This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Certification Authorities Under Attack: A Plea for Certificate Legitimation
Jan.-Feb. 2014 (vol. 18 no. 1)
pp. 40-47
Rolf Oppliger, eSecurity Technologies
Several recent attacks against certification authorities (CAs) and fraudulently issued certificates have put the security and usefulness of the Internet public-key infrastructure (PKI) at stake. In this article, the author argues that such attacks are likely to occur repeatedly and that respective countermeasures must be designed, implemented, and put in place. In particular, he discusses two problem areas in which countermeasures are needed: certificate revocation and certificate authorization. Both areas are related and can be subsumed under the term "certificate legitimation."' The author introduces the notion of certificate legitimation, discusses some recent proposals, and outlines new areas of research and development.
Index Terms:
Internet,Public key cryptography,Certification,Software development,Face recognition,Computer security,Computer crime,certificate legitimation,Internet security,public-key certificates,public-key infrastructure,SSL,TLS,man-in-the-middle attack,certificate revocation,certificate authorization
Citation:
Rolf Oppliger, "Certification Authorities Under Attack: A Plea for Certificate Legitimation," IEEE Internet Computing, vol. 18, no. 1, pp. 40-47, Jan.-Feb. 2014, doi:10.1109/MIC.2013.5
Usage of this product signifies your acceptance of the Terms of Use.