Skip to main content
Kent Academic Repository

Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

Wazan, Ahmad Samer, Laborde, Romain, Chadwick, David W., Barrere, Francois, Benzekri, Abdelmalek, Habbal, Abid M.M., Kaiiali, Mustafa (2017) Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker. Security and Communication Networks, 2017 (690714). pp. 1-23. ISSN 1939-0114. E-ISSN 1939-0122. (doi:10.1155/2017/6907146) (KAR id:60311)


A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services.

Item Type: Article
DOI/Identification number: 10.1155/2017/6907146
Uncontrolled keywords: Public Key Infrastructure, X.509, Certification Authority, Relying Party, trust model, Trust Broker.
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.76 Computer software
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: David Chadwick
Date Deposited: 10 Feb 2017 10:51 UTC
Last Modified: 04 Mar 2024 16:27 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.