Chapter 19: Public Key Infrastructures

Team-Fly

In Chapter 5, we introduced public key cryptography and the notion of public key certificates. In Part III, we used public key certificates in cryptographic security protocols without addressing the question on how to establish and actually deploy a public key infrastructure (PKI). This question is further addressed in this chapter. More specifically, we introduce the topic in Section 19.1, focus on public key certificates and attribute certificates in Sections 19.2 and 19.3, overview and discuss the work of the relevant IETF working group (i.e., the IETF PKIX WG) in Section 19.4, address certificate revocation in Section 19.5, and conclude with some final remarks in Section 19.6. Parts of this chapter are taken from Chapter 8 of [1] and Chapter 13 of [2]. Further information about public key certificates and PKIs also can be found in [3–5].

19.1 INTRODUCTION

According to RFC 2828, the term certificate refers to "a document that attests to the truth of something or the ownership of something" [6]. Historically, the term was coined and first used by Loren M. Kohnfelder to refer to a digitally signed record holding a name and a public key [7]. As such, the certificate attests to the legitimate ownership of a public key and attributes a public key to a principal, such as a person, a hardware device, or any other entity. As discussed in Chapter 5, the resulting certificates are called public key certificates.

More generally and in accordance with RFC 2828, a certificate can not only be used to attest to the legitimate ownership of a public key (in the case of a public key certificate), but also to attest to the truth of any property attributed to a specific certificate owner. This more general class of certificates is commonly referred to as attribute certificates. Consequently, the major difference between a public key certificate and an attribute certificate is that the former includes a public key (the key that is certified), whereas the latter includes a list of attributes (the attributes that are certified).

In either case, the certificates are issued (and possibly revoked) by an authority that is recognized and trusted by some community of users. Authorities that issue (and possibly revoke) public key certificates and attribute certificates are named differently:

• An authority that issues public key certificates is called a certification authority (CA).^[1]

• Contrary to that, an authority that issues attribute certificates is called an attribute authority (AA).

Against this background, a PKI is "a system of CAs that perform some set of certificate management, archive management, key management, and token management functions for a community of users" that employ public key cryptography [6]. In this definition, the term CA comprises the more specific term AA.

Many standardization bodies have been working in the field of public key certificates and PKIs. The Telecommunication Standardization Sector of the International Telecommunication Union (ITU-T) has released and has been periodically updating a recommendation that is commonly referred to as X.509 [8]. Meanwhile, the ITU-T recommendation X.509 has also been adopted by many other standardization bodies, including, for example, the ISO/IEC JTC1 [9] and the IETF (as further addressed in Section 19.4).

^[1]In the past, CAs were often called trusted third parties (TTPs). This is particularly true for CAs that are operated by government bodies.

Team-Fly