Certifying trust

  • Ilari Lehti
  • Pekka Nikander
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)


A basic function of all signatures, digital or not, is to express trust and authority, explicit or implied. This is especially the case with digital signatures used in certificates. In this paper, we study the trust relationships expressed by the certificates used in X.509, PGP and SPKI. Especially, we present and revise the idea of a certificate loop, or a loop of certificates from the verifying party to the communicating peer, requesting access or acceptance. We also show how that kind of certificate loops can be used to explicitly express security policy decisions. In the end of the paper, we briefly describe our own SPKI implementation that is specially tailored towards policy management. The implementation is based on Java and build using Design Patterns. It functions as a separate process, providing security services to the local kernel and applications.


Trust Model Design Pattern Security Policy Trust Relationship Certification Authority 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Needham, R.: Robustness principles for public key protocols, In Proceeings of Crypto'95, 1995.Google Scholar
  2. 2.
    Atkinson, R.: Security Architecture for Internet Protocol, RFC 1825, Naval Research Laboratory, 1995.Google Scholar
  3. 3.
    Beth, T., Borcherding, M., Klein, B.: Valuation of Trust in Open Networks, University of Karlsruhe, 1994.Google Scholar
  4. 4.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management, In Proceedings of the IEEE Conference on Security and Privacy, 1996.Google Scholar
  5. 5.
    Chadwick, D., Young, A.: Merging and Extending the PGP and PEM Trust Models — The ICE-TEL Trust Model, IEEE Network Magazine, May/June, 1997.Google Scholar
  6. 6.
    Ellison, C.: Establishing Identity Without Certification Authorities, In Proceedings of the USENIX Security Symposium, 1996.Google Scholar
  7. 7.
    Ellison, C.: Generalized Certificates, Scholar
  8. 8.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns — Elements of Reusable Object-Oriented Software, Addison-Wesley, 1995.Google Scholar
  9. 9.
    Karila, A.: Open Systems Security — an Architectural Framework, dissertation, Helsinki University of Technology, 1991.Google Scholar
  10. 10.
    Landau, C.: Security in a Secure Capability-Based System, Operating Systems Review, pp. 2–4, October 1989.Google Scholar
  11. 11.
    Milne, A. A.: Winnie-the-Pooh, The House at Pooh Corner, Methuen Children's Books, 1928.Google Scholar
  12. 12.
    Zimmermann, P.: The Official PGP Users Guide, MIT Press, 1995.Google Scholar
  13. 13.
    Housley, R., Ford, W., Polk, W, Solo, D.: Internet Public Key Infrastructure, Part I: X.509 Certificate and CRL Profile, draft-ietf-pkix-ipki-part1-05.txt, 1997.Google Scholar
  14. 14.
    Rivest, R., Lampson, B.: SDSI — A Simple Distributed Security Infrastructure, 1996.Google Scholar
  15. 15.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: Simple Public Key Certificate, Internet Draft, draft-ietf-spki-cert-structure-02.txt, 1997.Google Scholar
  16. 16.
    International Telegraph and Telephone Consultative Committee (CCITT): Recommendation X.509, The Directory — Authentication Framework, CCITT Blue Book, Vol VIII.8, pp. 48–81, 1988.Google Scholar
  17. 17.
    Yahalom, R., Klein, B., Beth, T.: Trust Relationships in Secure Systems — A Distributed Authentication Perspective, In Proceedings of the IEEE Conference on Research in Security and Privacy, 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Ilari Lehti
    • 1
  • Pekka Nikander
    • 1
  1. 1.Department of Computer ScienceHelsinki University of TechnologyEspooFinland

Personalised recommendations