Fast digital certificate revocation: An alternative to short lived certificates

Abstract

Digital Certificates are central to the concept of Public Key Infrastructures (PKI) and serve as a cryptographic proof of one's public key. Occasionally, certificates must be declared invalid prior to their due expiration date in case of key compromise or change in identity. Thus a11 PKIs should provide a mechanism through which an issued certificate may be revoked. The revocation mechanisms are commonly classified into Certificate Revocation Lists (CRLs), trusted dictionaries and online mechanisms. We briefly discuss the existing certificate revocation techniques and then present a new online revocation technique. More precisely, we present an alternative to short lived certificates proposed by Rivest. © 2004 by Springer Science+Business Media Dordrecht.