Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3

This document describes the features of the Lightweight Directory Access Protocol v3 that are needed in order to support a public key infrastructure based on X.509 certificates and CRLs

PKI Interoperability: Still an Issue? A Solution in the X. 509 Realm

There exist many obstacles that slow the global adoption of public key infrastructure (PKI) technology. The PKI interoperability problem, being poorly understood, is one of the most confusing. In this paper, we clarify the PKI interoperability issue by exploring both the juridical and technical domains. We demonstrate the origin of the PKI interoperability problem by determining its root causes, the latter being legal, organizational and technical differences between countries, which mean that relying parties have no one to rely on. We explain how difficult it is to harmonize them. Finally, we propose to handle the interoperability problem from the trust management point of view, by introducing the role of a trust broker which is in charge of helping relying parties make informed decisions about X.509 certificates

Couriers Without Luggage: Negotiable Instruments and Digital Signatures

Prior to the very recent explosion of interest in the Internet, for decades electronic commerce had been conducted on a large scale over closed networks. Since the late 1960s, billions of dollars in funds transfers have been executed over networked computer systems such as the Federal Reserve Wire Network (Fedwire), Clearing House Interbank Payment System (CHIPS), and the automated clearing house system (ACH); billions of dollars of goods have been sold over electronic data interchange networks. These closed, proprietary networks were built during the era of mainframe computer systems and are now being challenged by open networks of distributed client-server computer systems such as the Internet. Assimilating new technologies into existing commercial practices and business models is a daunting task. Probably for this reason, the early debate over the impact of the Internet on business practices seemingly has been dominated by those most familiar with Internet technology. Also, the early discussions of how digital signature technology may be used for business applications were apparently dominated by the technologically proficient, and surprisingly little reference was made to existing electronic commerce applications. As a result, the model of electronic commerce contained within the Digital Signature Guidelines may be of less practical relevance than its drafters hoped. This Article explores how, despite their similarity in aspiration, negotiable instruments law and the Guidelines nevertheless widely diverge in their applicability to actual business transactions. Negotiable instruments law originated in the medieval law merchant, and is the product of a centuries-long colloquy between merchants, lawyers, and courts. The doctrines of negotiability served an important role in enabling commercial transactions. By contrast, digital signature technology is a great novelty in commercial transactions. The fundamental commercial law issue raised by the Guidelines is whether legal standards should build from either a given technology or from business practices associated with the use of that technology. Because there is not yet a body of commercial practices associated with digital signature technology, if the correct protocol is the latter, then no legislation is yet appropriate. However, without some form of standardization, the lack of coordination of Internet electronic commerce systems will present an obstacle to individual transactors, and this lack of guidance may stifle the rate of adoption of the technology. The asymmetric cryptography upon which the Guidelines are based is an essential element to the operation of such a global Internet market. The Guidelines were designed to be a first tentative step from existing commercial systems to this promised land of perfect technological efficiency. This Article suggests, however, that the Guidelines may not be well-rooted enough in contemporary electronic commercial practices to provide a practical bridge from the present to perfect technological efficiency