Since the early 1990s public-key certificate issuance has involved verifying users' identities and public keys over a separate-and presumably secure-channel, such as in person or over the phone. However, in some cases it is not practical to mandate users to obtain certificates in person. Hence a means to issue certificates over insecure networks (e.g. Internet) is required. More recently, the market expectation of mobile commerce raises the issue of certificate issuance over wireless networks. The WAP Forum has defined a WAP PKI specification and the registration protocol is also a certificate issuance protocol....[ Read more ]

Since the early 1990s public-key certificate issuance has involved verifying users' identities and public keys over a separate-and presumably secure-channel, such as in person or over the phone. However, in some cases it is not practical to mandate users to obtain certificates in person. Hence a means to issue certificates over insecure networks (e.g. Internet) is required. More recently, the market expectation of mobile commerce raises the issue of certificate issuance over wireless networks. The WAP Forum has defined a WAP PKI specification and the registration protocol is also a certificate issuance protocol.

We describe the security concerns of protocols for public-key certificate issuance. We motivate and describe the protocols that have appeared in drafts of the SET specification and the WAP specification. In addition, we define a methodology on the exact engineering analysis of such protocols, based on the given cryptographic primitives such as public key encryption and signature schemes, shared key encryption schemes, random number generation and message authentication code schemes.