An Intranet Security Framework Based on Short-Lived Certificates
IEEE Internet Computing
On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A Model of Certificate Revocation
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A More Efficient Use of Delta-CRLs
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Enhanced Certificate Revocation System
Enhanced Certificate Revocation System
| Hi-index | 0.00 |
PKI based applications use digitally signed certificates to bind public keys to user identities. Some digital certificates need to be revoked before their scheduled expiry. Certificate revocation is an important yet burdensome aspect of PKI. In this paper, we present the augmented CRL scheme, a simple yet novel extension to delta-CRLs. Using this scheme, certificate verifying clients need not download base CRLs yet can construct the same using augmented CRLs. We exploit the similarity between X.509 base and delta-CRL data structures. We show that the augmented CRL scheme provides significant bandwidth savings compared to existing CRL based schemes. The amount of downloaded CRL data is also much less compared to earlier schemes. Our scheme is simple, scalable and can easily be integrated into existing CRL based revocation schemes.