Abstract - In this paper, we proposed a formal representation of certificate validation in Pretty Good Privacy (PGP) and X.509 systems. This representation uses new logical assertions to support public-key based certification systems and different trust levels. Although the meanings of some of those assertions are different in PGP and X.509 cases, the certificate validation can be expressed using the same assertions. We also proposed a novel multiple digital signature scheme, namely nested signatures, which is directly applicable to PGP and X.509 certificates to yield nested certificates. A nested signature is a signature over another signature and is used to verify the subject signature without using the public key of the issuer of the subject signature. This characteristic of the nested signatures and nested certificates allow the entities in the network to realise more flexible trust and certification scenarios. We also extended the formal specification of the certificate validation to support nested certificates for both PGP and X.509 cases.
 

Paper in PDF (85K)

Back to Albert Levi's home page
Back to M. Ufuk Caglayan's home page