Security and Communication Networks

Research Article

Accountable and Transparent TLS Certificate Management: An Alternate Public-Key Infrastructure with Verifiable Trusted Parties

Table 3

Comparison of various log-based public-key infrastructures based on certificate, audit log, security, deployability, and efficiency metrics. Entries underlined indicate major disadvantages of the corresponding scheme.




Terminology
Log	Log	Integrated Log Server	Integrated Log Server	Certificate Log Maintainer	Log Server	Log Server
Monitor	Monitor	Validator	Validator (Optional)	-	Auditor	Auditor

Certificates
Self-signed Certificate Support
Certificate Revocation Support	×

Audit Log Properties
Proof of Presence
Proof of Absence	×
Proof of Extension		×	×		×
Proof of Currency	×
Tree Type	Chron	Lex	Lex	Chron, Lex	Lex	Chron, Lex

Security
MitM Attack	Detection	Prevention	Prevention	Prevention	Prevention	Prevention
Multi Domain Certificate		×	×
Certificate Revocation	×
Formal Security Proof	×	×			×
No. of compromised parties for MitM	1/1	2/3		1/1	2/3
Domain Key Recovery	×			×
Client Connection Privacy				×
Intermediate CA Discovery	×	×	×	×	×
CA Certificate Revocation	×	×	×	×	×

Deployability
Client-side-changes Required	√	√	√	√	√	√
Server-side-changes Required		√	√		√	√

Efficiency
TLS-con-setup Add. Bandwidth	Bytes	KB	KB	KB	KB	KB
TLS-con-setup Extra Latency				√
End User Additional Action				√