The PKC-only application security model ...

Anne & Lynn Wheeler lynn at garlic.com
Wed Jul 23 17:21:37 EDT 2008


Thierry Moreau wrote:
> A)    The big picture refers to the "PKC-only application security 
> scheme", in which client-server applications may be secured with 
> client-side public key pairs, but *no trusted certification authority* 
> is involved (server operators are expected to maintain a trusted 
> database of their clients' public keys).
original PK-init (public key) draft for Kerberos was (only) 
certificateless public key operation ...
i.e. kerberos server operators maintaining trusted database of their 
clients' public keys (in
lieu of passwords) ... PKI/certificate mode of operation was eventually 
added to the specification.
lots of past posts about  certificateless public key kerberos
http://www.garlic.com/~lynn/subpubkey.html#kerberos

similar implementation was done for RADIUS
http://www.garlic.com/~lynn/subpubkey.html#radius

general posts about certificateless (sometimes "naked") public key
http://www.garlic.com/~lynn/subpubkey.html#certless

X9.59 is financial transaction standard also using certificateless 
public key operation
http://www.garlic.com/~lynn/x959.html#x959

part of the issue was that in the mid-90s, the x9a10 financial standard 
working group
had been given the requirement to preserve the integrity of the 
financial infrastructure
for all retail payments. One of the issues for x9.59 was that it had to 
be lightweight enough
to operate in existing infrastructures. Some of the certificate-oriented 
payment transaction
standards from the period resulted in factor of 100 times (two orders of 
magnitude) payload
(i.e. certificate payload overhead could be 100 times larger than basic 
payment transaction)
and processing (i.e. certificate processing overhead could be 100 times 
larger than basic
payment transaction) bloat
http://www.garlic.com/~lynn/subpubkey.html#bloat

general discussions of the "account authority public key" model (as 
contrast to
"certification authority public key" model)
http://www.garlic.com/~lynn/x959.html#aads

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list