Paper 2013/595

Enhanced certificate transparency and end-to-end encrypted mail

Mark D. Ryan

Abstract

The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend "certificate transparency}", a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. This makes end-to-end encrypted mail possible, with apparently few additional usability issues compared to unencrypted mail (specifically, users do not need to understand or concern themselves with keys or certificates). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call "malicious-but-cautious".

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. Network and Distributed System Security (NDSS) 2014
Keywords
PKIpublic key certificatesemail security
Contact author(s)
m d ryan @ cs bham ac uk
History
2013-12-16: revised
2013-09-14: received
See all versions
Short URL
https://ia.cr/2013/595
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/595,
      author = {Mark D.  Ryan},
      title = {Enhanced certificate transparency and end-to-end encrypted mail},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/595},
      year = {2013},
      url = {https://eprint.iacr.org/2013/595}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.