A Model of Certificate Revocation
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A More Efficient Use of Delta-CRLs
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A practical and efficient tree-list structure for public-key certificate validation
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
| Hi-index | 0.00 |
We present a simple yet clever extension to the delta certificate revocation list(CRL) [1], the augmented certificate revocation list (ACRL). ACRLs contain revocation updates only and certificate verifiers construct complete CRLs locally. Locally constructed complete CRLs are identical to complete CRLs issued by the CRL issuer. So certificate verifiers need not download complete CRLs. ACRLs are much smaller in size compared to complete CRLs providing significant network savings. Contrary to existing opinion – that CRLs cannot provide efficient online certificate status – we present an ACRL based online certificate status scheme which has many advantages over OCSP [2]. ACRLs are backward compatible and can easily be integrated into existing X.509 CRL based schemes.