Ofigsbø M.H., Mjølsnes S.F., Heegaard P., Nilsen L. (2010) Reducing the Cost of Certificate Revocation: A Case Study. In: Martinelli F., Preneel B. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2009. Lecture Notes in Computer Science, vol 6391. Springer, Berlin, Heidelberg
We investigate how to reduce the cost of certificate revocation in the PKI system of UNINETT (The Internet of Norwegian Universities and Colleges), by analyzing and characterizing existing users’ needs and behavior. The focus is on how to reduce the number of revoked certificates and bandwidth consumption in order to achieve better scalability. We distinguish between three main types of revocation mechanisms: list pull, list push, and short validity period. We try to find the optimal parameter values with respect to revocation method, the number of groups, group size, validity period duration, application type access, and certificate security policy. The current user categories are permanent employees, temporary employees and students. This paper analyzes the collected empirical data for how long the users actually stay in the system, and the reasons and frequency of user terminations that require certificate revocations, and then models the consequences for certificate revocation.