A Method for Fast Revocation of Public Key Certificates and Security Capabilities
Authors: D. Boneh, X. Ding, G. Tsudik, and M. Wong
Abstract:
We present a new approach to fast certificate revocation centered around
the concept of an on-line semi-trusted mediator (SEM). The use of a
SEM in conjunction with a simple threshold variant of the RSA
cryptosystem (mediated RSA) offers a number of practical advantages over
current revocation techniques. Our approach simplifies validation of digital
signatures and enables certificate revocation within legacy
systems. It also provides immediate revocation of all security
capabilities. This paper discusses both the architecture and
implementation of our approach as well as performance and
compatibility with the existing infrastructure. Our results show
that threshold cryptography is practical for certificate revocation.
Reference:
In proceedings of the 10th USENIX Security Symposium, pp. 297-308
Full paper: pdf [first posted 5/2001 ]