Abstract
Cryptosystems need to check whether the certificates and digital signatures they are given are valid before accepting them. In addition to providing cryptographically secure validity information, certificate revocation systems must satisfy a variety of challenging technical requirements. The traditional revocation techniques of Certificate Revocation Lists (CRLs) and on-line checking are described, as well as a newer technique, Certificate Revocation Trees (CRTs), based on Merkle hash trees. CRTs provide an efficient and highly-scalable way to distribute revocation information. CRT-based systems include Tree Issuers who compile revocation information, Confirmation Issuers who distribute elements from CRTs, and users who accept certificates. CRTs are gaining increased use worldwide for several reasons. They can be used with existing protocols and certificates, and enable the secure, reliable, scalable, and inexpensive validation of certificates (as well as digital signatures and other data).
Preview
Unable to display preview. Download preview PDF.
References
“Information Technology — Open Systems Interconnection — The Directory: Authentication Framework,” ITU-T Recommendation X.509 (1197 E), June 1997.
P. Kocher and A. Malpani, “Certificate Revocation Trees,” ValiCert Inc. Technical Specification, http://www.valicert.com.
R. Merkle, “Secrecy, Authentication, and Public Key Systems,” Ph.D. Dissertation, Department of Electrical Engineering, Stanford University, 1979.
National Institute of Standards and Technology, “Secure Hash Standard,” Federal Information Processing Standards Publication 180-1, April 1995.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kocher, P.C. (1998). On certificate revocation and validation. In: Hirchfeld, R. (eds) Financial Cryptography. FC 1998. Lecture Notes in Computer Science, vol 1465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055481
Download citation
DOI: https://doi.org/10.1007/BFb0055481
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64951-9
Online ISBN: 978-3-540-53918-6
eBook Packages: Springer Book Archive