Abstract
A CRL (Certificate Revocation List) defined in X.509 is currently used for certificate revocation. There are some issues of CRL including a high communication cost and a low latency for update. To solve the issues, there are many proposals including CRT (Certificate Revocation Tree), Authenticated Dictionary, and Delta List. In this paper, we study CRT using k-valued hash tree. To estimate the optimal value of k, we examine the overhead of computation and the communication cost. We also discuss when a CRT should be reduced by eliminating unnecessary entries that are already expired.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ITU-T Recommendation X.509—ISO/IEC 9594-8: 1995
R. Housley, W. Ford, W. Polk, D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Internet RFC??? 2459, 1999
C. Adams, S. Farrell, Internet X.509 Public Key Infrastructure Certificate Management Protocols, Internet RFC 2510, 1999
S. Boeyen, T. Howes, P. Richard, Internet X.509 Public Key Infrastructure Operational Protocols-LDAPv2, Internet RFC 2559, 1999
M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol-OCSP, Internet RFC 2560, 1999
R. Housley, P. Hoffman, Internet X.509 Public Key Infrastructure Operational Protocols, Internet RFC 2585, 1999
S. Boeyen, T. Howes, P. Richard, Internet X.509 Public Key Infrastructure LDAPv2 Schema, Internet RFC 2587, 1999
P. Kocher, A Quick Introduction to Certificate Revocation Trees (CRTs), http://www.valicert.com/company/crt.html
R. C. Merkle, “A certified Digital Signature”, Proc. Crypto’ 89, Lecture Notes in Computer Science 435, pp. 234–246, SpringerVerlag, 1989
Mni Naor and Kobbi Nissim, Certificate Revocation and Certificate Update, in proc. of Seventh USENIX Security Symposium, pp.217–228, 1998
H. Kikuchi, K. Abe and S. Nakanishi, Proposal on Update of Certificate Revocation Tree Using k-valued Hash Tree (in Japanese), Proc. of the 1999 Symposium on Cryptography and Information Security (SCIS’99), Vol.2, pp.621–626, 1999
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kikuchi, H., Abe, K., Nakanishi, S. (1999). Performance Evaluation of Certificate Revocation Using k-Valued Hash Tree. In: Information Security. ISW 1999. Lecture Notes in Computer Science, vol 1729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47790-X_10
Download citation
DOI: https://doi.org/10.1007/3-540-47790-X_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66695-0
Online ISBN: 978-3-540-47790-7
eBook Packages: Springer Book Archive