Providing public key certificate authorization and policy with DNS

Show simple item record

dc.contributor.advisor Border, Charles en_US
dc.contributor.advisor Johnson, Daryl en_US
dc.contributor.advisor Pan, Yin en_US
dc.contributor.advisor Stackpole, Bill en_US Lidestri, Matthew 2012-07-18T19:01:30Z 2012-07-18T19:01:30Z 2012
dc.description.abstract Public Key Infrastructure (PKI) instills trust in certificates commonly used to secure email, web traffic, VPNs, file transfers, and other forms of network communication. Due to a number of successful attacks against certificate authorities, malicious parties have illegitimately acquired trusted certificates for widely used online services, government agencies, and other important organizations. These incidents, and the potential for future attacks of a similar nature, present notable risk to PKI and global security as a whole. The proposed Certificate Policy Framework (CPF) offers a mechanism for organizations to control which certificates are authorized to authenticate their services. This DNS-based protocol allows organizations to publish an access control list for any given hostname, where each entry in the ACL identifies a certificate and indicates whether the certificate should be blocked, warned upon, or permitted. Similarly, any CPF-compatible application can query DNS for CPF records to verify the integrity of the certificate from an authoritative viewpoint. In this work, we review limitations in PKI and certificate-based security and review existing work in this area. We will also discuss CPF in greater detail and demonstrate how it can be used to augment PKI to strengthen this widely adopted technology.
dc.language.iso en_US
dc.relation RIT Scholars content from RIT Digital Media Library has moved from to RIT Scholar Works, please update your feeds & links!
dc.subject Breach en_US
dc.subject Certificate authority en_US
dc.subject DNS en_US
dc.subject Public key infrastructure en_US
dc.subject SSL en_US
dc.subject.lcc QA76.9.A25 L54 2012
dc.subject.lcsh Public key infrastructure (Computer security)
dc.subject.lcsh Internet domain names
dc.subject.lcsh Internet addresses
dc.title Providing public key certificate authorization and policy with DNS
dc.type Thesis

Files in this item

Files Size Format View Description
MLidestriThesis2-28-2012.pdf 633.2Kb PDF View/Open Thesis
MLidestriSupplement.pdf 424.5Kb PDF View/Open Supplement

This item appears in the following Collection(s)

Show simple item record

Search RIT DML

Advanced Search