Enhancing the ACME Protocol to Automate the Management of All X.509 Web Certificates
Document Type
Conference Proceeding
Source of Publication
IFIP Advances in Information and Communication Technology
Publication Date
1-1-2024
Abstract
X.509 Public Key Infrastructures (PKIs) are widely used for managing X.509 Public Key Certificates (PKCs) to allow for secure communications and authentication on the Internet. PKCs are issued by a trusted third-party Certification Authority (CA), which is responsible for verifying the certificate requester’s information. Recent developments in web PKI show a high proliferation of Domain Validated (DV) certificates but a decline in Extended Validated (EV) certificates, indicating poor authentication of the entities behind web services. The ACME protocol facilitates the deployment of Web Certificates by automating their management. However, it is only limited to DV certificates. This paper proposes an enhancement to the ACME protocol for automating all types of Web X.509 PKCs by using W3C Verifiable Credentials (VCs) to assert a requester’s claims. We argue that any CA’s requirements for issuing a PKC can be expressed as a set of VCs, returned in a Verifiable Presentation (VP). We propose a generic communication workflow to request and present VPs, and provide proof-of-concept of the viability of our approach.
DOI Link
ISBN
9783031563256
ISSN
Publisher
Springer Nature Switzerland
Volume
679 IFIPAICT
First Page
265
Last Page
278
Disciplines
Computer Sciences
Keywords
ACME, Public Key Certificate, Verifiable Credentials
Scopus ID
Recommended Citation
Morales, David A.Cordova; Wazan, Ahmad Samer; Chadwick, David W.; Laborde, Romain; Maramara, April Rains Reyes; and Cabral, Kalil, "Enhancing the ACME Protocol to Automate the Management of All X.509 Web Certificates" (2024). All Works. 6547.
https://zuscholars.zu.ac.ae/works/6547
Indexed in Scopus
yes
Open Access
no