著者

Wataru Ohgai Takao Kondo Korry Luke Satoshi Kai Keisuke Uehara Satoru Tezuka

雑誌

研究報告コンピュータセキュリティ(CSEC) (ISSN:21888655)

巻号頁・発行日

vol.2022-CSEC-96, no.16, pp.1-8, 2022-03-03

---

The TLS security model enables the identification and secrecy of the host-to-host communication channel on the Web; however, TLS cannot guarantee the relationship between service providers. This paper proposes a lightweight self-managed mutual declaration mechanism, M2DMRT, in which service providers mutually sign their TLS public keys and publish them in DNSSEC-protected DNS zones. With M2DMRT, service providers can mutually declare their relationships with each other, and end users can easily trust the relationships by verifying the signatures. Further, this paper implemented a server-side proof of concept. After evaluating its basic performance and feasibility from an Internet architecture perspective, this paper found this mechanism can realize more trustable Web security architecture by providing a sufficiently performant way to declare and verify relationships between service providers without significantly impacting the current Internet environment.