Empirical Analysis of Certificate Revocation Lists
Conference Proceeding Article
Managing public key certificates revocation has long been a central issue in public key infrastructures. Though various certificate revocation mechanisms have been proposed to address this issue, little effort has been devoted to the empirical analysis of real-world certificate revocation data. In this paper, we conduct such an empirical analysis based on a large amount of data collected from VeriSign. Our study enables us to understand how long a revoked certificate lives and what the difference is in the lifetime of revoked certificates by certificate types, geographic locations, and organizations. Our study also provides a solid foundation for future research on optimal management of certificate revocation for different types of certificates requested from different organizations and located in different geographic locations.
public key infrastructure, certificate revocation, empirical analysis
Information Security and Trust
Data and Applications Security XXII: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security London, UK, July 13-16, 2008: Proceedings
City or Country
WALLECK, Daryl; LI, Yingjiu; and Xu, Shouhuai.
Empirical Analysis of Certificate Revocation Lists. (2008). Data and Applications Security XXII: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security London, UK, July 13-16, 2008: Proceedings. 5094, 159-174. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/421