Abstract
Public-key cryptography is fast becoming the foundation for those applications that require security and authentication in open networks. But the widespread use of a global public-key cryptosystem requires that public-key certificates are always available and up-to-date. Problems associated to digital certificates management, like storage, retrieval, maintenance, and, specially, revocation, require special procedures that ensure reliable features because of the critical significance of inaccuracies. Most of the existing systems use a Certificate Revocation List, a repository of certificates that have been revoked before their expiration date. The need to access CRLs in order to check certificate revocations becomes a performance handicap. Furthermore, they introduce a source of vulnerability in the whole security infrastructure, as it is impossible to produce a new CRL each time a revocation takes place. This paper introduces an alternative for the storage of digital certificates that avoids the use of CRLs. The system is designed to provide a distributed management of digital certificates by using Certification Authorities that, while being part of a whole Public-Key Infrastructure, operate over local certificates databases. Communication protocols between local databases have been designed to minimize network traffic without a lack of security and efficiency.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
W. Diffie, M. Hellman, ”New Directions in Cryptography”, IEEE Transactions on Information Theory. IT-22, n. 6. 1976, pp. 644–654.
IlpfWorking Group on Certification Authority Practices, ” The Role of Certification Authorities in Consumer Transactions”, Internet Law and Policy Forum, 1997.
ISO International Standard 9594, ” Information Technology-Open Systems Interconnection Reference Model: The Directory”, 1988.
W. Ford, M. Baum, ” Secure Electronic Commerce”, Prentice-Hall, 1997.
International Telecommunication Union, Itu-t recommendation x.509, ” Information technology-Open Systems Interconnection-The Directory: Authentication Framework”, 1997.
P. Mockapetris, ” DNS Encoding of Network Names and Other Types”, Request for Comment 1101, 1989.
D. Eastlake, C. Kaufman, ” Domain Name System Security Extensions”, Request for Comment 2065, 1997.
D. Eastlake, ” Secure Domain Name System Dynamic Update”, Request for Comment 2137, 1997.
European Commission, ” Proposal for a European Parliament and Council Directive on a Common Framework for Electronic Signatures”, COM(1998) 297 final, 1998.
J. Lopez, A. Mana, J. Ortega, J. M. Troya, ” Cert’eM: Certification System Based on Electronic Mail Service Structure”, Secure Networking-CQRE’99, LNCS 1740, Springer, 1999.
A. Mana, F. Villalba, J. Lopez, ” Secure Examinations Through The Internet”, Proceedings of Teleteaching’98, IFIP World Computer Congress, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lopez, J., Mana, A., Ortega, J.J., Troya, J.M. (2000). Distributed Storage and Revocation in Digital Certificate Databases. In: Ibrahim, M., Küng, J., Revell, N. (eds) Database and Expert Systems Applications. DEXA 2000. Lecture Notes in Computer Science, vol 1873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44469-6_87
Download citation
DOI: https://doi.org/10.1007/3-540-44469-6_87
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67978-3
Online ISBN: 978-3-540-44469-5
eBook Packages: Springer Book Archive