Certificate revocation and certificate update

Moni Naor, Kobbi Nissim

Research output: Contribution to journalArticlepeer-review

152 Scopus citations

Abstract

We present a solution for the problem of certificate revocation. This solution represents certificate revocation lists by authenticated dictionaries that support: 1) efficient verification whether a certificate is in the list or not and 2) efficient updates (adding/removing certificates from the list). The suggested solution gains in scalability, communication costs, robustness to parameter changes, and update rate. Comparisons to the following solutions (and variants) are included: `traditional' certificate revocation lists (CRL's), Micali's certificate revocation system (CRS), and Kocher's certificate revocation trees (CRT). We also consider a scenario in which certificates are not revoked, but frequently issued for short-term periods. Based on the authenticated dictionary scheme, a certificate update scheme is presented in which all certificates are updated by a common message. The suggested solutions for certificate revocation and certificate update problems are better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters, and are compatible, e.g., with X.500 certificates.

Original languageEnglish
Pages (from-to)561-570
Number of pages10
JournalIEEE Journal on Selected Areas in Communications
Volume18
Issue number4
DOIs
StatePublished - 1 Apr 2000
Externally publishedYes

Fingerprint

Dive into the research topics of 'Certificate revocation and certificate update'. Together they form a unique fingerprint.

Cite this