Certification Authorities Under Attack: A Plea for Certificate Legitimation

被引：9

作者：

Oppliger, Rolf ^{[1
]}

机构：

[1] ESecur Technol, Singapore, Singapore

来源：

IEEE INTERNET COMPUTING | 2014年 / 18卷 / 01期

关键词：

certificate authorization; certificate legitimation; certificate revocation; Internet security; man-in-the-middle attack; public-key certificates; public-key infrastructure; SSL; TLS;

D O I：

10.1109/MIC.2013.5

中图分类号：

TP31 [计算机软件];

学科分类号：

081205 [计算机软件];

摘要：

Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have called into question the Internet public-key infrastructure's security and usefulness. Because such attacks are likely to occur repeatedly, countermeasures must be designed, implemented, and put in place. Two particular problem areas in which countermeasures are needed are certificate revocation and certificate authorization. These related areas, which can be subsumed under the term "certificate legitimation," are the subject of several recent proposals and are ripe for new areas of research and development.

引用

页码：40 / 47

页数：8