Can we eliminate certificate revocation lists?

  • Ronald L. Rivest
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1465)


We briefly consider certificate revocation lists (CRLs), and ask whether they could, and should, be eliminated, in favor of other mechanisms. In most cases, the answer seems to be “yes.” We suggest some possible replacement mechanisms.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Carl M. Ellison. SPKI certificate documentation. (See, 1998.Google Scholar
  2. 2.
    Loren M. Kohnfelder. Towards a practical public-key cryptosystem. B.S. Thesis, supervised by L. Adleman, May 1978.Google Scholar
  3. 3.
    Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.Google Scholar
  4. 4.
    Silvio Micali. Efficient certificate revocation. Technical Report TM-542b, MIT Laboratory for Computer Science, March 22, 1996.Google Scholar
  5. 5.
    Moni Naor and Kobbi Nissim. Certificate revocation and certificate update. In Proceedings 7th USENIX Security Symposium (San Antonio, Texas), Jan 1998.Google Scholar
  6. 6.
    Ronald L. Rivest and Butler Lampson. SDSI-a simple distributed security infrastructure. (see SDSI web page at cis/sdsi.html).Google Scholar
  7. 7.
    Stuart Stubblebine. Recent-secure authentication: Enforcing revocation in distributed systems. In Proceedings 1995 IEEE Symposium on Research in Security and Privacy, pages 224–234, May 1995. (Oakland).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Ronald L. Rivest
    • 1
  1. 1.MIT Laboratory for Computer ScienceCambridge

Personalised recommendations