Disclaimer: This page refers to an external person. It only lists all the interactions between this person and the Crypto Group. Validity or accuracy of the following information is thus not guaranteed in any way.
January 17, 2003 - Certificate verification trees to implement asynchronous large-scale certification
by Josep Domingo-Ferrer
|Abstract: ||Good public-key infrastructures (PKIs) are essential to make
electronic commerce secure.
Certificate verification trees (CVTs) have been
introduced as a tool for implementation of large-scale
certification authorities (CAs). In most aspects, the CVT approach outperforms previous approaches like X.509 and certificate revocation lists, SDSI/SPKI, certificate revocation trees, etc.
However, there is a tradeoff between manageability for the CA and response time for the user: CVT-based certification as initially proposed is synchronous, i.e. certificates are only issued and revoked at the end of a CVT update period (typically once a day). Assuming that the user is represented by a smart card, we present here solutions that preserve all advantages of CVTs while relaxing the aforementioned synchronization equirement.
If short-validity certificates are used, implicit revocation provided by the proposed solutions completely eliminates the need for the signature verifier to check any revocation information (CRLs, CRTs, etc.).