Rethinking PKI: What's Trust Got to Do with It?
ADVANCES IN CRYPTOLOGY - EUROCRYPT 2002, PROCEEDINGS(2002)
摘要
Much of the literature related to public key infrastructure (PKI) uses terms such as “trust” extensively and assumes that
certification authorities (CAs) are trusted third parties (TTPs). It is certainly true that the best known CAs today are commercial
TTPs, and such CAs have played an important role in making the general public aware of PKIs. But, not all PKIs need adopt
this sort of CA model, in which relying parties are required to make value judgments about the trustworthiness of the organizations
that operate CAs. PKIs are not intrinsically valuable. They are infrastructures that, if successful, facilitate authentication
and authorization services based on the use of public key cryptography. Thus it is appropriate to ask questions about these
services:
–
In what context are these services being employed?
–
What forms of identifiers are meaningful for the context?
–
Does the context relate to existing physical world, or does it exist only in cyberspace?
–
Are the services offered to anyone, or are they intended for identifiable user populations?
–
Are their existing organizational entities that are authoritative for the authentication or authorization information contained
in the certificates issued by the CAs?
更多查看译文
关键词
trusted third party,certificate authority,public key cryptography,public key infrastructure
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要