REFERENCES

R. Oppliger, Security Technologies for the World Wide Web, Artech House Publishers, Norwood, MA, 2000.

R. Oppliger, Secure Messaging with PGP and S/MIME, Artech House, Norwood, MA, 2001.

W. Ford and M. S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures & Encryption, 2nd edition, Prentice Hall PTR, Upper Saddle River, NJ, 2000.

J. Feghhi, J. Feghhi, and P. Williams, Digital Certificates: Applied Internet Security, Addison-Wesley Longman, Reading, MA, 1999.

C. Adams and S. Lloyd, Understanding the Public-Key Infrastructure, New Riders Publishing, Indianapolis, IN, 1999.

R. Shirey, "Internet Security Glossary," Request for Comments 2828, May 2000.

L. M. Kohnfelder, "Towards a Practical Public-Key Cryptosystem," Bachelor's thesis, Massachusetts Institute of Technology, Cambridge, MA, May 1978.

ITU-T, Recommendation X.509: The Directory—Authentication Framework, 1988.

ISO/IEC 9594-8, Information Technology—Open Systems Interconnection—The Directory Part 8: Authentication Framework, 1990.

C. Ellison, "Establishing Identity Without Certification Authorities," Proceedings of USENIX Security Symposium, July 1996.

R. L. Rivest and B. Lampson, "SDSI—A Simple Distributed Security Infrastructure," April 1996.

M. Abadi, "On SDSI's Linked Local Name Spaces," Proceedings of 10th IEEE Computer Security Foundations Workshop, June 1997, pp. 98-108.

C. Ellison, "SPKI Requirements," Request for Comments 2692, September 1999.

C. Ellison, et al., "SPKI Certificate Theory," Request for Comments 2693, September 1999.

J. Feigenbaum, "Towards an Infrastructure for Authorization," position paper, Proceedings of USENIX Workshop on Electronic Commerce, 1998.

R. Oppliger, G. Pernul, and C. Strauss, "Using Attribute Certificates to Implement Role-Based Authorization and Access Control Models," Proceedings of 4. Fachtagung Sicherheit in Informationssystemen (SIS 2000), October 2000, pp. 169–184.

R. Housley, et al., "Internet X.509 Public Key Infrastructure Certificate and CRL Profile," Request for Comments 2459, January 1999.

C. Adams, "Internet X.509 Public Key Infrastructure Certificate Management Protocols," Request for Comments 2510, March 1999.

M. Myers, et al., "Internet X.509 Certificate Request Message Format," Request for Comments 2511, March 1999.

S. Chokhani and W. Ford, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework," Request for Comments 2527, March 1999.

R. Housley and W. Polk, "Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates," Request for Comments 2528, March 1999.

S. Boeyen, T. Howes, and P. Richard, "Internet X.509 Public Key Infrastructure Operational Protocols—LDAPv2," Request for Comments 2559, April 1999.

Y. Yeong, T. Howes, and S. Kille, "Lightweight Directory Access Protocol," Request for Comments 1777, March 1995.

S. Boeyen, T. Howes, and P. Richard, "Internet X.509 Public Key Infrastructure LDAPv2 Schema," Request for Comments 2587, June 1999.

R. Housley and P. Hoffman, "Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP," Request for Comments 2585, May 1999.

M. Myers, et al., "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP," Request for Comments 2560, June 1999.

M. Myers, et al., "Certificate Management Messages over CMS," Request for Comments 2797, April 2000.

H. Prafullchandra and J. Schaad, "Diffie-Hellman Proof-of-Possession Algorithms," Request for Comments 2875, July 2000.

S. Santesson, et al., "Internet X.509 Public Key Infrastructure Qualified Certificates Profile," Request for Comments 3039, January 2001.

C. Adams, et al., "Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols," Request for Comments 3029, February 2001.

U. M. Maurer and P. E. Schmid, "A Calculus for Secure Channel Estabishment in Open Networks," Proceedings of European Symposium on Research in Computer Security (ESORICS), 1994, pp. 175–192.

U. M. Maurer, "Modelling a Public-Key Infrastructure," Proceedings of European Symposium on Research in Computer Security (ESORICS), 1996, pp. 325–350.

R. Kohlas and U. M. Maurer, "Reasoning About Public-Key Certification: On Bindings Between Entities and Public Keys," Proceedings of Financial Cryptography, 1999.

R. Kohlas and U. M. Maurer, "Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence," Proceedings of the International Workshop on Practice and Theory in Public-Key Cryptography, 2000.

M. Blaze, J. Feigenbaum, and J. Lacy, "Decentralized Trust Management," Proceedings of IEEE Conference on Security and Privacy, 1996, pp. 164–173.

M. Blaze, J. Feigenbaum, and M. Strauss, "Compliance-Checking in the PolicyMaker Trust-Management System," Proceedings of Financial Cryptography, 1998, pp. 251–265.

M. Blaze, et al., "The KeyNote Trust-Management System Version 2," Request for Comments 2704, September 1999.

D. Geer, "Risk Management Is Where the Money Is," November 1998, electronic version available at http://catloss.ncl.ac.uk/Risks/20.06.html#subj1.

R. Oppliger, A. Greulich, and P. Trachsel, "A Distributed Certificate Management System (DCMS) Supporting Group-Based Access Controls," Proceedings of Annual Computer Security Applications Conference (ACSAC '99), 1999, pp. 241–248.

A. D. Rubin, D. Geer, and M. J. Ranum, Web Security Sourcebook, John Wiley & Sons, Inc., New York, 1997.

M. Lomas, "Untrusted Third Parties: Key Management for the Prudent," Report on DIMACS Workshop on Trust Management, 1996.

S. A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy, MIT Press, Cambridge, MA, 2000.