Certificate revocation: Mechanics and meaning

  • Barbara Fox
  • Brian LaMacchia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1465)


Revocation of public key certificates is controversial in every aspect: methodology, mechanics, and even meaning. This isn't so surprising, though, when considered in the context of current public key infrastructure (PKI) implementations. PKIs are still immature; consumers, including application developers and end-users, are just beginning to understand the implications of large-scale, heterogeneous PKIs, let alone PKI subtleties such as revocation. In this paper, which is the product of a panel discussion at Financial Cryptography '98, we illustrate some of the semantic meanings possible with current certificate revocation technology and their impact on the process of determining trust relationships among public keys in the PKI. Further, we postulate that real-world financial applications provide analogous and appropriate models for certificate revocation.


Credit Card Certificate Authority Certificate Chain Certificate Revocation Certificate Revocation List 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Warwick Ford and Michael Baum, Secure Electronic Commerce, Prentice Hall, 1997.Google Scholar
  2. 2.
    OpenPGP Working Group, Internet Engineering Task Force. “OP Formats — OpenPGP Message Format,” Jon Callas, Lutz Donnerhacke, Hal Finney, and Rodney Thayer, eds., work in progress. (Draft as of March, 1998, available from http://www.ietf.org/internet-drafts/draft-ietf-openpgp-formats-01.txt.)Google Scholar
  3. 3.
    J. O'Reilley. Information Security Strategies (ISS), Research Note, Key Issue Analysis, The Gartner Group, 21 July 1997.Google Scholar
  4. 4.
    PKIX Working Group, Internet Engineering Task Force. “Internet Public Key Infrastructure: X.509 Certificate and CRL, Profile,” R. Housley, W. Ford, W. Polk, D. Solo, eds., work in progress. (Draft as of March, 1998, available from http://www.ietf.org/internet-drafts/draft-ietf-pkix-ipki-partl-07.txt.)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Barbara Fox
    • 1
  • Brian LaMacchia
    • 1
  1. 1.Microsoft CorporationRedmondUSA

Personalised recommendations