A cryptographically generated issuer name for trust anchor
ZTE Corporation
ZTE Corporation
ZTE Corporation
This document proposes an enhanced certificate profile for trust anchors, in which the issuer field of the TA certificate is cryptographically generated. In the RPKI architecture, the trust anchor uses self-signed certificate. However, this sort of certificate is vulnerable to various attacks. For example, the attackers can easily create its own public-private key pair and declaims that the issuer field belongs to him. This means attackers can easily impersonate the trust anchor. To address it, this document adds identity based cryptographic technique to the self- signed certificate. Since the issuer field of the trust anchor's certificate is cryptographically generated from the trust anchor's public key, the attacker will not be able to create another key pair and declaim that the issuer field generated by the trust anchor belongs to him. Therefore, attackers can not impersonate the trust anchor.