Towards Simplifying PKI Implementation: Client-Server based Validation of Public Key Certificates

TL;DR

This paper presents a client-server system for real-time public key certificate validation using DVCS protocols, allowing flexible integration of validation mechanisms and tradeoffs between security, timeliness, and resources.

Contribution

It introduces a practical implementation of a certificate validation system that supports multiple protocols and configurable options for optimized performance.

Findings

Supports dynamic selection of validation protocols

Enables tradeoffs between security, timeliness, and resources

Provides a flexible, extensible validation framework

Abstract

With real-time certificate validation checking, a public-key-using system that needs to validate a certificate executes a transaction with a specialized validation party. At the end of the transaction the validation party returns an indication about the validity status of the certificate. This paper analysis the public key (PbK) certificate validation service from a practical point of view by describing the implementation of a system that makes use of the Data Validation and Certification Server (DVCS) protocols to provide certificate validation service to the Relying Parties (RPs). However the system is not restricted to use only the specified protocol and allows the integration of other validation protocols or mechanisms. Our implementation efforts emphasize the possibility to pursue a specific RP tradeoff between timeliness, security and computational resource usage via dynamic selection of several configurable options.