Name
Abstract | ||
|---|---|---|
Electronic commerce is becoming more and more commonplace, but security is still a major concern. To provide security, a good
public-key infrastructure (PKI) is needed. However, PKIs have been slow in developing, with one of the major difficulties
being the creation of certification authorities (CAs), and in particular, dealing with the problem of certificate revocation.
We propose a new solution to this problem.
Our solution is based on the idea that individually signed certificates provide little information over any significant time
period, given that they may be revoked. That is, after a certain amount of time, a certificate is not useful without some
more recent knowledge that it has not been revoked. In all previous work, this has either been handled by off-line/on-line
schemes, which require costly updates by the CA for every outstanding certificate for every update period, or by certificate
revocation lists/trees.
We propose a system called EFECT (Easy Fast Efficient Certification Technique), which combines the best properties of individual
certificates and certificate revocation trees. We show that EFECT allows CAs to be more secure, even while providing more frequent freshness updates for certificates, and making certification verification extremely lightweight. We compare EFECT to previously proposed systems, including traditional X.509 certificates and Certificate Revocation Lists
(CRLs), SDSI/SPKI, Micali’s Certificate Revocation System (CRS), Kocher’s Certificate Revocation Trees (CRTs), and Naor and
Nissim’s 2-3 Certificate Revocation Trees (23CRTs). Finally, we discuss some novel qualities of EFECT that no previous solution
possesses.
|
Year | DOI | Venue |
|---|---|---|
2000 | 10.1007/978-3-540-46588-1_23 | Public Key Cryptography |
Keywords | Field | DocType |
fresh cerification,public key infrastructure,certificate revocation list,electronic commerce,certificate authority | Root certificate,Online Certificate Status Protocol,Revocation list,X.509,Computer science,Computer security,Self-signed certificate,Public key certificate,Certificate authority,Chain of trust,Distributed computing | Conference |
ISBN | Citations | PageRank |
3-540-66967-1 | 33 | 2.60 |
References | Authors | |
7 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Irene Gassko | 1 | 34 | 3.14 |
| Peter Gemmell | 2 | 675 | 108.87 |
| Philip D. MacKenzie | 3 | 1171 | 74.21 |