Skip to main content

How Can I Trust an X.509 Certificate? An Analysis of the Existing Trust Approaches

Wazan, Ahmad Samer and Laborde, Romain and Chadwick, David W. and Barrere, Francois and Benzekri, Abdelmalek (2016) How Can I Trust an X.509 Certificate? An Analysis of the Existing Trust Approaches. In: 2016 IEEE 41st Conference on Local Computer Networks (LCN). IEEE, pp. 531-534. ISBN 978-1-5090-2055-3. E-ISBN 978-1-5090-2054-6. (doi:10.1109/LCN.2016.85) (KAR id:62570)

PDF Author's Accepted Manuscript
Language: English
Download (297kB) Preview
[thumbnail of IeeeLCNpublished.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


A Public Key Infrastructure (PKI) is based on a trust model defined by the original X.509 standard and is composed of three entities: the Certification Authority, the certificate holder (subject) and the Relying Party. The CA plays the role of a trusted third party between the subject and the RP. A trust evaluation problem is raised when an RP receives a certificate from an unknown subject that is signed by an unknown CA. Different approaches have been proposed to handle this trust problem. We argue that these approaches work only in the closed deployment model where RPs are also subjects, but cannot work in the open deployment model where they are not. Our objective is to identify the deficiencies in the existing trust approaches that try to help RPs to make trust decisions about certificates in the Internet, and to introduce the new X.509 approach based on a trust broker.

Item Type: Book section
DOI/Identification number: 10.1109/LCN.2016.85
Uncontrolled keywords: topology; certification; law; logic gates; standards; interoperability
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: D. Chadwick
Date Deposited: 07 Aug 2017 13:28 UTC
Last Modified: 16 Feb 2021 13:47 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):


Downloads per month over past year