Domain-based administration of identity-based cryptosystems for secure email and IPSEC

• 12th Usenix Security Symposium

Effective widespread deployment of cryptographic technologies such as secure email and IPsec has been hampered by the difficulties involved in establishing a large scale public key infrastructure, or {PKI}. Identity-based cryptography (IBC) can be used to ameliorate some of this problem. However, current approaches to using IBC for email or IPsec require a global, trusted key distribution center. In this paper, we present DNSIBC, a system that captures many of the advantages of using IBC, without requiring a global trust infrastructure. The resulting system can be configured to require almost no user intervention to secure both email and IP-based network traffic. We are building a preliminary implementation of this system in Linux.

citation

Smetters, D. K. ; Durfee, G. E. Domain-based administration of identity-based cryptosystems for secure email and IPSEC. 12th Usenix Security Symposium; 2003 August 4-8; Washington; DC.