Revocation

  • Johannes A. Buchmann
  • Evangelos Karatsiolis
  • Alexander Wiesmaier
Chapter
First Online:

Abstract

The validity period of certificates may be quite long. For example, X.509 SSL server certificates are typically valid for at least 2 years. However, it may happen that during the validity period a certificate has to be invalidated, for example, if the private key that corresponds to the public key in the certificate has been compromised. The process of invalidating the certificate before its expiration time is called revocation. In this chapter, we discuss revocation and strategies to publish revocation information.

Keywords

Retention Interval Validity Period Distribution Point Expiration Date Revocation Status 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    A. Årnes, M. Just, S.V. Knapskog, S. Lloyd, H. Meijer, Selecting revocation solutions for PKI, in Proceedings of NORDSEC 2000 Fifth Nordic Workshop on Secure IT Systems, 2000. http://www.pvv.ntnu.no/~andrearn/certrev/
  2. 2.
    D.A. Cooper, A model of certificate revocation, in Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99), Scottsdale, 1999, pp. 256–264Google Scholar
  3. 3.
    D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk, Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, in IETF Request for Comments, 5280, May 2008Google Scholar
  4. 4.
    A. Deacon, R. Hurst, The lightweight online certificate status protocol (OCSP) profile for high-volume environments, in IETF Request for Comments, 5019, Sept 2007Google Scholar
  5. 5.
    F.F. Elwailly, C. Gentry, Z. Ramzan, QuasiModo: efficient certificate validation and revocation, in Proceedings of the 7th International Workshop on Theory and Practice in Public Key Cryptography, PKC 2004, Singapore, 2004. Volume 2947 of Lecture Notes in Computer Science, pp. 375–388Google Scholar
  6. 6.
    S. Micali, Novomodo – scalable certificate validation and simplified PKI management, in Online Proceedings of the 1st Annual PKI Research Workshop, 2002. http://www.cs.dartmouth.edu/~pki02/
  7. 7.
    M. Myers, Revocation: options and challenges, in Proceedings of Financial Cryptography, Second International Conference, FC’98, Anguilla, 1998. Volume 1465 of Lecture Notes in Computer Science, pp. 165–171Google Scholar
  8. 8.
    M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, X.509 Internet public key infrastructure online certificate status protocol – OCSP, in IETF Request for Comments, 2560, June 1999Google Scholar
  9. 9.
    K. Scheibelhofer, PKI without revocation checking, in Online Proceedings of the 4th Annual PKI R&D Workshop, Apr 2005. http://middleware.internet2.edu/pki05/proceedings/

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Johannes A. Buchmann
    • 1
  • Evangelos Karatsiolis
    • 2
  • Alexander Wiesmaier
    • 3
  1. 1.FB InformatikTU DarmstadtDarmstadtGermany
  2. 2.FlexSecure GmbHDarmstadtGermany
  3. 3.AGT InternationalDarmstadtGermany

Personalised recommendations