The central goal of Public Key Infrastructure (PKI) is to enable trust judgments between distributed users. Although certificates play a central role in making such judgments, a PKI’s users need more than just knowledge of certificates. Minimally, a relying party must able to locate critical parameters such the certificate repositories and certificate validation servers relevant to the trust path under consideration. Users in other scenarios may require other resources and services. Surprisingly, locating these resources and services remains a largely unsolved problem in real-world X.509 PKI deployment. In this paper, we present the design and prototype of a new and flexible solution for automatic discovery of the services and data repositories are available from a Certificate Service Provider (CSP). This contribution will take realworld PKI one step closer to achieving its goal. Key words: PKI, Service Discovery, Certification Authority, Digital Certificates
Massimiliano Pala, Sean W. Smith