18.7 X.509 CERTIFICATES
Until this last quarter century, cryptography needed to be supported in a very limited community. During the Gulf War, secure communications were needed between Washington, U.S. bases in Europe and Japan, and the forces stationed in the Gulf region. Moreover, parties having the capability to monitor and decipher in a timely manner communications between Washington and the Gulf were very limited.
All this has changed because of the Internet; in 1990 there were over 300,000 hosts (mainframe machines). Vincent Cerf claimed several years ago that there were over 60 million Internet users then existing. The number of potential user-to-user endpoints is staggering. Public-key cryptography provided a vehicle to replaced the -key distribution with N users to one of complexity N. Nevertheless, User_ID[A] must make available the public key PuK(ID[A]) to all users who wish to communicate with User_ID[A]. The thought of a server maintaining a file containing several million keys is absurd. Moreover, even if such a server is contemplated, there is the need to prevent a spoofing attack, wherein User_ID[A]'s public key is temporarily replaced by that of the spoofer.
The proposed solution, based on the user of certificates, provides a link between User_ ID[A]'s network identifier ID[A] and public key PuK(ID[A]). It is planned that various Certificate Authorities (CA) will ...
Get Computer Security and Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.