Certification Practice Statement

Abstract: Open networks allow users to communicate without any prior arrangements such as contractual agreement or organisation membership. However, the very nature of open networks makes authenticity di cult to verify. We show that authentication can not be based on public key certi cates alone, but also needs to include the binding between the key used for certi cation and it's owner, as well as the trust relationships between users. We develop a simple algebra around these elements and describe how it can be used to compute measures of authenticity.

Abstract: A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.

Abstract: This document presents a framework to assist the writers of certificate policies or certification practice statements for participants within public key infrastructures, such as certification authorities, policy authorities, and communities of interest that wish to rely on certificates. In particular, the framework provides a comprehensive list of topics that potentially (at the writer's discretion) need to be covered in a certificate policy or a certification practice statement. This document supersedes RFC 2527.

Abstract: The notion of secret-key certificate schemes is introduced and formalized. As with public-key certificates, triples consisting of a secret key, a corresponding public key, and a secret-key certificate on the public key can only be retrieved by engaging in an issuing protocol with the issuer. The difference with public-key certificates is that pairs consisting of a public key and a secret-key certificate on the public key can be generated by anyone, with a distribution that is indistinguishable from the distribution according to which they are generated in the issuing protocol. Secret-key certificates offer the same functionality as do public-key certificates, because there is no point in using a public-key certificate scheme if the cryptographic actions that are to be performed with respect to a certified public key can be performed without knowing a corresponding secret key. The existence of efficient and secure secret-key certificate schemes is demonstrated by a generally applicable technique for deriving such schemes from signature schemes of a well-known type. The new notion is believed to be of interest in its own right, as it demonstrates an alternative to a stale paradigm in cryptography. More important are the practical advantages: secret-key certificates are better suited for the design of privacy-protecting mechanisms for signature transport, and can be used to construct secure public-key directories and conditional access mechanisms that provably do not leak information that can be of help to forge certificates.