On the Release of CRLs in Public Key Infrastructure
نویسندگان
چکیده
Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this aspect has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real empirical data from VeriSign and derive the probability function for certificate revocation requests. We then prove that a revocation system will become stable after a period of time. Based on these, we show that different certificate authorities should take different strategies for releasing certificate revocation lists for different types of certificate services. We also provide the exact steps by which certificate authorities can derive optimal releasing strategies.
منابع مشابه
Windowed Key Revocation in Public Key Infrastructures
A fundamental problem inhibiting the wide acceptance of a Public Key Infrastructure (PKI) in the Internet is the lack of a mechanism that provides scalable certificate revocation. In this paper, we propose a novel mechanism called Windowed Revocation. In windowed revocation, certificate revocation is announced for short periods in periodic Certificate Revocation Lists (CRLs). Due to the assuran...
متن کاملA Response to ''Can We Eliminate Certificate Revocation Lists?''
The use of certi cate revocation lists (CRLs) to convey revocation state in public key infrastructures has long been the subject of debate. Centrally, opponents of the technology attribute a range of semantic and technical limitations to CRLs. In this paper, we consider arguments advising against the use of CRLs made principally by Rivest in his paper \Can we eliminate certi cate revocation lis...
متن کاملDistributed Storage and Revocation in Digital Certificate Databases
Public-key cryptography is fast becoming the foundation for those applications that require security and authentication in open networks. But the widespread use of a global public-key cryptosystem requires that public-key certificates are always available and up-to-date. Problems associated to digital certificates management, like storage, retrieval, maintenance, and, specially, revocation, req...
متن کاملA Novel Security Scheme in VANET using ASIA
A vehicular ad hoc network (VANET) uses cars as mobile nodes in a MANET to create a mobile network. In the vehicular ad hoc networks the security is an important concern. For security purpose, Vehicular ad hoc networks (VANETs) adopt the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs).This PKI system, the authentication of a received message is performed by checking if t...
متن کاملQuick Message Authentication Protocol for Vehicular AD HOC Networks
Public Key Infrastructure (PKI) plays very important role in Vehicular Ad hoc Networks (VANETs). In this system; confirmation of received message can be done by checking the sender’s certificate is included in the Certificate Revocation Lists (CRLs), which means checking its revocation status, then, substantiating the sender’s certificate, and finally validating the sender’s signature. Since th...
متن کامل