Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
7th USENIX Security Symposium, 1998    [Technical Program]

Pp. 217–228 of the Proceedings


next up previous
Next: 1 Introduction

Certificate Revocation and Certificate Update


Dept. of Applied Mathematics and Computer Science
Weizmann Institute of Science
Rehovot 76100, Israel
{naor, kobbi}@wisdom.weizmann.ac.il

[1]Research supported by BSF grant no. 94-00032.

Abstract:

A new solution is suggested for the problem of certificate revocation. This solution represents Certificate Revocation Lists by an authenticated search data structure. The process of verifying whether a certificate is in the list or not, as well as updating the list, is made very efficient. The suggested solution gains in scalability, communication costs, robustness to parameter changes and update rate. Comparisons to the following solutions are included: `traditional' CRLs (Certificate Revocation Lists), Micali's Certificate Revocation System (CRS) and Kocher's Certificate Revocation Trees (CRT).

Finally, a scenario in which certificates are not revoked, but frequently issued for short-term periods is considered. Based on the authenticated search data structure scheme, a certificate update scheme is presented in which all certificates are updated by a common message.

The suggested solutions for certificate revocation and certificate update problems is better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters and is compatible e.g. with X.500 certificates.





Nissim Yaacov
Sun Dec 7 16:00:09 IST 1997

This paper was originally published in the Proceedings of the 7th USENIX Security Symposium, January 26-29, 1998, San Antonio, Texas
Last changed: 12 April 2002 aw
Technical Program
Conference Index
USENIX home