Abstract
We consider certificate revocation from three high-level perspectives: temporal nonmonotonicity, user interfaces, and risk management. We argue that flawed understanding of these three aspects of revocation schemes has caused these schemes to be unnecessarily costly, complex, and confusing. We also comment briefly on some previous works, including those of Rivest [16], Fox and LaMacchia [5], and McDaniel and Rubin [11].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Carlisle Adams and Robert Zuccherato, “A General, Flexible Approach to Certificate Revocation,” June 1998. http://www.entrust.com/resourcecenter/pdf/certrev.pdf.
Carlisle Adams and Stephen Farrell, “Internet X.509 Public Key Infrastructure Certificate Management Protocols,” IETF RFC 2510, March 1999. http://www.ietf.org/rfc/rfc2510.txt.
David A. Cooper, “A Closer Look at Revocation and Key Compromise in Public Key Infrastructures,” in Proceedings of the 21st National Information Systems Security Conference, pp. 555–565, October 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperG2.pdf.
David A. Cooper, “A More Efficient Use of Delta-CRLs,” in Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 190–202, May 2000. http://csrc.nist.gov/pki/documents/sliding_window.pdf.
Barbara Fox and Brian LaMacchia, “Certificate Revocation: Mechanics and Meaning,” in FC’98 [7], pp. 158–164, 1998. http://www.farcaster.com/paperc/fc98/fc98.ps.
Carl A. Gunter and Trevor Jim, “Generalized Certificate Revocation,” in Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 316–329, January 2000. http://www.cis.upenn.edu/~qcm/papers/popl00.pdf.
Rafael Hirschfeld (editor), Financial Cryptography: Second International Conference (FC’98), Lecture Notes in Computer Science, vol. 1465, Springer, February 1998.
Russell Housley, Warwick Ford, Tim Polk, and David Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” IETF RFC 2459, Janurary 1999. http://www.ietf.org/rfc/rfc2459.txt.
Paul Kocher, “On Certificate Revocation and Validation,” inFC’98 [7], pp. 172–177, 1998.
Patrick McDaniel and Sugih Jamin, “Windowed Certificate Revocation,” in Proceedings of IEEE Infocom 2000, pp. 1406–1414, March 2000. http://www.eecs.umich.edu/~pdmcdan/docs/info2000.pdf.
Patrick McDaniel and Aviel Rubin, “A Response to ‘Can We Eliminate Certificate Revocation Lists?’,” in Proceedings of Financial Cryptography 2000, February 2000. http://www.eecs.umich.edu/~pdmcdan/docs/finc00.pdf.
Silvio Micali, “Efficient Certificate Revocation,” Technical Report TM-542b, MIT Laboratory for Computer Science, March, 1996. ftp://ftp.lcs.mit.edu/pub/lcs-pubs/tm.outbox/MIT-LCS-TM-542b.ps.gz.
Michael Myers, “Revocation: Options and Challenges,” inFC’98 [7], pp. 165–171, 1998.
Michael Myers, Rich Ankney, Ambarish Malpani, Slava Galperin, and Carlisle Adams, “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP,” IETF RFC 2560, June 1999. http://www.ietf.org/rfc/rfc2560.txt.
Moni Naor and Kobbi Nissim, “Certificate Revocation and Certificate Update,” in Proceedings of the 7th USENIX Security Symposium, pp. 217–228, January 1998. http://www.wisdom.weizmann.ac.il/~kobbi/papers/revoke_usenix.ps.
Ronald L. Rivest, “Can We Eliminate Certificate Revocation Lists?” inFC’98 [7], pp. 178–183, 1998. http://theory.lcs.mit.edu/~rivest/revocation.ps.
Stuart G. Stubblebine, “Recent-Secure Authentication: Enforcing Revocation in Distributed Systems,” in Proceedings of the 1995 IEEE Symposium on Research in Security and Privacy, pp. 224–234, May 1995. http://www.stubblebine.com/95oak.pdf.
Stuart G. Stubblebine and Rebbeca N. Wright, “An Authentication Logic Supporting Synchronization, Revocation, and Recency,” in Proceedings of the Third ACM Conference on Computer and Communications Security, pp. 95–105, March 1996. http://www.stubblebine.com/96ccs.pdf.
Rebecca N. Wright, Patrick D. Lincoln, and Jonathan K. Millen, “Efficient Fault-Tolerant Certificate Revocation,” in Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), November 2000. http://www.research.att.com/~rwright/ccs00.ps.
Committee on Information Systems Trustworthiness, National Research Council, Trust in Cyberspace, National Academy Press, 1999. http://www.nap.edu/html/trust/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, N., Feigenbaum, J. (2002). Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation. In: Syverson, P. (eds) Financial Cryptography. FC 2001. Lecture Notes in Computer Science, vol 2339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46088-8_16
Download citation
DOI: https://doi.org/10.1007/3-540-46088-8_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44079-6
Online ISBN: 978-3-540-46088-6
eBook Packages: Springer Book Archive