Overview of Certification Systems


A newer and summarized version of the paper "Overview of
Certification Systems: X.509, CA, PGP and SKIP" is available in .pdf
and .ps formats at

http://www.mcg.org.br/certover.pdf  and


 Cryptography and certification are considered necessary Internet
 features and must be used together, for example in e-commerce. This
 work deals with certification issues and reviews the three most
 common methods in use today, which are based on X.509 Certificates
 and Certification Authorities (CAs), PGP and, SKIP. These methods are
 respectively classified as directory, referral and collaborative
 based. For two parties in a dialogue the three methods are further
 classified as extrinsic, because they depend on references which are
 outside the scope of the dialogue. A series of conceptual, legal and
 implementation flaws are catalogued for each case, emphasizing X.509
 and CAs, which helps to provide users with safety guidelines to be
 used when resolving certification issues. Governmental initiatives
 introducing Internet regulations on certification, such as by TTP,
 are also discussed with their pros and cons regarding security and
 privacy. Throughout, the paper stresses the basic paradox of security
 versus privacy when dealing with extrinsic certification systems,
 whether with X.509 or in combination with PGP. This paper has
 benefited form the feedback of the Internet community and its
 expanded on-line version has received more than 50,000 Internet
 visitors from more than 20,000 unique Internet sites, in 1997/98.

NOTE: The HTML version at cert.htm is still not updated, but it
contains the full original text.

Comments are welcome.


Ed Gerck

Dr.rer.nat. E. Gerck                     egerck@novaware.cps.softex.br
