Abstract
There are several problems associated with the current ways that certificates are published and revoked. This paper discusses these problems, and then proposes a solution based on the use of WebDAV, an enhancement to the HTTP protocol. The proposed solution provides instant certificate revocation, minimizes the processing costs of the certificate issuer and relying party, and eases the administrative burden of publishing certificates and certificate revocation lists (CRLs).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chadwick, D.W.: Deficiencies in LDAP when used to support a Public Key Infrastructure. Communications of the ACM 46(3), 99–104 (2003)
Goland, Y., Whitehead, E., Faizi, A., Carter, S., Jensen, D.: HTTP Extensions for Distributed Authoring – WEBDAV. RFC 2518 (February 1999)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol – OCSP, RFC 2560 (1999)
ITU-T. The Directory: Public-key and attribute certificate frameworks ISO 9594-8 (2005) /ITU-T Rec. X.509 (2005)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0, RFC 2246 (January 1999)
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC3820 (June 2004)
OASIS. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard (March 15, 2005)
Alfieri, R., Cecchini, R., Ciaschini, V., Dell’Agnello, L., Frohner, A., Lorentey, K., Spataro, F.: From gridmap-file to VOMS: managing authorization in a Grid environment. Future Generation Computer Systems 21(4), 549–558 (2005)
Wahl, M., Coulbeck, A., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions. RFC 2252 (December 1997)
Guida, R., Stahl, R., Bunt, T., Secrest, G., Moorcones, J.: Deploying and using public key technology: lessons learned in real life. IEEE Security and Privacy 2(4), 67–71 (2004)
Bray, T., Hollander, D., Layman, A.: Namespaces in XML. World Wide Web Consortium Recommendation REC-xml-names-19900114. See http://www.w3.org/TR/1999/REC-xml-names-19990114/
Chadwick, D.W., Otenko, A., Ball, E.: Role-based access control with X.509 attribute certificates. IEEE Internet Computing, 62–69 (March-April, 2003)
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: Building a Modular Authorization Infrastructure, UK All Hands Meeting, Nottingham (September 2006). Available from http://www.allhands.org.uk/2006/proceedings/papers/677.pdf
Housley, R., Ford, W., Polk, W., Solo, D.: Internet, X.: 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3280 (April 2002)
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol – HTTP/1.1. RFC 2616 (June 1999)
OASIS. Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard (15 March, 2005)
Reschke, J., et al.: Web Distributed Authoring and Versioning (WebDAV) SEARCH. <draft-reschke-webdav-search-11> (9 February, 2007)
Netscape Certificate Extensions, Navigator 3.0 Version. Available from http://wp.netscape.com/eng/security/cert-exts.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chadwick, D.W., Anthony, S. (2007). Using WebDAV for Improved Certificate Revocation and Publication. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-73408-6_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73407-9
Online ISBN: 978-3-540-73408-6
eBook Packages: Computer ScienceComputer Science (R0)