Can we eliminate certificate revocation lists?
We briefly consider certificate revocation lists (CRLs), and ask whether they could, and should, be eliminated, in favor of other mechanisms. In most cases, the answer seems to be “yes.” We suggest some possible replacement mechanisms.
Unable to display preview. Download preview PDF.
- 1.Carl M. Ellison. SPKI certificate documentation. (See http://www.clark.net/pub/cme/html/spki.html), 1998.Google Scholar
- 2.Loren M. Kohnfelder. Towards a practical public-key cryptosystem. B.S. Thesis, supervised by L. Adleman, May 1978.Google Scholar
- 3.Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
- 4.Silvio Micali. Efficient certificate revocation. Technical Report TM-542b, MIT Laboratory for Computer Science, March 22, 1996.Google Scholar
- 5.Moni Naor and Kobbi Nissim. Certificate revocation and certificate update. In Proceedings 7th USENIX Security Symposium (San Antonio, Texas), Jan 1998.Google Scholar
- 6.Ronald L. Rivest and Butler Lampson. SDSI-a simple distributed security infrastructure. (see SDSI web page at http://theory.lcs.mit.edu/ cis/sdsi.html).Google Scholar
- 7.Stuart Stubblebine. Recent-secure authentication: Enforcing revocation in distributed systems. In Proceedings 1995 IEEE Symposium on Research in Security and Privacy, pages 224–234, May 1995. (Oakland).Google Scholar