1,904 Hits in 3.4 sec

Revocation Statuses on the Internet [article]

Nikita Korzhitskii, Niklas Carlsson
2022 arXiv   pre-print
Instead, the status of most certificates can only be checked with Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs).  ...  In practice, the problem of secure certificate revocation has not yet been solved, and today no revocation procedure (similar to Certificate Transparency w.r.t. certificate issuance) has been adopted to  ...  Instead, most browsers typically accept a certificate if they are unable to obtain revocation information [23] . • Certificate Revocation List (CRL): CAs maintain signed lists with the serial numbers  ... 
arXiv:2102.04288v3 fatcat:rdgrjil4ura3rbfgd47h6r2jqa

Privacy-enhanced electronic mail [chapter]

Matt Bishop
1991 DIMACS Series in Discrete Mathematics and Theoretical Computer Science  
Also, again unlike X.509 lists, each certification revocation list contains the date when the next certification revocation list will be issued, to ensure that the entity obtaining the certification revocation  ...  Each certificate must also be checked against the relevant certificate revocation lists, and the user must again be warned if either a revoked certificate is found or a certificate revocation list cannot  ... 
doi:10.1090/dimacs/002/05 dblp:conf/dimacs/Bishop89 fatcat:ygqfuqtaxrdfvbvq6vhyv5n46e

RITM: Revocation in the Middle

Pawel Szalachowski, Laurent Chuat, Taeho Lee, Adrian Perrig
2016 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS)  
We present RITM, a framework in which middleboxes (as opposed to clients, servers, or certification authorities) store revocation-related data.  ...  Additionally, RITM keeps certification authorities accountable for the revocations that they have issued, and it minimizes overhead at clients and servers, as they have to neither store nor download any  ...  Revocation Lists. One challenge is to find a format of revocation list that meets our requirements.  ... 
doi:10.1109/icdcs.2016.91 dblp:conf/icdcs/SzalachowskiCLP16 fatcat:x2u7xku3rbfhti3ivukjtzkgm4

Efficient and Fresh Certification [chapter]

Irene Gassko, Peter S. Gemmell, Philip MacKenzie
2000 Lecture Notes in Computer Science  
We compare EFECT to previously proposed systems, including traditional X.509 certificates and Certificate Revocation Lists (CRLs), SDSI/SPKI, Micali's Certificate Revocation System (CRS), Kocher's Certificate  ...  lists/trees.  ...  X.509 Certificates and Certificate Revocation Lists (CRL) Certificate Revocation Lists (CRLs) used with X.509 certificates is the standard certificate revocation scheme that is currently being deployed  ... 
doi:10.1007/978-3-540-46588-1_23 fatcat:umc5bj5e3nadxa7euradihtg5i

Associative Blockchain for Decentralized PKI Transparency

Xavier Boyen, Udyani Herath, Matthew McKague, Douglas Stebila
2021 Cryptography  
and revocations for any domain.  ...  We present decentralized PKI transparency (DPKIT): a decentralized client-based approach to enforcing transparency in certificate issuance and revocation while eliminating single points of failure.  ...  Traditional revocation mechanisms, from offline Certificate Revocation Lists [7] , to Online Certificate Status Protocol (OCSP) and OCSP Stapling [8, 9] , are simply not efficient or reliable enough  ... 
doi:10.3390/cryptography5020014 fatcat:hh2jr4hd6ncwrjvul24quoavdu

Measuring the Latency and Pervasiveness of TLS Certificate Revocation [chapter]

Liang Zhu, Johanna Amann, John Heidemann
2016 Lecture Notes in Computer Science  
Today the Online Certificate Status Protocol (OCSP) is the most common way to quickly distribute revocation information.  ...  An essential part of a PKI is the ability to quickly revoke certificates, for example, after a key compromise.  ...  Two primary mechanisms exist to revoke certificates: Certificate Revocation Lists (CRLs) [8] which provide downloadable lists of revoked certificates, and the Online Certificate Status Protocol (OCSP  ... 
doi:10.1007/978-3-319-30505-9_2 fatcat:fsdsscnsmzc2tnq4kco4wp3pfm

PKI: it's not dead, just resting

P. Gutmann
2002 Computer  
X.500 tried to address this problem through certificate revocation lists.  ...  The best mechanism gives a direct indication of whether a certificate is valid or not, a slightly less useful one provides a certification revocation list (CRL) response.  ... 
doi:10.1109/mc.2002.1023787 fatcat:n3ab5heww5gb3o7dxi5fovvbua

The Internet Mail Consortium

Paul Hoffman
1998 Scientific American  
A receiving agent SHOULD have access to some certificate-revocation list (CRL) retrieval mechanism in order to gain access to certificate-revocation information when validating certificate chains.  ...  CertificateRevocationLists Receiving agents MUST support for the Certificate Revocation List (CRL) format defined in [KEYM] .  ... 
doi:10.1038/scientificamerican0398-108 fatcat:vbu4jz3lxfgerdmchzbkhikdn4


Aaron Schulman, Dave Levin, Neil Spring
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
However, certificate revocation systems are generally regarded as ineffective and potentially insecure: Some browsers bundle revocation updates with more general software updates, and may go hours, days  ...  The ability to revoke certificates is a fundamental feature of a public key infrastructure.  ...  In practice, the most common means of certificate revocation is for a CA to aggregate its revocations into certificate revocation lists (CRLs), as described in the X.509 standard [6] .  ... 
doi:10.1145/2660267.2660376 dblp:conf/ccs/SchulmanLS14 fatcat:c5mc3jk44vbfpmhshde4tkxusu

PKI Scalability Issues [article]

Adam J Slagell, Rafael Bonilla
2005 arXiv   pre-print
Much focus is spent on certificate revocation methodologies and status verification systems such as CRLs, Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation, OCSP, SCVP and  ...  Certificate Revocation Lists Certificate Revocation Lists (CRLs) were one of the first methods to revoke certificates.  ...  Revocation List (CRL).  ... 
arXiv:cs/0409018v2 fatcat:nklcfkskgbgnfdcpanl3xwifwa

An Efficient Identity Based Encryption in Cloud Computing with Outsourced Revocation

U. Vijay Sankar, M. Pavithra, R Suganya
2020 International Journal of Scientific Research in Computer Science Engineering and Information Technology  
Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate [2].  ...  It aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting.  ...  Certification Revocation List (CRL) is the first and the least difficult strategy for declaration denial. it is generally perceived that CRLs are too exorbitant and can't give a decent level of  ... 
doi:10.32628/cseit20668 fatcat:foc35bd6ofcw7l5sl72c4b2bcq

The Case for Dynamic Key Distribution for PKI-Based VANETS

Ahmed H. Salem, Ayman Abdel-Hamid, Mohamad Abou El-Nasr
2014 International Journal of Computer Networks & Communications  
A proposed key revocation mechanism reduced the number of messages needed for revocation through Certificate Revocation List (CRL) distribution.  ...  Public key infrastructure (PKI) can be used to secure VANETs where an onboard tamper proof device (TPD) stores a number of encryption keys which are renewed upon visiting a certificate authority (CA).  ...  One of the principles of the public key infrastructure (PKI) that should be handled effectively is key revocation, and how to distribute a certificate revocation list (CRL) among the VANETs efficiently  ... 
doi:10.5121/ijcnc.2014.6105 fatcat:scbfqf7c6vah3a2iik5m62efem

Beyond PKI: The Biocryptographic Key Infrastructure

W. Scheirer, B. Bishop, T. Boult
2010 2010 IEEE International Workshop on Information Forensics and Security  
But to solve these problems correctly, we cannot simply use standard biometric templates (the data representation of the collected biometric feature) embedded within x.509 certificates, because a revocation  ...  How did the CA identify the certificate holder?  ...  Scenario 1: Manual Re-issue The BCA that issued the certificate must maintain a certificate revocation list (CRL). This list only contains revoked certificates, and not expired certificates.  ... 
doi:10.1109/wifs.2010.5711435 dblp:conf/wifs/ScheirerBB10 fatcat:avh4vs2eobbi3nnobubs7w5bmu

Beyond PKI: The Biocryptographic Key Infrastructure [chapter]

Walter J. Scheirer, William Bishop, Terrance E. Boult
2013 Security and Privacy in Biometrics  
But to solve these problems correctly, we cannot simply use standard biometric templates (the data representation of the collected biometric feature) embedded within x.509 certificates, because a revocation  ...  How did the CA identify the certificate holder?  ...  Scenario 1: Manual Re-issue The BCA that issued the certificate must maintain a certificate revocation list (CRL). This list only contains revoked certificates, and not expired certificates.  ... 
doi:10.1007/978-1-4471-5230-9_3 fatcat:yuthwurbrnd3nefhdptujvc22y

Towards a More Secure and Scalable Verifying PKI of eMRTD [chapter]

Nicolas Buchmann, Harald Baier
2014 Lecture Notes in Computer Science  
OCSP), and the Server-based Certificate Validation Protocol (SCVP).  ...  ., stolen (mobile) passport inspection systems due to its missing revocation mechanism. The article at hand seeks for potential approaches to solve these shortcomings.  ...  Certificate Revocation List (CRL) Certificate Revocation Lists (CRL) provide a mechanism to invalidate certificates before their actual expiration date.  ... 
doi:10.1007/978-3-642-53997-8_7 fatcat:vl4z6dtjb5gmrkk4rw6tvdkptm
« Previous Showing results 1 — 15 out of 1,904 results