An overview of PKI trust models

If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI)...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE network 1999-11, Vol.13 (6), p.38-43
1. Verfasser:	Perlman, R.
Format:	Artikel
Sprache:	eng
Schlagworte:	Cats Certification Computer aided instruction Computer information security Content addressable storage Cybersecurity Data encryption Flexibility Humans Internet IP (Internet Protocol) Keys Protocol (computers) Public key Security Sun Virtual private networks
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	43
container_issue	6
container_start_page	38
container_title	IEEE network
container_volume	13
creator	Perlman, R.
description	If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable secure, convenient, and efficient discovery of public keys. It should be applicable within as well as between organizations, and scalable to support the Internet. There are various types of PKI that are widely deployed or have been proposed. They differ in the configuration information required, trust rules, and flexibility. There are standards such as X.509 and PKIX, but these are sufficiently flexible so that almost any model of PKI can be supported. We describe several types of PKI and discuss the advantages and disadvantages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model.
doi_str_mv	10.1109/65.806987
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_miscellaneous_28787775</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>806987</ieee_id><sourcerecordid>27204340</sourcerecordid><originalsourceid>FETCH-LOGICAL-c368t-cd9690b6f13229909ce57c8f2023e9b02e58cc4d32e902810ea9a35c9b2cfd893</originalsourceid><addsrcrecordid>eNqF0L1Lw0AYBvBDFKzVwdXF4CA6pL53l_saS_GjWNBBwe1IL28gJe3Vu6TS_96UFAcHnd7h_fHA8xByTmFEKZg7KUYapNHqgAyoEDqlQn4ckgFoA6mGLDsmJzEuAGgmOBuQy_Eq8RsMmwq_El8mr8_TpAltbJKlL7COp-SozOuIZ_s7JO8P92-Tp3T28jidjGep41I3qSuMNDCXJeWMGQPGoVBOlwwYRzMHhkI7lxWcoQGmKWBuci6cmTNXFtrwIbnuc9fBf7YYG7usosO6zlfo22iZVlopJf6HikHGM-jgzZ-QUi55t5SgHb36RRe-Dauur2WMCyWp3uXd9sgFH2PA0q5DtczD1lKwu-2tFLbfvrMXva0Q8cftn98RNXqi</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>223576180</pqid></control><display><type>article</type><title>An overview of PKI trust models</title><source>IEEE Electronic Library (IEL)</source><creator>Perlman, R.</creator><creatorcontrib>Perlman, R.</creatorcontrib><description>If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable secure, convenient, and efficient discovery of public keys. It should be applicable within as well as between organizations, and scalable to support the Internet. There are various types of PKI that are widely deployed or have been proposed. They differ in the configuration information required, trust rules, and flexibility. There are standards such as X.509 and PKIX, but these are sufficiently flexible so that almost any model of PKI can be supported. We describe several types of PKI and discuss the advantages and disadvantages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model.</description><identifier>ISSN: 0890-8044</identifier><identifier>EISSN: 1558-156X</identifier><identifier>DOI: 10.1109/65.806987</identifier><identifier>CODEN: IENEET</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Cats ; Certification ; Computer aided instruction ; Computer information security ; Content addressable storage ; Cybersecurity ; Data encryption ; Flexibility ; Humans ; Internet ; IP (Internet Protocol) ; Keys ; Protocol (computers) ; Public key ; Security ; Sun ; Virtual private networks</subject><ispartof>IEEE network, 1999-11, Vol.13 (6), p.38-43</ispartof><rights>Copyright Institute of Electrical and Electronics Engineers, Inc. (IEEE) Nov/Dec 1999</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c368t-cd9690b6f13229909ce57c8f2023e9b02e58cc4d32e902810ea9a35c9b2cfd893</citedby><cites>FETCH-LOGICAL-c368t-cd9690b6f13229909ce57c8f2023e9b02e58cc4d32e902810ea9a35c9b2cfd893</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/806987$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27923,27924,54757</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/806987$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Perlman, R.</creatorcontrib><title>An overview of PKI trust models</title><title>IEEE network</title><addtitle>NET-M</addtitle><description>If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable secure, convenient, and efficient discovery of public keys. It should be applicable within as well as between organizations, and scalable to support the Internet. There are various types of PKI that are widely deployed or have been proposed. They differ in the configuration information required, trust rules, and flexibility. There are standards such as X.509 and PKIX, but these are sufficiently flexible so that almost any model of PKI can be supported. We describe several types of PKI and discuss the advantages and disadvantages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model.</description><subject>Cats</subject><subject>Certification</subject><subject>Computer aided instruction</subject><subject>Computer information security</subject><subject>Content addressable storage</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Flexibility</subject><subject>Humans</subject><subject>Internet</subject><subject>IP (Internet Protocol)</subject><subject>Keys</subject><subject>Protocol (computers)</subject><subject>Public key</subject><subject>Security</subject><subject>Sun</subject><subject>Virtual private networks</subject><issn>0890-8044</issn><issn>1558-156X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>1999</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNqF0L1Lw0AYBvBDFKzVwdXF4CA6pL53l_saS_GjWNBBwe1IL28gJe3Vu6TS_96UFAcHnd7h_fHA8xByTmFEKZg7KUYapNHqgAyoEDqlQn4ckgFoA6mGLDsmJzEuAGgmOBuQy_Eq8RsMmwq_El8mr8_TpAltbJKlL7COp-SozOuIZ_s7JO8P92-Tp3T28jidjGep41I3qSuMNDCXJeWMGQPGoVBOlwwYRzMHhkI7lxWcoQGmKWBuci6cmTNXFtrwIbnuc9fBf7YYG7usosO6zlfo22iZVlopJf6HikHGM-jgzZ-QUi55t5SgHb36RRe-Dauur2WMCyWp3uXd9sgFH2PA0q5DtczD1lKwu-2tFLbfvrMXva0Q8cftn98RNXqi</recordid><startdate>19991101</startdate><enddate>19991101</enddate><creator>Perlman, R.</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>F28</scope><scope>FR3</scope></search><sort><creationdate>19991101</creationdate><title>An overview of PKI trust models</title><author>Perlman, R.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c368t-cd9690b6f13229909ce57c8f2023e9b02e58cc4d32e902810ea9a35c9b2cfd893</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>1999</creationdate><topic>Cats</topic><topic>Certification</topic><topic>Computer aided instruction</topic><topic>Computer information security</topic><topic>Content addressable storage</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Flexibility</topic><topic>Humans</topic><topic>Internet</topic><topic>IP (Internet Protocol)</topic><topic>Keys</topic><topic>Protocol (computers)</topic><topic>Public key</topic><topic>Security</topic><topic>Sun</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Perlman, R.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><jtitle>IEEE network</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Perlman, R.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An overview of PKI trust models</atitle><jtitle>IEEE network</jtitle><stitle>NET-M</stitle><date>1999-11-01</date><risdate>1999</risdate><volume>13</volume><issue>6</issue><spage>38</spage><epage>43</epage><pages>38-43</pages><issn>0890-8044</issn><eissn>1558-156X</eissn><coden>IENEET</coden><abstract>If Alice and Bob each know their own private key and the other's public key, they can communicate securely, through any number of public key based protocols such as IPSec, PGP, S/MIME, or SSL. However, how do they know each other's public keys? The goal of a public key infrastructure (PKI) is to enable secure, convenient, and efficient discovery of public keys. It should be applicable within as well as between organizations, and scalable to support the Internet. There are various types of PKI that are widely deployed or have been proposed. They differ in the configuration information required, trust rules, and flexibility. There are standards such as X.509 and PKIX, but these are sufficiently flexible so that almost any model of PKI can be supported. We describe several types of PKI and discuss the advantages and disadvantages of each. We argue against several popular and widely deployed models as being insecure, unscalable, or overly inconvenient. We also recommend a particular model.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/65.806987</doi><tpages>6</tpages></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 0890-8044
ispartof	IEEE network, 1999-11, Vol.13 (6), p.38-43
issn	0890-8044 1558-156X
language	eng
recordid	cdi_proquest_miscellaneous_28787775
source	IEEE Electronic Library (IEL)
subjects	Cats Certification Computer aided instruction Computer information security Content addressable storage Cybersecurity Data encryption Flexibility Humans Internet IP (Internet Protocol) Keys Protocol (computers) Public key Security Sun Virtual private networks
title	An overview of PKI trust models
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T10%3A32%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20overview%20of%20PKI%20trust%20models&rft.jtitle=IEEE%20network&rft.au=Perlman,%20R.&rft.date=1999-11-01&rft.volume=13&rft.issue=6&rft.spage=38&rft.epage=43&rft.pages=38-43&rft.issn=0890-8044&rft.eissn=1558-156X&rft.coden=IENEET&rft_id=info:doi/10.1109/65.806987&rft_dat=%3Cproquest_RIE%3E27204340%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=223576180&rft_id=info:pmid/&rft_ieee_id=806987&rfr_iscdi=true