DocumentCode :
3467699
Title :
A model of certificate revocation
Author :
Cooper, David A.
Author_Institution :
Div. of Comput. Security, Nat. Inst. of Stand. & Technol., Gaithersburg, MD, USA
fYear :
1999
fDate :
1999
Firstpage :
256
Lastpage :
264
Abstract :
This paper presents a model for the distribution of revocation information using certificate revocation lists (CRLs). This model is used to highlight inefficiencies in the “traditional” method of distributing certificate status information using CRLs. Two alternative CRL-based revocation distribution mechanisms, over-issued CRLs and segmented CRLs, are then presented. The original model is then expanded to encompass each of the alternative mechanisms and these expanded models are used to demonstrate the advantages of the alternative mechanisms to the “traditional” method. Finally the paper offers some suggestions for choosing the best CRL-based revocation distribution mechanism for any particular environment
Keywords :
certification; public key cryptography; PKI; certificate revocation lists; certificate revocation model; public key infrastructure; revocation information distribution; Certification; Computer security; Content addressable storage; Delay; Large-scale systems; Mathematical model; NIST; Proposals; Protocols; Public key;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
Conference_Location :
Phoenix, AZ
ISSN :
1063-9527
Print_ISBN :
0-7695-0346-2
Type :
conf
DOI :
10.1109/CSAC.1999.816035
Filename :
816035
Link To Document :
بازگشت