The Community for Technology Leaders
Social Computing / IEEE International Conference on Privacy, Security, Risk and Trust, 2010 IEEE International Conference on (2013)
Alexandria, VA, USA USA
Sept. 8, 2013 to Sept. 14, 2013
pp: 1016-1021
ABSTRACT
X.509 certificates are data structures that bind public key values to subjects. This binding aids in the proper identification and authentication of communicating parties. The current X.509 certificate status validation method is imperfect, and under certain circumstances it is possible to establish a 'secure' connection using a rogue X.509 certificate. This paper reviews the current X.509 certificate status validation check and its limitations, and recommends extending the Online Certificate Status Protocol (OCSP) to include a notary query. We argue that this extension will significantly increase detection of rogue certificates presented during TLS/SSL connections.
INDEX TERMS
Man-in-the-Middle (MitM), Public Key Infrastructure (PKI), Certificate Authority (CA), X.509 Certificate, Secure Socket Layer (SSL), Transport Layer Protocol (TLS), Online Certificate Status Protocol (OCSP), Notary
CITATION

C. Ekechukwu, D. Lindskog and R. Ruhl, "A Notary Extension for the Online Certificate Status Protocol," 2013 International Conference on Social Computing (SocialCom)(SOCIALCOM), Alexandria, VA, USA, 2013, pp. 1016-1021.
doi:10.1109/SocialCom.2013.163
181 ms
(Ver 3.3 (11022016))