Skip to main content
SpringerLink
Log in

On certificate revocation and validation

  • Conference paper
  • First Online:
Financial Cryptography (FC 1998)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1465))

Included in the following conference series:

Abstract

Cryptosystems need to check whether the certificates and digital signatures they are given are valid before accepting them. In addition to providing cryptographically secure validity information, certificate revocation systems must satisfy a variety of challenging technical requirements. The traditional revocation techniques of Certificate Revocation Lists (CRLs) and on-line checking are described, as well as a newer technique, Certificate Revocation Trees (CRTs), based on Merkle hash trees. CRTs provide an efficient and highly-scalable way to distribute revocation information. CRT-based systems include Tree Issuers who compile revocation information, Confirmation Issuers who distribute elements from CRTs, and users who accept certificates. CRTs are gaining increased use worldwide for several reasons. They can be used with existing protocols and certificates, and enable the secure, reliable, scalable, and inexpensive validation of certificates (as well as digital signatures and other data).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. “Information Technology — Open Systems Interconnection — The Directory: Authentication Framework,” ITU-T Recommendation X.509 (1197 E), June 1997.

    Google Scholar 

  2. P. Kocher and A. Malpani, “Certificate Revocation Trees,” ValiCert Inc. Technical Specification, http://www.valicert.com.

    Google Scholar 

  3. R. Merkle, “Secrecy, Authentication, and Public Key Systems,” Ph.D. Dissertation, Department of Electrical Engineering, Stanford University, 1979.

    Google Scholar 

  4. National Institute of Standards and Technology, “Secure Hash Standard,” Federal Information Processing Standards Publication 180-1, April 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ValiCert, 3160 Bayshore Rd., 94303, Palo Alto, CA, USA

    Paul C. Kocher (Chief Scientist)

Authors
  1. Paul C. Kocher
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Rafael Hirchfeld

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kocher, P.C. (1998). On certificate revocation and validation. In: Hirchfeld, R. (eds) Financial Cryptography. FC 1998. Lecture Notes in Computer Science, vol 1465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055481

Download citation

  • DOI: https://doi.org/10.1007/BFb0055481

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64951-9

  • Online ISBN: 978-3-540-53918-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation