Cleaning up the PKI for Long-term Signatures

AutorVigil, Martín; Custódio, Ricardo Felipe
ArtConference Proceedings
AbstraktIn this paper we present a new approach for the conventional X.509 Public Key Infrastructures (PKI). Our goal is to reduce the effort to handle sig- natures in the long term. The novelty is that a Root CA reissues subordinate certificates of final users, but adjusting validity periods to exclude the periods after a revocation. The Root CA also authenticates timestamps. The result is the cleaned PKI, which is simpler than the conventional PKI because: a) there is no revocation; b) there is no intermediary Certification Authority; c) signatures are trustworthy as long as the used cryptographic algorithms remain secure. As benefits, we reduce the need of timestamps and consequently the demand for storage space and processing time to use signed documents.
In12th SBSeg 2012, Brazilian Symposium on Information and Computer System Security, p.140-153
PublisherBrazilian Computer Society