Certificate Revocation Lists or Online Mechanisms

Vipul Goyal

2004

Abstract

With more and more acceptance of Digital Certificates and Public Key Infrastructures (PKI), the mechanisms to revoke a certificate in a PKI have recently received increasing attention. The revocation mechanisms are commonly classified into Certificate Revocation Lists (CRLs), trusted dictionaries and online mechanisms. The designer of a PKI should select an appropriate revocation method suiting his requirements. This turns out to be a sufficiently confusing task as different revocation solutions are good in different type of environments. We ask the question “How do we decide which revocation solution to use amongst the various categories of solutions?” We first conduct a survey of the existing certificate revocation techniques and then analyze and compare the various classes of revocation methods for their advantages and disadvantages. This analysis can greatly help the PKI designer to select the right revocation solution.

References

  1. A. Arsenault and S. Turner, PKIX Roadmap, Internet Draft, "Work in progress, IETF PKIX working group", October 1999.
  2. Warwick Ford and Michel S. Baum, Secure Electronic Commerce, Prentice Hall PTR, 1997.
  3. David A. Copper, A model of certificate revocation, proceedings of the Fifteenth Annual Computer Security Application Conference, December 1999.
  4. Stuart Stubblebine, Recent-secure authentication: Enforcing revocation in distributed systems, In Proceedings 1995 IEEE Symposium on Research in Security and Privacy, pages 224-234, May 1995.
  5. A. Malpani S. Galperin M. Myers, R. Ankney and C. Adams, RFC 2560: X.509 internet public key infrastructure online certificate status protocol - OCSP, June 1999.
  6. Patrick McDaniel and Aviel D. Rubin, A response to "can we eliminate certificate revocation lists?”, Financial Cryptography, pages 245-258, 2000.
  7. S. Micali, Eficient certificate revocation, Technical Memo MIT/LCS/TM-542b, Massachusetts Institute of Technology, Laboratory for Computer Science, March 1996.
  8. J. Millen and R. Wright, Certificate revocation the responsible way, Post-proceedings of Computer Security, Dependability and Assurance: from Needs to Solutions (CSDA'98), IEEE Computer Society.
  9. M. Myers, Revocation: Options and challenges, Lecture Notes in Computer Science, volume 1465, pages 165-171, 1998.
  10. Moni Naor and Kobbi Nissim, Certificate revocation and certificate update, Proceedings 7th USENIX Security Symposium (San Antonio, Texas), Jan 1998.
  11. Ronald L. Rivest, Can we eliminate certificate revocations lists? Financial Cryptography, pages 178-183, 1998.
  12. Fox and LaMacchia, Certificate revocation: Mechanics and meaning, Financial Cryptography, LNCS, Springer-Verlag, 1998.
  13. Carl A. Gunter and Trevor Jim, Generalized certificate revocation, Symposium on Principles of Programming Languages, pages 316-329, 2000.
  14. R. Housley, W. Ford, W. Polk, and D. Solo, RFC 2459: Internet X.509 public key infrastructure certificate and CRL profile, January 1999. Status: PROPOSED STANDARD.
  15. P. C. Kocher, On certificate revocation and validation, Financial Cryptography, LNCS, Springer-Verlag, 1998.
  16. William Aiello, Sachin Lodha, and Rafail Ostrovsky, Fast Digital Identity Revocation, Advances in Cryptology - CRYPTO 7898, Springer, 1998.
  17. Paul Kocher, A Quick Introduction to Certificate Revocation Trees (CRTs), Technical report, ValiCert, 1999.
  18. Andre Arnes, Public Key Certificate Revocation Schemes, Master's thesis, Department of Telematics, Norwegian University of Science and Technology, February 2000.
  19. Phillip Hallam-Baker, OCSP Extensions, Internet Draft, "Work in progress, IETF PKIX working group", September 1999.
  20. Ambarish Malpani and Paul Hoffman, Simple Certificate Validation Protocol, Internet Draft, "Work in progress, IETF PKIX working group", April 1999.
  21. Carlisle Adams and Robert Zuccherato, Data Certification Server Protocols, Internet Draft, "Work in progress, IETF PKIX working group", September 1999.
Download


Paper Citation


in Harvard Style

Goyal V. (2004). Certificate Revocation Lists or Online Mechanisms . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 261-268. DOI: 10.5220/0002679502610268


in Bibtex Style

@conference{wosis04,
author={Vipul Goyal},
title={Certificate Revocation Lists or Online Mechanisms},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={261-268},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002679502610268},
isbn={972-8865-07-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Certificate Revocation Lists or Online Mechanisms
SN - 972-8865-07-4
AU - Goyal V.
PY - 2004
SP - 261
EP - 268
DO - 10.5220/0002679502610268