Information Technology Reference
In-Depth Information
Requirement 3: No Bulky Data Like CRL.
There is no bulky data like
CRL in ACSP.
Requirement 4: Recency Requirements Must Be Set by the Acceptor,
not by the CA.
Every acceptor can set his own recency period and change the
recency period arbitrarily. If the acceptor sets
= 0, he can obtain the revocation
status information equivalent to an OCSP response.
t
Requirement 5: Acceptor Should Take Care of Certificates not Satis-
fying His Recency Requirements.
When signer's certificate does not satisfy
the acceptor's recency period, the acceptor can proceed without the signer's
help.
Before going on the analysis, we compare ACSP with previous revocation
status checking systems in the above aspects. Tabl. 1 shows the results.
Table 1.
The comparison of various revocation status checking protocols
CRL[3] ROD[7] Short lived[13] Rivest[12]
∗
OCSP[3] ACSP
Requirement 1
Yes
Yes
No
No
Yes
Yes
Requirement 2
No
No
No
No
Yes
Yes
Requirement 3
No
No
Yes
Yes
Yes
Yes
Requirement 4
No
Yes
No
Yes
No
Yes
Requirement 5
Yes
Yes
Yes
No
Yes
Yes
* Rivest's system without a suicide bureau was compared in this table.
Requirement 6: New Certificates Are the Best Evidence.
New certifi-
cates are used as ACSP responses.
Requirement 7: Reuse of the Existing Certificate Issuance Mecha-
nisms and Infrastructure.
The generation module of ACSP responses can
be constructed by use of the existing certificate issuance mechanisms and infras-
tructure. For the case of
= 0, we can define the OCSP response as the ACSP
response and this guarantees the compatibility of the two systems. In addition,
ACSP does not introduce new agents such as suicide bureaus.
t
Requirement 8: Small Computational and Communicational Load.
Since ACSP is a kind of online certificate status checking system, we will compare
ACSP with the most famous online certificate status checking system, OCSP.
Note that [2] has the same computational and communicational workload as
OCSP.
For simplicity, we assume the case where one signer communicates with many
acceptors. This analysis can be easily extended to the case where many signers
communicate with many acceptors. We define the following parameters:
