MCG - Publications

1. Overviews, Tutorials and Excerpts:

The Intrinsic and Meta-Certification Primer, by E. Gerck. This text is a short introduction to metric spaces in certification, the generalized certification model, intrinsic certification, meta-certification and other related subjects.  Intrinsic Certification at a glance, part I , by E. Gerck. Presents a comprehensive view of the problem statment of Intrinsic Certification. Intrinsic Certification examples, by Tony Bartoletti and E. Gerck. Discusses intrinsic identification, identity and certification -- with easy-to-follow examples for each.  MCG Excerpt: 1997 Deloitte & Touche Report on International Frauds, by N. Bohm. This report commissioned by the European Union says that cross-border fraud involving Internet abuse and others is costing society $77 billion a year.

Why is certification harder than it looks?, by E. Gerck. The paradox is that while certification is harder than it looks, it must be made amenable to the average user . Overview of Certification Systems: X.509, CA, PGP and SKIP, by E. Gerck. This paper deals with certification issues and reviews the three most common methods in use today. This work is a worldwide reference within the Internet security community -- more than 50,000 hits. The Unabridged X.509 Certificate, by E. Gerck and N. Bohm. Contains the full explicit and implicit content of a generic X.509 certificate and thus may  well represent what is meant by any X.509 Certificate that the reader may need to accept or buy, such as for https (SSL) access, for S/MIME e-mail, etc.  1997-98 MCG Report A Technical Summary of Developments, with an overview and reference guide.

---

2. Published E-mails (selected from MCG listservers):

Threads: early discussions (also off-list) Rules Identity Exposition e-mail MC certification Re: TTP/CA roles in MC design Towards MC Standards Copyright issues Re: copyright issues, II Re: What's it all about? Checking validity Trust Properties Intrinsic and MC

Is certification a metric? Towards a real-world model of trust Re: Towards a real-world model of trust The role of trust in certification What is needed on the Internet ... Must e-commerce deals expire with certs? Cerimony and non-repudiation in e-commerce MC-ware potential and objectives Dr. Faust's Internet Dilemma  What is identification, that we can identify it? What is identification, that we can identify it?, Part II Identification and Privacy are not Antinomies Risk vis-a-vis Trust

---

3. Research Papers and Short Communications:  

Towards a Real-World Model of Trust: Reliance on Received Information, by E. Gerck. This paper proposes and qualifies a model of trust for communication systems, which is based on and reproduces the usual properties of trust in day to day life. Comments on the UK DTI TTP public consultation paper, by N. Bohm. (Personal Position Paper, not reviewed by the MCG). Certification: Extrinsic, Intrinsic and Combined, by E. Gerck. This work divides all possible security designs for Internet certification in extrinsic, intrinsic and combined, providing a general theory for Internet certification. The intrinsic and combined designs are new certification methods.   (under review -- pls contact the author) Certificate Ontology, Part I, by E. Gerck.

Unicity, DES Unicity, Open-Keys, Unknown-Keys, by E. Gerck. Revisits the concept of unicity and shows that key-length is not the most important parameter to evaluate the security of cryptographic systems, discussing possible weakness in current systems and alternatives. To exemplify, a 70-bit exportable DES is proposed, directly  based on 56-bit DES. Some Non-Random DES Characteristics and an Identification Attack on DES, by E. Gerck. Shows some non-random characteristics of DES, explained as a collateral effect of its 56-bit key-length versus 64-bit plaintext space. Also describes the  "Identification Attack",  used to explore this vulnerability to break DES with just three letters. Authentication, Reliability and Risks, by N. Bohm. This paper suggests that it is a mistake to treat the need for authentication as axiomatic.

 

---

NOTE TO AUTHORS: If you want  to submit a paper, please  send your contribution in HTML format, by attachment. All papers are peer-reviewed, except Personal Position Papers on timely issues. We will contact you.

---