Towards Simplifying PKI Implementation: Client-Server based Validation of Public Key Certificates

by   Diana Berbecaru, et al.

With real-time certificate validation checking, a public-key-using system that needs to validate a certificate executes a transaction with a specialized validation party. At the end of the transaction the validation party returns an indication about the validity status of the certificate. This paper analysis the public key (PbK) certificate validation service from a practical point of view by describing the implementation of a system that makes use of the Data Validation and Certification Server (DVCS) protocols to provide certificate validation service to the Relying Parties (RPs). However the system is not restricted to use only the specified protocol and allows the integration of other validation protocols or mechanisms. Our implementation efforts emphasize the possibility to pursue a specific RP tradeoff between timeliness, security and computational resource usage via dynamic selection of several configurable options.


page 1

page 2

page 3

page 4


Dynamic proofs of retrievability with low server storage

Proofs of Retrievability (PoRs) are protocols which allow a client to st...

Preliminary steps in designing and implementing a privilege verifier for PMI

We have designed and deployed a system that uses X.509 public-key certif...

Hardening X.509 Certificate Issuance using Distributed Ledger Technology

The security of cryptographic communication protocols that use X.509 cer...

Transferable Cross-Chain Options

An option is a financial agreement between two parties to trade two asse...

Formalizing Cost Fairness for Two-Party Exchange Protocols using Game Theory and Applications to Blockchain (Extended Version)

Existing fair exchange protocols usually neglect consideration of cost w...

Stalloris: RPKI Downgrade Attack

We demonstrate the first downgrade attacks against RPKI. The key design ...

Surfing the Web quicker than QUIC via a shared Address Validation

QUIC is a performance-optimized secure transport protocol and a building...