Abstract
The validity period of certificates may be quite long. For example, X.509 SSL server certificates are typically valid for at least 2 years. However, it may happen that during the validity period a certificate has to be invalidated, for example, if the private key that corresponds to the public key in the certificate has been compromised. The process of invalidating the certificate before its expiration time is called revocation. In this chapter, we discuss revocation and strategies to publish revocation information.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A. Ã…rnes, M. Just, S.V. Knapskog, S. Lloyd, H. Meijer, Selecting revocation solutions for PKI, in Proceedings of NORDSEC 2000 Fifth Nordic Workshop on Secure IT Systems, 2000. http://www.pvv.ntnu.no/~andrearn/certrev/
D.A. Cooper, A model of certificate revocation, in Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99), Scottsdale, 1999, pp. 256–264
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, in IETF Request for Comments, 5280, May 2008
A. Deacon, R. Hurst, The lightweight online certificate status protocol (OCSP) profile for high-volume environments, in IETF Request for Comments, 5019, Sept 2007
F.F. Elwailly, C. Gentry, Z. Ramzan, QuasiModo: efficient certificate validation and revocation, in Proceedings of the 7th International Workshop on Theory and Practice in Public Key Cryptography, PKC 2004, Singapore, 2004. Volume 2947 of Lecture Notes in Computer Science, pp. 375–388
S. Micali, Novomodo – scalable certificate validation and simplified PKI management, in Online Proceedings of the 1st Annual PKI Research Workshop, 2002. http://www.cs.dartmouth.edu/~pki02/
M. Myers, Revocation: options and challenges, in Proceedings of Financial Cryptography, Second International Conference, FC’98, Anguilla, 1998. Volume 1465 of Lecture Notes in Computer Science, pp. 165–171
M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, X.509 Internet public key infrastructure online certificate status protocol – OCSP, in IETF Request for Comments, 2560, June 1999
K. Scheibelhofer, PKI without revocation checking, in Online Proceedings of the 4th Annual PKI R&D Workshop, Apr 2005. http://middleware.internet2.edu/pki05/proceedings/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Buchmann, J.A., Karatsiolis, E., Wiesmaier, A. (2013). Revocation. In: Introduction to Public Key Infrastructures. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40657-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-40657-7_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40656-0
Online ISBN: 978-3-642-40657-7
eBook Packages: Computer ScienceComputer Science (R0)