[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKI Modeling

To: Andrew Csinger <csinger@xxxxxxxxx>
Subject: Re: PKI Modeling
From: Dean Povey <povey@xxxxxxxxxxxxxxx>
Date: Fri, 03 Oct 97 11:18:24 +1000
Cc: ietf-pkix@xxxxxxxxxx
In-reply-to: Your message of"Thu, 02 Oct 97 12:22:47 MST." <>

>-----BEGIN PGP SIGNED MESSAGE-----
>
>Building on my dissertation in User Modelling (1995), I've been 
>involved
>in the formation of this kind of effort at Xcert for over a year now 
>and
>would be interested in corresponding.  We've long believed that 
>there's a
>whole lot more to PKI than certificates and CRLs...
>
>Andrew
>
>
>At 14:59 9/29/97 -0400, Robert W. Shirey wrote:
>>Request For Correspondence
>>
>>I'd like to exchange ideas and information with people who are 
>involved in
>>or thinking about building a quantitative, analytical model of PKI 
>for the
>>purpose of estimating costs and predicting other aspects of system
>>performance.
>>
>>Regards, -Rob-
>>

Are you both aware of a paper entitled "Modelling a Public-Key Infrastructure", by Ueli Maurer [Proc. European Symposium on Research in Computer Security (ESORICS' 96), http://www.inf.ethz.ch/personal/maurer/publications.html]

Here is the abstract:

"A global public-key infrastructure (PKI), components of which are emerging in the near future, is a prerequisite for security in distributed systems and for electronic commerce. The purpose of this paper is to propose an approach to modelling and reasoning about a PKI from a user Alice's point of view. Her view, from which she draws conclusions about the authenticity of other entities' public keys and possibly the trustworthiness of other entities, consists of statements about which public keys she believes to be authentic and which entities she believes to be trustworthy, as well as a collection of certificates and recommendations obtained or retrieved from the PKI. The model takes into account recommendations for the trustworthiness of entities. Furthermore, it includes confidence values for statements and can exploit arbitrary certification structures containg multiple intersecting certification paths to achieve a higher confidence value than for any single certification p!
ath. Confidence values are measured on a continuous scal between 0 and 1 and, in contrast to previous work in this area, are interpreted as probabilities in a well-defined random experiment"

This appears to be modelling of trust, rather than cost/performance that you are suggesting, but may give you some ideas.

-- 
+----------------------------------------+-------------------------------+
| Dean Povey,                            |  Email: povey@dstc.edu.au     |
| Research Scientist, Security Unit,     |  Phone: +61 7 3864 2799       | 
| CRC for Distributed Systems Technology |  Fax:   +61 7 3864 1282       |
+----------------------------------------+-------------------------------+

References:
- Re: PKI Modeling
  - From: Andrew Csinger

Prev by Date: Re: Comments on [MANDATORY cert discovery capabiity]
Next by Date: Re: PKIX-2 http
Previous by thread: Re: PKI Modeling
Next by thread: questions about ipki3cmp-04.txt (fwd)
Index(es):
- Date
- Thread