1
INTRODUCTION
1.1 System Overview:
After decades of expansion, Internet became an essential tool useful
for Professionals and private individuals providing a large range of services like
emailing, Management of bank accounts, reservation of hotels, train time schedules,
real time traffic information, Internet search…If not targeted at the beginning,
Information system Security became rapidly a key challenge for professionals and
strong security solutions emerged on the market mainly for professionals. Internet
security is thus today two speed: pretty strong security for professionals or private
individuals who can not afford security products and do no have sufficient technical
expertise to set up cheap solutions by themselves.
In this context, this paper targets the provision of a minimum security
level within Internet by defining a PKI solution based on LDAP and DNS (extended
with DNSSEC). The originality of the paper is related to the design of the chain of
trust that is built over both LDAP and DNSSEC PKIs, the certificate verification
method, and indications to extend those concepts to the secure emailing application.
1.2 Problem Definition:
1.2.1. PKI technical challenges:
A PKI (Public Key Infrastructure) is responsible of all organizational and
technical aspects to support public key management. Its duties cover the
public/private Keys generation and delivery to owners, as well as publication,
revocation and validation of public keys. All these functions are processed by a
Trusted Third Party (TTP) which is usually structured into a hierarchy of Certification
Authorities (CA), each CA being legally authorized to manage digital certificates.
Today PKI is widely adopted within Internet and serves as a basis to strong
security solutions targeting (https) electronic transactions, (SSH) remote connections,
code signature, emailing…