PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem

In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we redesign the current revocation system with a novel approach that we call PKI Safety Net (PKISN), which uses publicly accessible logs to store certificates (in the spirit of Certificate Transparency) and revocations. The proposed system extends existing mechanisms, which enables simple deployment. Moreover, we present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201

Acceptance sent through email; is the postal rule applicable?

Purpose - This paper focuses on the application of the postal rule to email, due to the controversy surrounding the application of the “instantaneous” test to emails. Methodology/approach/design - This article analyses standards and literature on the formation of contract under English law. Findings - Although the postal rule is an invention of its time, this rule could still play a role regarding emails. Indeed, due to the difficulties in applying the “instantaneous” test to emails, emails would still be subject to the postal rule. Of course, the postal rule in its current form is no more fitting the reality. However, the benefits that such rule provides should not be lost, instead a new rule could be drafted based on the postal rule. Practical implications - This article discusses the possible improvements to the already existing framework. Originality/value - This paper analyses the use of the postal rule to electronic contracts in the UK, a topic that is not much researched but could have great importance when doing electronic business