The PKC-only application security model ...

Thierry Moreau thierry.moreau at connotech.com
Wed Jul 23 16:07:56 EDT 2008 

Dear all:

This is a two-fold announcement, big picture and specific document 
announcement. The whole thing is "for your information" as security experts.

A)	The big picture refers to the "PKC-only application security scheme", 
in which client-server applications may be secured with client-side 
public key pairs, but *no trusted certification authority* is involved 
(server operators are expected to maintain a trusted database of their 
clients' public keys).

B)	The specific document announcement refers to what is required to 
field the PKC-only application security scheme: explicit meaningless 
security certificates. The reference is "Explicit Meaningless X.509 
Security Certificates as a Specifications-Based Interoperability 
Mechanism", http://www.connotech.com/pkc-only-meaningless-certs.pdf

This post leaves it to your imagination and creativity about how a 
PKC-only security scheme may work in practical details, i.e. how the 
third party trust management may be replaced by first party trust 
management (first party = server operator as the relying party for 
client public keys). I have been doing some work in this area, but I 
have no results to report in a properly written document. Anyway, the 
PKC-only security scheme does not imply significant standardization for 
interoperability among independent service operators.

The document is open for discussion. It covers the minimal provisions 
for PKC-only deployment in the installed base of browsers supporting the 
TLS protocol.

Sometimes in the future, a very reduced version might be prepared as an 
Internet draft intended to the RFC editor publication route (RFC3932) 
with the experimental status (this is different from the individual RFC 
submission route in which the IESG is involved in the document 
publication process but no IETF working group is assigned an editorial 
role).

Good reading.

-- 

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau at connotech.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list