Abstract
Good public-key infrastructures (PKIs) are essential to make electronic commerce secure. Quite recently, certificate verification trees (CVTs) have been introduced as a tool for implementation of large-scale certification authorities (CAs). In most aspects, the CVT approach outperforms previous approaches like X.509 and certificate revocation lists, SDSI/SPKI, certificate revocation trees, etc. However, there is a tradeoff between manageability for the CA and response time for the user: CVT-based certification as initially proposed is synchronous, i.e. certificates are only issued and revoked at the end of a CVT update period (typically once a day). Assuming that the user is represented by a smart card, we present here solutions that preserve all advantages of CVTs while relaxing the aforementioned synchronization requirement. If short-validity certificates are used, implicit revocation provided by the proposed solutions completely eliminates the need for the signature verifier to check any revocation information (CRLs, CRTs, etc.).
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35413-2_36
Chapter PDF
References
S. Berkovits, S. Chokhani, J. A. Furlong, J. A. Geiter and J. C. Guild. Public Key Infrastructure Study: Final Report. The Mitre Corporation, 1994.
C. M. Ellison. SPKI Certificate Documentation, 1998. http://www.clark.net/pub/cme/html/spki.html
I. Gassko, P. S. Gemmell and P. MacKenzie. Efficient and fresh certification. In Public Key Cryptography’2000, pages 342–353, 2000. Springer-Verlag LNCS 1751.
P. Kocher. A quick introduction to certificate revocation trees (CRTs), 2000. http://www.valicert.com/technology
R. Merkle. A certified digital signature. In Advances in Cryptology - Crypto’89, pages 218–238, 1990. Springer-Verlag, LNCS 435.
S. Micali. Efficient certificate revocation. In RSA Data Security Conference. San Francisco CA, January 1997.
M. Naor and K. Nissim. Certificate revocation and certificate update. In Proceedings of 7th Usenix Security Symposium. San Antonio TX, January 1998.
R. L. Rivest. Can we eliminate certificate revocation lists? In Financial Cryptography’98, pages 178–193, 1998. Springer-Verlag, LNCS 1465.
R. L. Rivest and B. Lampson. SDSI-A Simple Distributed Security Infrastructure, 2000. http://www.theory.lcs.mit.edutcis/sdsi.html
D. Stinson. Cryptography: Theory and Practice. CRC Press, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Domingo-Ferrer, J., Alba, M., Sebé, F. (2001). Asynchronous Large-Scale Certification Based on Certificate Verification Trees. In: Steinmetz, R., Dittman, J., Steinebach, M. (eds) Communications and Multimedia Security Issues of the New Century. IFIP — The International Federation for Information Processing, vol 64. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35413-2_17
Download citation
DOI: https://doi.org/10.1007/978-0-387-35413-2_17
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-4811-6
Online ISBN: 978-0-387-35413-2
eBook Packages: Springer Book Archive