| |
If someone realizes his private key has been stolen or if someone gets fired from an organization, it is important to be able to revoke his certificate so that it will no longer be valid. Certificates have expiration dates in them but the validity period is too long to wait. This is a similar problem with the situation when credit cards are lost.
We summarize the solutions implemented so far as follows:
- Certificate Revocation Lists (CRLs): CA periodically issues a signed list of all the revoked certificates. Each CRL contains a complete list of all the unexpired revoked certificates.
- Delta CRLs: When CRL becomes very large, it is problematic to download the huge CRL periodically, say in every hour. For efficiency reasons, delta CRLs list changes from the last complete CRL. The delta CRL would be very short, often containing no certificates.
- Online Revocation Server (OLRS): Even when CRLs are issued frequently, this does not provide real-time guarantees. OLRS is a server which can be queried over an authenticated channel about the revocation status of individual certificates. By this way, revocation takes effect quicker.
- Instantaneous Revocation: In OLRS approach, the verifier (the party who encrypts) queries the server about the status of the certifıcate. This query is performed at the time of verification and it is not possible to check the revocation status at the time when signer signs the message. In asynchronous applications such as email, it is sometimes required to revoke certificates instantly so that it would be no longer possible to generate signature (or read encrypted mails) afterwards. Alternatively, Boneh et al. proposes a method where it is not possible to generate a digitally signed message in the first place if the certificate is revoked so that the existence of a digital signature implicitly means that the certificate was valid at the signing time. More precisely, instead of a receiver, the signer himself contacts with a server and without server’s involvement the protocol ensures that a genuine digital signature cannot be generated. Of course the server participates in the protocol only after checking the revocation status. More information can be reached from the reference below.
Reference: Fine Grained Control of Security Capabilities, D. Boneh et al. ACM Transactions on Internet Technology, Vol 4, No.1, Feb 2004.
|
|
|
