Information Technology Reference
In-Depth Information
of skipping STEP4. The only negative effect is that the issuance time of Alice's
certificate is not renewed.
In ACSP (I), Bob forwards
Cert
to Alice in STEP4. Instead, the CA can
Cert
to both Bob and Alice in STEP3. ACSP (II) adopts this change.
send
3.1.2 ACSP (II).
STEP1, STEP2.
The same as ACSP (I).
STEP3.
The CA checks the revocation status of
Cert
. As an ACSP response,
Cert
Cert
the CA generates a new certificate
and sends
to both Bob and
Cert
, Bob can decide whether Alice's
Alice. After receiving the ACSP response
Cert
.
certificate
Cert
is revoked or not, and Alice may replace
Cert
with
Fig. 2.
ACSP (II)
ACSP (II) can be executed a little faster than ACSP (I). Note that the CA
can omit to send
Cert
to Alice in STEP3. The only negative effect of this
omission is that the issuance time of Alice's certificate is not renewed.
3.2 Analysis
ACSP satisfies the design principles explained in Section 2 as follows:
Requirement 1: Explicit Revocation Mechanism.
Certificates can be re-
voked prior to its expiration time.
Requirement 2: Online Certificate Status Checking.
When signer's cer-
tificate does not satisfy acceptor's recency period, the acceptor obtains real-time
revocation status from the CA.
