• DocumentCode
    3467699
  • Title

    A model of certificate revocation

  • Author

    Cooper, David A.

  • Author_Institution
    Div. of Comput. Security, Nat. Inst. of Stand. & Technol., Gaithersburg, MD, USA
  • fYear
    1999
  • fDate
    1999
  • Firstpage
    256
  • Lastpage
    264
  • Abstract
    This paper presents a model for the distribution of revocation information using certificate revocation lists (CRLs). This model is used to highlight inefficiencies in the “traditional” method of distributing certificate status information using CRLs. Two alternative CRL-based revocation distribution mechanisms, over-issued CRLs and segmented CRLs, are then presented. The original model is then expanded to encompass each of the alternative mechanisms and these expanded models are used to demonstrate the advantages of the alternative mechanisms to the “traditional” method. Finally the paper offers some suggestions for choosing the best CRL-based revocation distribution mechanism for any particular environment
  • Keywords
    certification; public key cryptography; PKI; certificate revocation lists; certificate revocation model; public key infrastructure; revocation information distribution; Certification; Computer security; Content addressable storage; Delay; Large-scale systems; Mathematical model; NIST; Proposals; Protocols; Public key;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
  • Conference_Location
    Phoenix, AZ
  • ISSN
    1063-9527
  • Print_ISBN
    0-7695-0346-2
  • Type

    conf

  • DOI
    10.1109/CSAC.1999.816035
  • Filename
    816035
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3467699