How to Build Evidence in a Public-Key Infrastructure for Multi-Domain Environments

B. Crispo

University of Cambridge, UK
Universita' di Torino, Italy


We discuss here some of the issues that must be considered to build evidence in an appropriate way in a public-key infrastructure (PKI). Despite the fact that one of the most recurrent motivation by papers advocating the necessity of a PKI, is to support electronic commerce, all the new proposals of PKIs do not define any procedure to specify which evidence must be collected and in which form, when users carry out a commercial transaction.
We think that this is an important issue that requires more attention especially if Internet will succeed to became a marketplace as many people hope. In the conventional world, evidence plays a very important role in any dispute resolution that can occur.
Besides all the services and applications that we can provide to users to facilitate them to buy through the use of PCs, we have to provide them by a sufficiently well founded guarantee that they will be safeguarded against frauds attempts and malicious behaviours.
In this paper, we describe which facilities a PKI must provide in order to build the evidence needed to get that guarantee.

Here the full paper in poscript format.

This paper has been published in the Proceedings "Security Protocols International Workshop", April 7-9, 1997 Paris, France, Springer-Verlag LNCS vol.1361 pp. 53-65.