Rolf Oppliger , eSECURITY Technologies , Guemligen
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MIC.2013.5
In the recent past, we have seen several attacks against certification authorities (CAs) and fraudulently issued certificates that put the security and usefulness of what we see as the Internet public key infrastructure (PKI) at stake. In this article, we argue that such attacks are likely to occur again and again, and that respective countermeasures must be designed, implemented, and put in place. In particular, we see two problem areas in which countermeasures are needed: certificate revocation and certificate authorization. Both areas are related and can be subsumed under the term "certificate legitimation." We introduce the notion of certificate legitimation, discuss and put into perspective some recent proposals, and outline new areas of research and development.
Rolf Oppliger, "Certification Authorities under Attack: A Plea for Certificate Legitimation", IEEE Internet Computing, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/MIC.2013.5