Internet Privacy Enhanced Mail
Communications of the ACM - Special issue on internetworking
Receiver-driven layered multicast
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Certificate Recocation: Mechanics and Meaning
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Can We Eliminate Certificate Revocations Lists?
FC '98 Proceedings of the Second International Conference on Financial Cryptography
On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Revocation: Options and Challenges
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Online Certificate Status Checking in Financial Transactions: The Case for Re-issuance
FC '99 Proceedings of the Third International Conference on Financial Cryptography
Certificate Revocation the Responsible Way
CSDA '98 Proceedings of the Conference on Computer Security, Dependability, and Assurance: From Needs to Solutions
Efficient Certificate Revocation
Efficient Certificate Revocation
Certificate revocation and certificate update
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Public Key distribution with secure DNS
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Merging and extending the PGP and PEM trust models-the ICE-TEL trust model
IEEE Network: The Magazine of Global Internetworking
Efficient fault-tolerant certificate revocation
Proceedings of the 7th ACM conference on Computer and communications security
COCA: A secure distributed online certification authority
ACM Transactions on Computer Systems (TOCS)
Nonmonotonicity, User Interfaces, and Risk Assessment in Certificate Revocation
FC '01 Proceedings of the 5th International Conference on Financial Cryptography
Tradeoffs in certificate revocation schemes
ACM SIGCOMM Computer Communication Review
Fine-grained control of security capabilities
ACM Transactions on Internet Technology (TOIT)
Using certified policies to regulate E-commerce transactions
ACM Transactions on Internet Technology (TOIT)
Secure attribute-based systems
Proceedings of the 13th ACM conference on Computer and communications security
TARP: Ticket-based address resolution protocol
Computer Networks: The International Journal of Computer and Telecommunications Networking
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Optimized Certificates --- A New Proposal for Efficient Electronic Document Signature Validation
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
Empirical Analysis of Certificate Revocation Lists
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Certificate revocation release policies
Journal of Computer Security
Secure attribute-based systems
Journal of Computer Security
Reducing the cost of certificate revocation: a case study
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Impeding individual user profiling in shopper loyalty programs
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
The massive growth of electronic commerce on the Internet heightens concerns over the lack of meaningful certificate management. One issue limiting the availability of such services is the absence of scalable certificate revocation. The use of certificate revocation lists (CRLs) to convey revocation state in public key infrastructures has long been the subject of debate. Centrally, opponents of the technology attribute a range of semantic and technical limitations to CRLs. In this paper, we consider arguments advising against the use of CRLs made principally by Rivest. in his paper "Can we eliminate certificate revocation lists?" [1]. Specifically, the assumptions and environments on which these arguments are based are separated from those features inherent to CRLs. We analyze the requirements and potential solutions for three distinct PKI environments. The fundamental tradeoffs between revocation technologies are identified. From the case study analysis we show how, in some environments, CRLs are the most efficient vehicle for distributing revocation state. The lessons learned from our case studies are applied to a realistic PKI environment. The result, revocation on demand, is a CRL based mechanism providing timely revocation information.