The National Institute of Standards and Technology (NIST) is hosting a workshop on April 10-11, 2013 on technical and administrative efforts to increase trust online by improving the Public Key Infrastructure (PKI) certificate marketplace supporting Secure Socket Layer (SSL) and Transport Layer Security (TLS).
Recent attacks against individuals and companies online have utilized known vulnerabilities in certificate management in order to spoof websites or gain trust to install malicious software without the user's knowledge. A number of new standards and protocols have been suggested to address these and other risks in the current marketplace.
The workshop provides an opportunity for industry, research and academia communities, and government sectors, to review, promote and move toward consensus on emerging industry standards and guidelines and to learn about NIST's current cryptographic research, activities, programs and standards development.
Topics expected to be covered in the workshop include:
- The roles and requirements for the actors in the CA system including network security requirements;
- Transparency and alternative certification, distribution or confirmation of key information;
- Creation, reporting and use of revocation information; and
- Efforts to enhance user interfaces to improve trust.