Evaluation of certificate validation mechanisms

Authors:
T. Perlines Hormann;K. Wrona;S. Holtmanns
Affiliations:
-;-;-
Venue:
Computer Communications
Year:
2006

Citing 16
Cited 4

Digital certificates: a survey of revocation methods

MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
Applying lightweight directory access protocol service on session certification authority

Computer Networks: The International Journal of Computer and Telecommunications Networking
Evaluation of Certificate Revocation Policies: OCSP vs. Overissued-CRL

DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
On Certificate Revocation and Validation

FC '98 Proceedings of the Second International Conference on Financial Cryptography
Fast Checking of Individual Certificate Revocation on Small Systems

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Model of Certificate Revocation

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Certificate Revocation the Responsible Way

CSDA '98 Proceedings of the Conference on Computer Security, Dependability, and Assurance: From Needs to Solutions
Security Aspects in Standard Certificate Revocation Mechanisms: A Case Study for OCSP

ISCC '02 Proceedings of the Seventh International Symposium on Computers and Communications (ISCC'02)
Implementation of an Efficient Authenticated Dictionary for Certificate Revocation

ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
A Certificate Revocation Scheme for a Large-Scale Highly Replicated Distributed System

ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
A More Efficient Use of Delta-CRLs

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Certificate Revocation

Efficient Certificate Revocation
ADoCSI: towards a transparent mechanism for disseminating Certificate Status Information

Computer Communications
Towards a framework for evaluating certificate status information mechanisms

Computer Communications
Virtual certificates and synthetic certificates: new paradigms for improving public key validation

Computer Communications
Certificate revocation and certificate update

IEEE Journal on Selected Areas in Communications

Design and implementation of wireless PKI technology suitable for mobile phone in mobile-commerce

Computer Communications
XML security - A comparative literature review

Journal of Systems and Software
H-OCSP: A protocol to reduce the processing burden in online certificate status validation

Electronic Commerce Research
Impact of the revocation service in PKI prices

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security

Quantified Score

Hi-index	0.24

Visualization

Abstract

In this article we evaluate different certificate validation mechanisms to be possibly used within the Wireless Public Key Infrastructure (W-PKI). An implementation of a standard compliant signed content application offering full PKI functionality served as means for evaluating different mechanisms. We compared short-lived certificates, Certificate Revocation Lists (CRLs), the Online Certificate Status Protocol (OCSP) and the XML Key Management Specification (XKMS) with regard to security, interoperability, complexity and performance in terms of size and scalability. The evaluation has lead to propose OCSP for delegated certificate validation. It has to be pointed out though, that OCSP should be enhanced with full delegation capabilities, such as the ones offered by XKMS.