The central goal of
Public Key Infrastructure (PKI) is to enable trust judgments between distributed users. Although
certificates play a central role in making such judgments, a PKI’s users need more than just knowledge of certificates. Minimally, a relying
party must able to locate critical parameters such the certificate repositories and certificate validation servers relevant
to the trust path under consideration. Users in other scenarios may require other resources and services.
Surprisingly, locating these resources and services remains a largely unsolved problem in real-world X.509 PKI deployment.
In this paper, we present the design and prototype of a new and flexible solution for automatic discovery of the services
and data repositories are available from a Certificate Service Provider (CSP). This contribution will take real-world PKI one step closer to achieving its goal.
Keywords PKI - Service Discovery - Certification Authority - Digital Certificates
The authors would like to thank Stephen Kent, Frank Pooth, Ashad Noor, Sravan and all the PKIX WG for several discussions
and comments. This work was supported in part by the NSF (under grant CNS-0448499 ), the U.S. Department of Homeland Security
(under Grant Award Number 2006-CS-001-000001), and Sun. The views and conclusions contained in this document are those of
the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied,
of any of the sponsors.