Information Technology Reference
In-Depth Information
4.1.2 ACSP+ (II).
STEP1, STEP2.
The same as ACSP+ (I).
STEP3.
The proxy responder checks the revocation status of
Cert
and sends
R
to both Bob and Alice. After receiving the ACSP+ re-
the ACSP+ response
R
, Bob can decide whether Alice's certificate
sponse
Cert
is revoked or not, and
Alice replaces the previous ACSP+ response
R
with the new ACSP+ response
R
.
4.2 Analysis
The basic facts about ACSP in Tabl. 1 are true for ACSP+. However, an ACSP+
response is not a new certificate even though new certificates are the best evi-
dence (Requirement 6). This stems from the exclusion of the CA in the revocation
status checking process.
Since ACSP and ACSP+ have the same number of response signing, the
responder's computational costs in the two systems are the same. The number of
communicational passes in ACSP and ACSP+ are also equal. Hence, the analysis
in Tabl. 2 holds good for ACSP+. However, the signer in ACSP+ sends the
previous ACSP+ response
, which consumes more communicational
bandwidth. Note that the size of an ACSP+ response is smaller than that of an
ACSP response because the ACSP+ response can contain only necessary fields.
The choice between ACSP and ACSP+ is dependent on the system designer's
preference.
R
with
Cert
5 Conclusions
High value transaction requires that the validity of a given certificate can be
checked in real-time. In this paper, we proposed ACSP, an advanced online cer-
tificate status checking protocol. ACSP improved OCSP, the most popular online
certificate status checking protocol, in two aspects: flexibility and eciency. If
we define the OCSP response as the ACSP response for
= 0 (i.e., an accep-
tor's recency period is zero), the compatibility of the two systems is guaranteed.
When the use of proxy responders is desirable, ACSP+ can be a good solution.
We hope this work to stimulate research in online certificate status checking
mechanisms.
t
References
1. Fox, B. and LaMacchia, B.: Certificate Revocation: Mechanics and Meaning. FC
'98, LNCS 1465 (1998) 158-164
2. Fox, B. and LaMacchia, B.: Online Certificate Status Checking in Financial Trans-
actions: The Case for Re-issuance. FC '99, LNCS 1648 (1999) 104-117
