On certificate revocation and validation
Cryptosystems need to check whether the certificates and digital signatures they are given are valid before accepting them. In addition to providing cryptographically secure validity information, certificate revocation systems must satisfy a variety of challenging technical requirements. The traditional revocation techniques of Certificate Revocation Lists (CRLs) and on-line checking are described, as well as a newer technique, Certificate Revocation Trees (CRTs), based on Merkle hash trees. CRTs provide an efficient and highly-scalable way to distribute revocation information. CRT-based systems include Tree Issuers who compile revocation information, Confirmation Issuers who distribute elements from CRTs, and users who accept certificates. CRTs are gaining increased use worldwide for several reasons. They can be used with existing protocols and certificates, and enable the secure, reliable, scalable, and inexpensive validation of certificates (as well as digital signatures and other data).
Unable to display preview. Download preview PDF.