Abstract
We present a simple yet clever extension to the delta certificate revocation list(CRL) [1], the augmented certificate revocation list (ACRL). ACRLs contain revocation updates only and certificate verifiers construct complete CRLs locally. Locally constructed complete CRLs are identical to complete CRLs issued by the CRL issuer. So certificate verifiers need not download complete CRLs. ACRLs are much smaller in size compared to complete CRLs providing significant network savings. Contrary to existing opinion – that CRLs cannot provide efficient online certificate status – we present an ACRL based online certificate status scheme which has many advantages over OCSP [2]. ACRLs are backward compatible and can easily be integrated into existing X.509 CRL based schemes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ITU-T. Information technology - Open systems interconnection - The directory: Public-key and attribute certificate frameworks, ITU-T Recommendation X.509 (V4) (2000)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 2560 (June 1999)
Cooper, D.A.: A model of certificate revocation. In: Proceedings of the 15th annual computer security applications conference (December 1999), http://csrc.nist.gov/pki/PKImodels/
Cooper, D.A.: A more efficient use of delta CRLs. In: Proceedings of the IEEE symposium on security and privacy (May 2000), http://csrc.nist.gov/pki/PKImodels/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lakshminarayanan, A., Lim, T.L. (2006). Augmented Certificate Revocation Lists. In: Batten, L.M., Safavi-Naini, R. (eds) Information Security and Privacy. ACISP 2006. Lecture Notes in Computer Science, vol 4058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11780656_8
Download citation
DOI: https://doi.org/10.1007/11780656_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35458-1
Online ISBN: 978-3-540-35459-8
eBook Packages: Computer ScienceComputer Science (R0)