NIST logo

Publication Citation: A Model of Cerificate Revocation

NIST Authors in Bold

Author(s): David A. Cooper;
Title: A Model of Cerificate Revocation
Published: December 01, 1999
Abstract: This paper presents a model for the distribution of revocation information using certificate revocation lists (CRLs). This model is used to highlight inefficiencies in the traditional method of distribution certificate status information using CRLs. Two alternative CRL-based revocationdistribution mechanisms, over-issued CRLs and segmented CRLs, are then presented. The original model is then expanded to encompass each of the alternative mechanisms and these expanded models are used to demonstrate the advantages of the alternative mechanisms to the traditional method. Finally, the paper offers some suggestions for choosing the best CRL-based revocation distribution mechanism for any particular environment.
Conference: Computer Security Applications Conference
Proceedings: Fifteenth Annual Computer Security Applications Conference
Dates: December 6-10, 1999
Keywords: certificate revocation;certificate revocation list;certification authority;CRL
Research Areas: