On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A More Efficient Use of Delta-CRLs
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
On the release of CRLs in public key infrastructure
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Certificate revocation and certificate update
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Efficient certificate revocation system implementation: Huffman Merkle Hash Tree (HuffMHT)
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Augmented certificate revocation lists
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
| Hi-index | 0.01 |
In this paper, we present the Tree-List Certificate Validation (TLCV) scheme, which uses a novel tree-list structure to provide efficient certificate validation. Under this scheme, users in a public-key infrastructure (PKI) are partitioned into clusters and a separate blacklist of revoked certificates is maintained for each cluster. The validation proof for each cluster's blacklist comes in the form of a hash path and a digital signature, similar to that used in a Certificate Revocation Tree (CRT) [1]. A simple algorithm to derive an optimal number of clusters that minimizes the TLCV response size was described. The benefits and shortcomings of TLCV were examined. Simulations were carried out to compare TLCV against a few other schemes and the performance metrics that were examined include computational overhead, network bandwidth, overall user delay and storage overhead. In general, we find that TLCV performs relatively well against the other schemes in most aspects.