Impact of the Revocation Service in PKI Prices
The ability to communicate securely is needed for many network applications. Public key infrastructure (PKI) is the most extended solution to verify and confirm the identity of each party involved in any secure transaction and transfer trust over the network. One of the hardest tasks of a certification infrastructure is to manage revocation. Research on this topic has focused on the trade-offs that different revocation mechanisms offer. However, less effort has been paid to understand the benefits of improving the revocation policies. In this paper, we analyze the behavior of the oligopoly of certificate providers that issue digital certificates to clients facing identical independent risks. We found the prices in the equilibrium, and we proof that certificate providers that offer better revocation information are able to impose higher prices to their certificates without sacrificing market share in favor of the other oligarchs. In addition, we show that our model is able to explain the actual tendency of the SSL market where providers with worst QoS are suffering loses.
KeywordsPKI pricing SSL certificates CRLs
Unable to display preview. Download preview PDF.
- 1.Adams, C., Farrell, S.: Internet X.509 Public Key Infrastructure Certificate Management Protocols. RFC 2510, Internet Engineering Task Force (March 1999)Google Scholar
- 2.Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280, Internet Engineering Task Force (April 2002)Google Scholar
- 4.Arnes, A.: Public key certificate revocation schemes. Queen’s University. Ontario, Canada. Master Thesis (2000)Google Scholar
- 5.Cooper, D.A.: A more efficient use of Delta-CRLs. In: 2000 IEEE Symposium on Security and Privacy. Computer Security Division of NIST, pp. 190–202 (2000)Google Scholar
- 7.Ma, C., Hu, N., Li, Y.: On the release of CRLs in public key infrastructure. In: Proceedings of the 15th Conference on USENIX Security Symposium, Berkeley, CA, USA, vol. 15 (2006)Google Scholar
- 8.Hu, N., Tayi, G.K., Ma, C., Li, Y.: Certificate revocation release policies. J. Comput. Secur. 17, 127–157 (2009)Google Scholar
- 9.WhichSSL. SSL Market Share (2010), http://www.whichssl.com/ssl-market-share.html