Dartmouth Scientists Hard at Work on PKI Fix
Stan Gibson | Date: 07-13-09 | Comments: 2
- Certificates sometimes need to be revoked, and when they are, the mechanism for spreading word on the Internet is so cumbersome as to be practically unusable beyond narrowly defined groups.
Widely hailed as a critical technology for Internet commerce
and e-government, PKI (Public Key
Infrastructure) has suffered from inherent design flaws that have hobbled
adoption and kept it from achieving its full promise. For PKI
to work, a trusted certificate must be issued to a user. But certificates
sometimes need to be revoked and when they are, the mechanism for spreading
word on the Internet is so cumbersome as to be practically unusable beyond
narrowly defined groups.
That’s a
problem on which researchers at Dartmouth
College in Hanover, N. H., are hard
at work to solve with a technology known as PRQP (PKI
Resource Query Protocol).
“Without
PRQP, finding critical replication information can be problematic. How do you
know where to look to seek whether the issuer of a certificate has revoked it?
In practice, it may be impossible to tell if it had been revoked without PRQP,
even though in theory it should work. PRQP tries to distribute this
information,” said Dartmouth Professor Sean Smith.
The critical
enhancement to PKI took a step nearer to reality
recently when it was taken up by the Internet Engineering Task Force (IETF)
earlier this year in the PKI X working
group. Protocols sometimes gain wide adoption even before gaining the full
blessing of the IETF, a process which can take years.
PRQP will
gain further currency in the fall of 2009 when it will be included in Open CA,
open source software for issuing digital certificates, according to Massimiliano
Pala, research fellow at Dartmouth’s
Institute for Security, Technology, and Society (ISTS). Open CA is currently
being used by some governments and other organizations, according to Pala. The
researcher also said he is working on a PRQP client for Mozilla’s Firefox
browser, which will be available in September.
The PRQP
work at Dartmouth has been funded
by the U. S. Department of Homeland Security.
