Abstract - In this paper, we proposed a formal representation of
certificate validation in Pretty Good Privacy (PGP) and X.509 systems.
This representation uses new logical assertions to support public-key based
certification systems and different trust levels. Although the meanings
of some of those assertions are different in PGP and X.509 cases, the certificate
validation can be expressed using the same assertions. We also proposed
a novel multiple digital signature scheme, namely nested signatures, which
is directly applicable to PGP and X.509 certificates to yield nested certificates.
A nested signature is a signature over another signature and is used to
verify the subject signature without using the public key of the issuer
of the subject signature. This characteristic of the nested signatures
and nested certificates allow the entities in the network to realise more
flexible trust and certification scenarios. We also extended the formal
specification of the certificate validation to support nested certificates
for both PGP and X.509 cases.
Paper in PDF (85K)
Back to Albert Levi's home page
Back to M. Ufuk Caglayan's home page