14,115 research outputs found
PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem
In a public-key infrastructure (PKI), clients must have an efficient and
secure way to determine whether a certificate was revoked (by an entity
considered as legitimate to do so), while preserving user privacy. A few
certification authorities (CAs) are currently responsible for the issuance of
the large majority of TLS certificates. These certificates are considered valid
only if the certificate of the issuing CA is also valid. The certificates of
these important CAs are effectively too big to be revoked, as revoking them
would result in massive collateral damage. To solve this problem, we redesign
the current revocation system with a novel approach that we call PKI Safety Net
(PKISN), which uses publicly accessible logs to store certificates (in the
spirit of Certificate Transparency) and revocations. The proposed system
extends existing mechanisms, which enables simple deployment. Moreover, we
present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201
Acceptance sent through email; is the postal rule applicable?
Purpose - This paper focuses on the application of the postal rule to email, due to the controversy surrounding the application of the “instantaneous” test to emails. Methodology/approach/design - This article analyses standards and literature on the formation of contract under English law. Findings - Although the postal rule is an invention of its time, this rule could still play a role regarding emails. Indeed, due to the difficulties in applying the “instantaneous” test to emails, emails would still be subject to the postal rule. Of course, the postal rule in its current form is no more fitting the reality. However, the benefits that such rule provides should not be lost, instead a new rule could be drafted based on the postal rule. Practical implications - This article discusses the possible improvements to the already existing framework. Originality/value - This paper analyses the use of the postal rule to electronic contracts in the UK, a topic that is not much researched but could have great importance when doing electronic business
- …