Title

Certificate Revocation Release Policies

Publication Type

Journal Article

Publication Date

3-2009

Abstract

Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the Internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this area has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real data from VeriSign and suggest a functional form for the probability density function of certificate revocation requests. Exponential distribution function is chosen as it adequately approximates the real data. We then provide an economic model based on which a certificate authority can choose the optimal Certificate Revocation List (CRL) release interval considering the intrinsic properties among different types of certificate services. To conclude we draw some insights by comparing the performance of four different CRL strategies.

Keywords

Electronic data interchange, Public key infrastructure, certificate revocation list, digital certificate, decision-making

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Journal of Computer Security

Volume

17

Issue

2

First Page

127

Last Page

157

ISSN

0926-227X

Identifier

10.3233/JCS-2009-0330

Publisher

IOS Press

Additional URL

http://dx.doi.org/10.3233/JCS-2009-0330