On the Dissemination of Certificate Status Information
Abstract
There has been an increasing interest in the deployment of Public Key Infrastructures, the past few years. Security issues emerge from the operation of Certification Authorities, as well as the operation of other PKI ‑ related security service providers. Most of them have been addressed and efficient solutions have been found. One of the areas which has to be studied further is the generation and dissemination of information regarding the status of a digital certificate.
In this dissertation, we present a set of evaluation criteria for mechanisms that are used to generate and disseminate Certificate Status Information (CSI). We evaluate the proposed CSI mechanisms according to the aforementioned criteria, and identify the security and performance issues that emerge from their use.
Finally, we develop a prototype specification for a CSI dissemination mechanism, which we call Alternative Dissemination of Certificate Status Information (ADOCSI). This mechanism uses the functionality offered by Software Agents in order to disseminate CSI, and also uses some of the properties and functionality offered by the other CSI mechanisms. We believe that ADOCSI addresses some of the issues that emerge from the use of the other Certificate Status Information dissemination mechanisms.
School
Royal Holloway and Bedford New College, University of London, UK
Affiliation
University of the Aegean, Greece
Publication Date
2001-09-01
Contents
-Taxonomy of Certificate Status Information mechanisms
-Evaluation of certificate status information mechanisms
-Towards an alternative mechanism for CSI
-Future work on CSI
Keywords
certificate revocation, certificate status information, PKI agents
Subject
Taxonomy and evaluation of existing Certificate Status Information mechanisms and proposal for an alternative mechanism