Massimiliano P.

With the need to evolve the cryptography used in today applications, devices, and networks, there might be many scenarios where the use of a single-key certificate is not sufficient. For example, there might be the need for migrating between two existing algorithms (e.g., from classic to post-quantum) or there might be the need to test the capabilities of devices via test drivers and/or non-standard algorithms.

Differently from the situation where algorithms are not yet (or no more)… Show more

With the need to evolve the cryptography used in today applications, devices, and networks, there might be many scenarios where the use of a single-key certificate is not sufficient. For example, there might be the need for migrating between two existing algorithms (e.g., from classic to post-quantum) or there might be the need to test the capabilities of devices via test drivers and/or non-standard algorithms.

Differently from the situation where algorithms are not yet (or no more) trusted to be used by themselves, this document addresses the use of multiple keys and signatures that can be individually trusted to implement a generic 1-threshold and K-threshold signature validation procedures.

This document provides the definition of a new type of multi-algorithm public key and relies on the definition of CompositePrivateKey, and CompositeSignature which are sequences of the respective structure for each component algorithm as defined in [I-D.ounsworth-pq-composite-sigs] and
[I-D.ounsworth-pq-composite-sigs]. Show less

The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for the required data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptalanysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics as well as hardware and software implementations that have not had sufficient… Show more

The migration to post-quantum cryptography is unique in the history of modern digital cryptography in that neither the old outgoing nor the new incoming algorithms are fully trusted to protect data for the required data lifetimes. The outgoing algorithms, such as RSA and elliptic curve, may fall to quantum cryptalanysis, while the incoming post-quantum algorithms face uncertainty about both the underlying mathematics as well as hardware and software implementations that have not had sufficient maturing time to rule out classical cryptanalytic attacks and implementation bugs.

Cautious implementors may wish to layer cryptographic algorithms such that an attacker would need to break all of them in order to compromise the data being protected using either a Post-Quantum / Traditional Hybrid, Post-Quantum / Post-Quantum Hybrid, or combinations thereof. This document, and its companions, defines a specific instantiation of hybrid paradigm called "composite" where multiple cryptographic algorithms are combined to form a single key, signature, or key encapsulation mechanism (KEM) such that they can be treated as a single atomic object at the protocol level.

This document defines the structures CompositePublicKey and CompositePrivateKey, which are sequences of the respective structure for each component algorithm. The generic composite variant is defined which allows arbitrary combinations of key types to be placed in the CompositePublicKey and CompositePrivateKey structures without needing the combination to be pre-registered or pre-agreed. The explicit variant is alxso defined which allows for a set of algorithm identifier OIDs to be registered together as an explicit composite algorithm and assigned an OID. Show less

One of the most strategic problems for Internet Certification Authorities (ICAs) is the provisioning of revocation information in an efficient way. Current approaches for the distribution of OCSP responses over HTTP do not provide efficient solutions for the high volume of traffic that Internet CAs face when providing services for highly utilized websites. This document describes a new transport protocol for OCSP responses to efficiently provide revocation information about digital… Show more

One of the most strategic problems for Internet Certification Authorities (ICAs) is the provisioning of revocation information in an efficient way. Current approaches for the distribution of OCSP responses over HTTP do not provide efficient solutions for the high volume of traffic that Internet CAs face when providing services for highly utilized websites. This document describes a new transport protocol for OCSP responses to efficiently provide revocation information about digital certificates. In particular, this specification defines how to distribute OCSP responses over DNS and how to define OCSP-over-DNS URLs in certificates. The use of the DNS system to distribute such information is meant to lower the costs of providing revocation services and increase the availability of revocation information by using the distributed nature of the DNS infrastructure. Show less

Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support… Show more

Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support system for trust infrastructure deployment: the Public Key System (PKS). We describe the general architecture based on Distributed Hash Tables (DHTs), how it simplifies the deployment and usability of federated identities, and how existing infrastructures can be integrated into our system. This paper lays down the basis for the deployment of collaborative Internet-scale trust infrastructures. Show less

Public Key cryptography has become, in many environments, a fundamental building block for authentication purposes. Although many applications already support the usage of Public Key Certificates (PKCs), the usability of the many security features and their understanding by users is still not fully addressed. Moreover, with the increasing number of services offered via Internet and their impact on many aspects of everyday life of millions of users, the need to address usability of security is… Show more

Public Key cryptography has become, in many environments, a fundamental building block for authentication purposes. Although many applications already support the usage of Public Key Certificates (PKCs), the usability of the many security features and their understanding by users is still not fully addressed. Moreover, with the increasing number of services offered via Internet and their impact on many aspects of everyday life of millions of users, the need to address usability of security is compelling. In our work we provide a usability study that highlights the status of the current User Interfaces (UIs) in browsers. In particular we focus our attention on the effectiveness of the messages related to website authentication. We also provide a set of guidelines aimed at improving the user experience and the incisiveness of security-related warnings. A prototype of a user interface is provided and analyzed. Show less

An increasing number of services and protocols are being defined to address different needs of users and administrators of PKIs. With the deployment of new applications and services, the need to access information and services provided by Certificate Service Providers (CSPs) is critical. Currently Certification Authorities (CAs) barel publish access details on their official web sites, this includes URL of provided services and repositories. Using the PRQP, resources provided by a CA can be… Show more

An increasing number of services and protocols are being defined to address different needs of users and administrators of PKIs. With the deployment of new applications and services, the need to access information and services provided by Certificate Service Providers (CSPs) is critical. Currently Certification Authorities (CAs) barel publish access details on their official web sites, this includes URL of provided services and repositories. Using the PRQP, resources provided by a CA can be automatically and securely discovered by an application. Show less