Skip to main content
Kent Academic Repository

The Implementation of a System for Evaluating Trust in a PKI Environment

Ball, E. and Chadwick, David W. and Basden, Andrew (2003) The Implementation of a System for Evaluating Trust in a PKI Environment. In: Petrovic, Otto and Ksela, Michael and Fallenbock, Markus and Kitti, Christian, eds. Trust in the Network Economy. Springer-Verlag, Austria, pp. 263-279. ISBN 3-211-06853-8. (doi:10.1007/978-3-7091-6088-6_16) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:13846)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided.
Official URL:
http://www.cs.kent.ac.uk/pubs/2003/2126

Abstract

This paper describes a system that allows the trust index of a Certification Authority (CA) to be computed both statically and dynamically. Static calculation is based on a CA's published Certificate Policy (CP) and Certification Practice Statement (CPS), whilst dynamic calculation is based on the actual current practices of the CA. At the heart of the system is an expert system that has knowledge about the factors that are important in computing the trust in a CA. Static calculation may be performed in one of two ways. In Method 1, the expert system asks the user (the CA's relying party) a series of questions, which he can answer by consulting the published CP/CPS of the CA. In Method 2, the expert system asks the same questions to a CPS Server, which takes its answers from an XML formatted CPS. This requires the CA administrator to first produce an XML formatted CPS, which we describe, and publish this in its LDAP directory along with its public key certificates and revocation lists. We describe the CPS server, which retrieves the XML CPS's as signed attribute certificates, and feeds answers to the questions posed by the expert system using a Simple SOAP protocol that we have designed. Dynamic calculation of the trust index may be based on information gathered from up to five sources: an Audit Certificate created by the external auditors of the CA, dynamic performance monitoring of the CA's rate of publication of Certificate Revocation Lists, information gathered by the relying party, information gathered by the subscriber, and information gathered about the vendor of the CA's PKI software. We have currently implemented the first two of these. The software has been written in Java and also provides tools that enable Audit Certificates and CPSs to be prepared and published.

Item Type: Book section
DOI/Identification number: 10.1007/978-3-7091-6088-6_16
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:00 UTC
Last Modified: 05 Nov 2024 09:47 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/13846 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.