Certificate Revocation Release Policies
Publication Type
Journal Article
Publication Date
3-2009
Abstract
Public key infrastructure provides a promising foundation for verifying the authenticity of communicating parties and transferring trust over the Internet. The key issue in public key infrastructure is how to process certificate revocations. Previous research in this area has concentrated on the tradeoffs that can be made among different revocation options. No rigorous efforts have been made to understand the probability distribution of certificate revocation requests based on real empirical data. In this study, we first collect real data from VeriSign and suggest a functional form for the probability density function of certificate revocation requests. Exponential distribution function is chosen as it adequately approximates the real data. We then provide an economic model based on which a certificate authority can choose the optimal Certificate Revocation List (CRL) release interval considering the intrinsic properties among different types of certificate services. To conclude we draw some insights by comparing the performance of four different CRL strategies.
Keywords
Electronic data interchange, Public key infrastructure, certificate revocation list, digital certificate, decision-making
Discipline
Information Security
Research Areas
Information Security and Trust
Publication
Journal of Computer Security
Volume
17
Issue
2
First Page
127
Last Page
157
ISSN
0926-227X
Identifier
10.3233/JCS-2009-0330
Publisher
IOS Press
Citation
HU, Nan; Tayi, Giri Kumar; MA, Chengyu; and LI, Yingjiu.
Certificate Revocation Release Policies. (2009). Journal of Computer Security. 17, (2), 127-157.
Available at: https://ink.library.smu.edu.sg/sis_research/791
Additional URL
http://dx.doi.org/10.3233/JCS-2009-0330