Draft: Internet Key Exchange (IKEv2) Protocol, August 2003. http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-10.txt

[27]

W. Koch. RE: OpenPGP Sub Keys. OpenPGP Mailing List, June 2003. http://www.imc.org/ietf-openpgp/mail-archive/msg05209.html

[28]

IETF IPsec Working Group (ipsec) http://www.ietf.org/html.charters/ipsec-charter.html

[29]

IETF OpenPGP Working Group (openpgp). http://www.ietf.org/html.charters/openpgp-charter.html

[30]

IETF Public Key Infrastructure Working Group (pkix). http://www.ietf.org/html.charters/pkix-charter.html

[31]

IETF S/MIME Working Group (smime) http://www.ietf.org/html.charters/smime-charter.html

[32]

IETF TLS Working Group (tls) http://www.ietf.org/html.charters/tls-charter.html

[33]

A. Malpani, R. Housley, and T. Freeman. Internet Draft: Simple Certificate Validation Protocol (SCVP), June 2003. http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-12.txt

[34]

N. Mavroyanopoulos. Internet Draft: Using OpenPGP keys for TLS authentication, April 2003. http://www.ietf.org/internet-drafts/draft-ietf-tls-openpgp-keys-03.txt

[35]

M. Miller. Lambda For Humans - The Pet Name Markup Language. http://www.erights.org/elib/capability/pnml.html

[36]

M. Miller, C. Morningstar and B. Frantz. Capability-based Financial Instruments. Proceedings of Financial Cryptography, 2000. http://www.erights.org/elib/capability/ode/index.html

Digital Library

[37]

M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams. RFC 2560:X.509 Internet Public Key Infrastructure Online Certificate Status Protocol, June 1999. http://www.ietf.org/rfc/rfc2560.txt

Digital Library

[38]

J. Novotny, S. Tuecke, and V. Welch. An Online Credentials Repository for the Grid: MyProxy. Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), August 2001. http://www.globus.org/research/papers/myproxy.pdf

Digital Library

[39]

D. Pinkas and R. Housley. RFC 3379: Delegated Path Validation and Delegated Path Discovery Protocol Requirements, September 2002. http://www.ietf.org/rfc/ffc3379.txt

Digital Library

[40]

R. Rivest. Internet-Draft: S-Expressions, May 1997. http://theory.lcs, mit.edu/~rivest/sexp.txt

[41]

R. Rivest and B. Lampson. SDSI -- A Simple Distributed Security Infrastructure. Presented at Crypto '96 Rump Session, 1996. http://theory.lcs.mit.edu/~cis/sdsi.html

[42]

D. Taylor, T. Wu, N. Mavroyanopoulos, and T. Perrin. Internet-Draft: Using SRP for TLS Authentication, June 2003. http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt

[43]

S. Tuecke et. al. Internet Draft: Internet X.509 Public Key Infrastructure Proxy Certificate Profile, August 2003. http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-08.txt

[44]

A. Whitten and J. D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. 8th Usenix Security Symposium, 1999. http://www-2.cs.cmu.edu/~alma/johnny.pdf

Digital Library

[45]

Ibid., 4.4.

[46]

Ibid., 5.3. "Deciding whether to trust keys from the keyserver ".

[47]

Ibid., 5.3. "Getting other people's public keys".

Cited By

Paul TFamulari AStrufe T(2014)A survey on decentralized Online Social NetworksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2014.10.00575:PA(437-452)Online publication date: 24-Dec-2014
https://dl.acm.org/doi/10.1016/j.comnet.2014.10.005
Vincent PSathiyamoorthy E(2013)A novel and efficient key sharing technique for web applications2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT)10.1109/ICCCNT.2013.6726576(1-5)Online publication date: Jul-2013
https://doi.org/10.1109/ICCCNT.2013.6726576
Anderson JDiaz CBonneau JStajano FCrowcroft JKrishnamurthy B(2009)Privacy-enabling social networking over untrusted networksProceedings of the 2nd ACM workshop on Online social networks10.1145/1592665.1592667(1-6)Online publication date: 17-Aug-2009
https://dl.acm.org/doi/10.1145/1592665.1592667
Show More Cited By

Index Terms

Public key distribution through "cryptoIDs"

Recommendations

Use of nested certificates for efficient, dynamic, and trust preserving public key infrastructure

Certification is a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called public key infrastructure (PKI), and verify the ...
RIKE: using revocable identities to support key escrow in PKIs
ACNS'12: Proceedings of the 10th international conference on Applied Cryptography and Network Security

Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality, require key escrow in certain scenarios; while some others such as non-repudiation, prohibit key escrow. Moreover, these ...
Scalable policy driven and general purpose public key infrastructure (PKI)
ACSAC '00: Proceedings of the 16th Annual Computer Security Applications Conference

This paper describes a flexible and general purpose PKI platform. Providing an easily interoperable security infrastructure. Developed at AT&T; Labs, the architecture is part of the UCAID/Internet2 efforts in PKI and scalable security. The architecture ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

NSPW '03: Proceedings of the 2003 workshop on New security paradigms

August 2003

127 pages

ISBN:1581138806

DOI:10.1145/986655

Editors:
Christian F. Hempelmann,
Victor Raskin,
General Chair:
O. Sami Saydjari,
Program Chairs:
Simon Foley,
R. Sekar

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 August 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

NSPW03

Sponsor:

SIGSAC
ACSA

NSPW03: New Security Paradigms and Workshop

August 18 - 21, 2003

Ascona, Switzerland

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
967
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Paul TFamulari AStrufe T(2014)A survey on decentralized Online Social NetworksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2014.10.00575:PA(437-452)Online publication date: 24-Dec-2014
https://dl.acm.org/doi/10.1016/j.comnet.2014.10.005
Vincent PSathiyamoorthy E(2013)A novel and efficient key sharing technique for web applications2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT)10.1109/ICCCNT.2013.6726576(1-5)Online publication date: Jul-2013
https://doi.org/10.1109/ICCCNT.2013.6726576
Anderson JDiaz CBonneau JStajano FCrowcroft JKrishnamurthy B(2009)Privacy-enabling social networking over untrusted networksProceedings of the 2nd ACM workshop on Online social networks10.1145/1592665.1592667(1-6)Online publication date: 17-Aug-2009
https://dl.acm.org/doi/10.1145/1592665.1592667
Chomsiri T(2007)HTTPS Hacking ProtectionProceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 0110.1109/AINAW.2007.200(590-594)Online publication date: 21-May-2007
https://dl.acm.org/doi/10.1109/AINAW.2007.200
Xia HBrustoloni JEllis AHagino T(2005)Hardening Web browsers against man-in-the-middle and eavesdropping attacksProceedings of the 14th international conference on World Wide Web10.1145/1060745.1060817(489-498)Online publication date: 10-May-2005
https://dl.acm.org/doi/10.1145/1060745.1060817

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents