A Public Key Infrastructure based on the Secure DNS

Abstract

In recent years, asymmetric key cryptographic systems are widely used for the security of e-mail, WWW, and electronic commerce applications. For the proper use of asymmetric key cryptographic systems in these applications, one needs a system called a public key ingrastructure. The public key infrastructure is a system in which a user can register his public key and obtain other user's public key. In the public key infrastructure, a user's public key ceritficate is generated by a certification authority and stored in a directory system. In this paper we propose to use the DNS, which is already providing naming services world-wide, as the directory system of a public key infrastructure covering users all over the world. The extensions required to the DNS to store certificates and certification revocation lists are explained and interfaces with which certification revocation lists are described. And the procedures with which a user can retrieve a certificate from the DNS are presented.