CERTIFICATING AUTHORITY TRUST EVALUATION

摘要

In many information security scenarios, a certificate issued by a certificating authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificating authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for providing a certificating authority trust service that collects and evaluates certificates submitted to clients by certificating authorities, and advises the clients of a certificating authority trust level for respective certificating authorities (e.g., determined as a consensus of the evaluated certificates issued by the certificating authority). The clients may use a certificating authority trust set distributed by the certificating authority trust service to determine whether to trust a certificate issued from a particular certificating authority.

主权项

1. A method of evaluating certificates respectively issued by a certificating authority on a device having a processor and communicating with a client set comprising at least one client, the method comprising:
executing on the processor instructions that cause the device to:
receive from a client at least one certificate presented to the client and issued by a certificating authority;for respective certificating authorities:
for respective certificates issued by the certificating authority, determine a certificate trust level; andaccording to the certificate trust levels of the certificates issued by the certificating authority, determine a certificating authority trust level of the certificating authority; anddistribute to the clients a certificating authority trust set identifying the certificating authority trust levels of the respective certificating authorities.