Reasoning about Public-key Certification — on Bindings Between Entities and Public Keys
Reto Kohlas and Ueli Maurer
Public-key certification is of crucial importance for advancing the global information infrastructure, yet it suffers from certain ambiguities and lack of understanding and precision. This paper suggests a few steps towards basing public-key certification and public-key infrastructures on firmer theoretical grounds. In particular, we investigate the notion of binding a public to an entity. We propose a calculus for deriving conclusions from a given entity Alice's (for instance a judge's) view consisting of evidence and inference rules valid in Alice's world. The evidence consists of statements made by public keys (e.g., certificates, authorizations, or recommendations), statements made physically towards Alice by other entities, and trust assumptions. Conclusions are about who says a statement, who owns or is committed to a public key, and who transfers a right or authorization to another entity, and are derived by applying the inference rules.