Summary:
Nested Certification is a new method of certificate verification with no loss in trust but is more computationally efficient at the verifier end. Public Key Cryptography is time inefficient and requires the verifier to verify the certificates of all intermediate CA's on the path and find their public keys in order to reach the target entity. NPKI on the other hand makes it possible to extract efficiently verifiable certificate paths. A nested certificate (NC) is a "certificate for another certificate", which assures the legitimacy of signature over it. A Nested Certificate Authority (NCA) is a authorized issuer of nested certificates. A NCA issues a NC by digitally signing the one way hash of the NC content. A NC needs to certify that the subject certificate has been signed by the claimed CA or NCA and that the subject certificate content has not been maliciously modified. The existing signature over the subject certificate content satisfies the first requirement while the attached hash of the subject certificate satisfies the second requirement.

The NCA does not guarantee the correctness of information but it does guarantee the legitimacy of the signature over the subject certificate. The digital signature is done using the public key cryptosystem. The subject certificate is verified  by (a) recalculating the hash of the actual SC and comparing to the one stored in NC and (B) by comparing the subject certificate signature stored in the NC with the actual signature over the content of the SC. The subject certificate verification does not involve public key cryptography and so is fast.

A nested certificate path is a chain of nested certificates together with a classical certificate at the end, which is the target entity. In order to verify such a path, the verifier must obtain all certificates on it and must know the public key of the first NCA of the path. However, the public keys of other certificates on the path need not be found and they are verified by the subject certificate verification method specified above. The speedup factor for nested certificate path verification method iranges from 1.9 to 8.8 for nested certificate paths with 1 to 8 nested certificates.

The paper has presented a approach to evolve the current PKI system into a NPKI system which allows both nested as well as classical certificates.  Every CA issues nested certificates to the certificates that are issued by its neighbours in the PKI and thus it is possible to convert classical certificate paths into nested certificate paths without destroying the existing topological hierarchy and trust relationships. Certificate Storage and obtainment is done both by distributed directories as well as centralized databases. The best charateristic of the system is that the verifier needs to check the revocation status of only one certificate independent of the path length.

To conclude, NPKI gives an efficient method of certificate verification which defintely saves upon time at the verifier end wothout compromising on the trust.



**PROS:

(A) Submitted by Jalal
- Builds on existing PKI systems -- no need to change existing PKI
infrastructures. 
- Can coexist with classical PKI systems.
- Backward compatible: unaware applications can continue using classical
certificates and certificate paths.
- Attempts to optimize the verification process which occurs much more
often than addition and deletion of users.
- Thanks to nested certificates, the costly cryptographic verification
is reduced to a single check and a series of fast one-way hash
functions.
- Achieves some amount of load balancing, by assigning tasks to the
higher-level CAs, which in a classical PKI may be idle for long periods.


(B) Submitted by Paul
1.   This paper actually proposes a transition from an existing Public
Key Infrastructure--a pragmatic approach since it's always nice to say
"this other scheme is better and we have to scrap the system in
place"--noone will go for this unless the old system is _really_ bad.

2.  The suggested scheme is more effecient that public key crypto
systems (but mostly because there aren't any crypto operations being
performed, but verification of has functions).

3.  The efficiency of the operations decrease the overall verification
process.

4.  System is versatile--it can work with both the nested and classic
versions.

5.  Nested certificate propogation need not be complete for
verification along a path to work (and partial proprogation still
yields an increase in performance).

6.  The method of nested certificate propagation preserves the trust
relationships already in place. (p.8).


**Cons:

(A) Submitted by Prasad
1. The paper is not very clear about how to obtain nested certificates in
order to verify a end-user's public key. The NPKI implementation depends
on the the existence of a hierarchical PKI.

2. The paper does not address the issues of how to prevent proliferation
of NPCAs. How many NPCA's are necessary. The treatment of this seems ad
hoc in the paper.

3. The paper states that authorities need not be online to certify. Taking
a CA off-line will still result in certificates getting verified correctly.
This seems dangerous, especially in the light of flooding and physical
attacks on links and hosts.

4. Revocation of NPKI certificates is not addressed clearly. The paper
does not mention negative certificates.

5. There is no strong justification for the use of their certificates
versus the web of trust scheme. Their certificates are not attestations of
trust, so it is difficult to analyze the trust implications of their
method.

6. Cached certificates may cause a problem.

7. The magic 10 MB   is not explained in the paper.

8. Delegation is not addressed.


**Voting Results:
strong reject: 6
weak reject: 8
weak accept: 7
strong accept: 1