Skip to main content

Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation

Position Paper

  • Conference paper
  • First Online:
Financial Cryptography (FC 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2339))

Included in the following conference series:

  • 618 Accesses

Abstract

We consider certificate revocation from three high-level perspectives: temporal nonmonotonicity, user interfaces, and risk management. We argue that flawed understanding of these three aspects of revocation schemes has caused these schemes to be unnecessarily costly, complex, and confusing. We also comment briefly on some previous works, including those of Rivest [16], Fox and LaMacchia [5], and McDaniel and Rubin [11].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Carlisle Adams and Robert Zuccherato, “A General, Flexible Approach to Certificate Revocation,” June 1998. http://www.entrust.com/resourcecenter/pdf/certrev.pdf.

  2. Carlisle Adams and Stephen Farrell, “Internet X.509 Public Key Infrastructure Certificate Management Protocols,” IETF RFC 2510, March 1999. http://www.ietf.org/rfc/rfc2510.txt.

  3. David A. Cooper, “A Closer Look at Revocation and Key Compromise in Public Key Infrastructures,” in Proceedings of the 21st National Information Systems Security Conference, pp. 555–565, October 1998. http://csrc.nist.gov/nissc/1998/proceedings/paperG2.pdf.

  4. David A. Cooper, “A More Efficient Use of Delta-CRLs,” in Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 190–202, May 2000. http://csrc.nist.gov/pki/documents/sliding_window.pdf.

  5. Barbara Fox and Brian LaMacchia, “Certificate Revocation: Mechanics and Meaning,” in FC’98 [7], pp. 158–164, 1998. http://www.farcaster.com/paperc/fc98/fc98.ps.

    Google Scholar 

  6. Carl A. Gunter and Trevor Jim, “Generalized Certificate Revocation,” in Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2000), pp. 316–329, January 2000. http://www.cis.upenn.edu/~qcm/papers/popl00.pdf.

  7. Rafael Hirschfeld (editor), Financial Cryptography: Second International Conference (FC’98), Lecture Notes in Computer Science, vol. 1465, Springer, February 1998.

    MATH  Google Scholar 

  8. Russell Housley, Warwick Ford, Tim Polk, and David Solo, “Internet X.509 Public Key Infrastructure Certificate and CRL Profile,” IETF RFC 2459, Janurary 1999. http://www.ietf.org/rfc/rfc2459.txt.

  9. Paul Kocher, “On Certificate Revocation and Validation,” inFC’98 [7], pp. 172–177, 1998.

    Google Scholar 

  10. Patrick McDaniel and Sugih Jamin, “Windowed Certificate Revocation,” in Proceedings of IEEE Infocom 2000, pp. 1406–1414, March 2000. http://www.eecs.umich.edu/~pdmcdan/docs/info2000.pdf.

  11. Patrick McDaniel and Aviel Rubin, “A Response to ‘Can We Eliminate Certificate Revocation Lists?’,” in Proceedings of Financial Cryptography 2000, February 2000. http://www.eecs.umich.edu/~pdmcdan/docs/finc00.pdf.

  12. Silvio Micali, “Efficient Certificate Revocation,” Technical Report TM-542b, MIT Laboratory for Computer Science, March, 1996. ftp://ftp.lcs.mit.edu/pub/lcs-pubs/tm.outbox/MIT-LCS-TM-542b.ps.gz.

  13. Michael Myers, “Revocation: Options and Challenges,” inFC’98 [7], pp. 165–171, 1998.

    Google Scholar 

  14. Michael Myers, Rich Ankney, Ambarish Malpani, Slava Galperin, and Carlisle Adams, “X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP,” IETF RFC 2560, June 1999. http://www.ietf.org/rfc/rfc2560.txt.

  15. Moni Naor and Kobbi Nissim, “Certificate Revocation and Certificate Update,” in Proceedings of the 7th USENIX Security Symposium, pp. 217–228, January 1998. http://www.wisdom.weizmann.ac.il/~kobbi/papers/revoke_usenix.ps.

  16. Ronald L. Rivest, “Can We Eliminate Certificate Revocation Lists?” inFC’98 [7], pp. 178–183, 1998. http://theory.lcs.mit.edu/~rivest/revocation.ps.

    Google Scholar 

  17. Stuart G. Stubblebine, “Recent-Secure Authentication: Enforcing Revocation in Distributed Systems,” in Proceedings of the 1995 IEEE Symposium on Research in Security and Privacy, pp. 224–234, May 1995. http://www.stubblebine.com/95oak.pdf.

  18. Stuart G. Stubblebine and Rebbeca N. Wright, “An Authentication Logic Supporting Synchronization, Revocation, and Recency,” in Proceedings of the Third ACM Conference on Computer and Communications Security, pp. 95–105, March 1996. http://www.stubblebine.com/96ccs.pdf.

  19. Rebecca N. Wright, Patrick D. Lincoln, and Jonathan K. Millen, “Efficient Fault-Tolerant Certificate Revocation,” in Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), November 2000. http://www.research.att.com/~rwright/ccs00.ps.

  20. Committee on Information Systems Trustworthiness, National Research Council, Trust in Cyberspace, National Academy Press, 1999. http://www.nap.edu/html/trust/.

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, N., Feigenbaum, J. (2002). Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation. In: Syverson, P. (eds) Financial Cryptography. FC 2001. Lecture Notes in Computer Science, vol 2339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46088-8_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-46088-8_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44079-6

  • Online ISBN: 978-3-540-46088-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics