Tradeoffs in certificate revocation schemes
- 1 April 2003
- journal article
- Published by Association for Computing Machinery (ACM) in ACM SIGCOMM Computer Communication Review
- Vol. 33 (2), 103-112
- https://doi.org/10.1145/956981.956991
Abstract
Cryptographic certificates are a powerful tool for security concerned applications where the participants must be authenticated in order to access some resources or commit a transaction. However, due to various reasons, the validity of such certificates can change over time, introducing the risk of an invalid certificate being used to authenticate an entity. Various methods of mitigating this risk have been devised, known broadly as "certificate revocation" schemes. In this paper, we categorize and analyze them based on our identified characteristics. We further discuss tradeoffs among them and suggest how system designers might apply the analyses.Keywords
This publication has 9 references indexed in Scilit:
- Digital certificatesPublished by Association for Computing Machinery (ACM) ,2000
- Efficient fault-tolerant certificate revocationPublished by Association for Computing Machinery (ACM) ,2000
- Accountable certificate management using undeniable attestationsPublished by Association for Computing Machinery (ACM) ,2000
- X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP1999
- Internet X.509 Public Key Infrastructure Certificate and CRL Profile1999
- Can we eliminate certificate revocation lists?Published by Springer Science and Business Media LLC ,1998
- One-Way Accumulators: A Decentralized Alternative to Digital SignaturesLecture Notes in Computer Science, 1994
- Internet Privacy Enhanced MailCommunications of the ACM, 1993
- Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management1993