Certificate Revocation Release Policies
Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the Internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this area has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real data from VeriSign and suggest a functional form for the probability density function of certificate revocation requests. Exponential distribution function is chosen as it adequately approximates the real data. We then provide an economic model based on which a certificate authority can choose the optimal Certificate Revocation List (CRL) release interval considering the intrinsic properties among different types of certificate services. To conclude we draw some insights by comparing the performance of four different CRL strategies.
Electronic data interchange, Public key infrastructure, certificate revocation list, digital certificate, decision-making
Information Security and Trust
Journal of Computer Security
HU, Nan; Tayi, Giri Kumar; MA, Chengyu; and LI, Yingjiu.
Certificate Revocation Release Policies. (2009). Journal of Computer Security. 17, (2), 127-157. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/791