A response to “can we eliminate certificate revocation lists?”

Patrick McDaniel, Aviel Rubin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Scopus citations

Abstract

The massive growth of electronic commerce on the Internet heightens concerns over the lack of meaningful certificate management. One issue limiting the availability of such services is the absence of scalable certificate revocation. The use of certificate revocation lists (CRLs) to convey revocation state in public key infrastructures has long been the subject of debate. Centrally, opponents of the technology attribute a range of semantic and technical limitations to CRLs. In this paper, we consider arguments advising against the use of CRLs made principally by Rivest in his paper “Can we eliminate certificate revocation lists?” [1]. Specifically, the assumptions and environments on which these arguments are based are separated from those features inherent to CRLs. We analyze the requirements and potential solutions for three distinct PKI environments. The fundamental tradeoffs between revocation technologies are identified. Prom the case study analysis we show how, in some environments, CRLs are the most efficient vehicle for distributing revocation state. The lessons learned from our case studies are applied to a realistic PKI environment. The result, revocation on demand, is a CRL based mechanism providing timely revocation information.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography - 4th International Conference, FC 2000, Proceedings
EditorsYair Frankel
PublisherSpringer Verlag
Pages245-258
Number of pages14
ISBN (Print)3540427007
DOIs
StatePublished - 2001
Event4th International Conference on Financial Cryptography, FC 2000 - Anguilla, Anguilla
Duration: Feb 20 2000Feb 24 2000

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume1962
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other4th International Conference on Financial Cryptography, FC 2000
Country/TerritoryAnguilla
CityAnguilla
Period2/20/002/24/00

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'A response to “can we eliminate certificate revocation lists?”'. Together they form a unique fingerprint.

Cite this