Cryptography Reference
In-Depth Information
Finally in this chapter, we looked at some alternatives to using public-key
certificates to manage public keys. We observed that each of these solves some
problems, but introduces new ones. It is thus likely that alternatives such as IDPKC
may find niche applications, but will never fully 'replace' the use of certificate-based
approaches to public-key management.
A good guide to certificate-based public-key management is Adams and Lloyd [21].
There are also informative chapters on public-key management in Garfinkel and
Spafford [88], Ford and Baum [83], and Ferguson, Schneier and Kohno [75]. In
terms of standards, the most well known public-key management standard is X.509,
which is specified as part 8 of ISO 9594 [16]. This standard includes a public-key
certificate format and a certificate revocation list format. The most-used public-key
certificate format is X.509 v3, which is also specified in RFC 5280 [49] and often
referred to as a PKIX certificate. Formats for attribute certificates are provided in
RFC 3281 [73]. Other general standards relating to public-key management include
ISO/IEC 15945 [9] and the banking standard ISO 15782 [8]. NIST 800-32 [133]
provides an introduction to public-keymanagement and outlines the approach taken
by the US government. More specific standards include RFC 2511 [127] which deals
with certificate requests and includes a proof of possession mechanism (there is also
one in ISO 15945 [9]) and RFC 2560 [128], which describes OCSP. ISO 21188 [14]
discusses governance of public-key management systems, including root key pair
generation ceremonies.
Some organisations initially adopted public-key cryptography without necessarily
being aware of all of the complexities of public-key management. Ellison and
Schneier [70] produced a well-publicised note of caution that outlines ten 'risks' of
public-key management. An interesting review of the public-key management issues
experienced by a number of organisations is provided by Price [158]. For many
people, the most familiar public-key management application is the use of public-
key certificates to support SSL/TLS in web applications. A report by KPMG [111]
outlines the fragility of this public-key management model by indicating a number of
points of weakness, as well as indicating how these vulnerabilities can be addressed.
One alternative to using a certificate-based public-key management system is
to use a web of trust, with the Wikipedia portal [204] being a good place to
start for details and criticisms of this approach. Explanations of some identity-
based encryption algorithms can be found in Stinson [185]. A more detailed
investigation of IDPKC, including attribute-based encryption schemes, is Joye and
Neven [103]. IEEE P1363.3 [148] is a draft standard that specifies a number of
different IDPKC primitives. An interesting comparison of the different issues involved
with implementing certificate-based and identity-based public-key cryptography is
Paterson and Price [153].
