Abstract
Public-key cryptography is widely used to secure transactions among distributed systems and the Public Key Infrastructure (PKI) is the infrastructure that allows to securely deliver the public keys to these systems. The public key delivery is usually performed by way of a digital document called certificate. Digital certificates have a limited life-time and the revocation is the mechanism under which a certificate can be invalidated prior to its expiration. The certificate revocation is one of the most costly mechanisms in the whole PKI and the goal of this paper is to present a detailed explanation of a certificate status checking protocol for an efficient revocation system based on the data structures proposed by Naor and Nissim in their Authenticated Dictionary (AD) [11]. This paper also addresses important aspects associated with the response verification that were beyond the scope of the original AD specification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aho, A.V., Hopcroft, J.E., Ullman, J.D.: Data Structures and Algorithms. Addison-Wesley, Reading (1988)
Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 137. Springer, Heidelberg (1998)
Fox, B., LaMacchia, B.: Online Certificate Status Checking in Financial Transactions: The Case for Re-issuance. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 104–117. Springer, Heidelberg (1999)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459 (1999)
ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Autentication Frameworks, Technical Corrigendum (2000)
Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1989)
Micali, S.: Efficient certificate revocation. Technical Report TM-542b, MIT Laboratory for Computer Science (1996)
Micali, S.: NOVOMODO Scalable Certificate Validation and Simplified PKI Management. In: 1st Annual PKI Research Workshop, pp. 15–25 (2002)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 2560 (1999)
Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)
Wohlmacher, P.: Digital certificates: a survey of revocation methods. In: 2000 ACM workshops on Multimedia, pp. 111–114. ACM Press, New York (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Munoz, J.L., Forne, J., Esparza, O., Soriano, M. (2003). A Certificate Status Checking Protocol for the Authenticated Dictionary. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2003. Lecture Notes in Computer Science, vol 2776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45215-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-45215-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40797-3
Online ISBN: 978-3-540-45215-7
eBook Packages: Springer Book Archive