Information Technology Reference
In-Depth Information
also an infrastructure that assures the validity of electronic transactions using
digital certificates. The Public Key Infrastructure (PKI) is responsible for the
certificates not only at the issuing time but also during all the certificate's life-
time. Typically, the validity period of a certificate goes between several months
and several years. Certificate revocation is the mechanism under which an issuer
can revoke the binding of an identity with a public key before the expiration
of the corresponding certificate. A certificate may be revoked, according to [3],
because of the loss or compromise of the associated private key, in response to a
change in the owner's access rights, a change in the relationship with the issuer
or as a precaution against cryptanalysis. The revocation policies determine how
the status of the certificates is distributed to the end users.
Bandwidth and processing capacity are critical bottlenecks when implement-
ing revocation systems, thus any status checking implementation must be con-
cerned about these parameters that highly affect scalability. Systems based on
the Merkle Hash Tree (MHT) [7] seem to avoid some of the scalability drawbacks
of the standard revocation systems: OCSP and CRL. However, to our knowl-
edge, there are not published implementations of this type of systems. This
paper presents a certificate status checking protocol for an MHT-based system,
in particular, the Authenticated Dictionary (AD) [11]. It must be stressed that
not only the protocol is proposed but also important aspects associated with
the response verification that were beyond the scope of the original AD speci-
fication are addressed. The rest of the paper is organized as follows: in Section
2 the authors show the reference model and the nomenclature used to describe
the revocation paradigm. In Section 3 the main approaches to the revocation
are briefly presented. In Section 4 the Authenticated Dictionary is discussed in
detail. In Section 5 the authors present a suitable request-response protocol to
perform the status checking in the AD. In Section 6, it is presented the procedure
that a client must follow in order to verify a response and finally, we conclude
in Section 7.
2 The Certificate Revocation Paradigm
Fig. 1 summarizes the certificate revocation paradigm. The owner of the certifi-
cate to be revoked, an authorized representative or the issuer CA, can initiate
the revocation process for this certificate. To revoke the certificate, any of the
authorized entities generates a revocation request and sends it to the Revocation
Data Issuer (RDI). RDI
1
is the term that we use to define the TTP that has the
master database of revoked certificates. The RDI is also responsible for trans-
forming its database records into “status data”. The status data (
from here
on) has the appropriate format in order to be distributed to the End Entities
and it is formed at least by: a
validity period
that bounds the
SD
SD
life-time,
a
cryptographic proof
that demonstrates that the
SD
was issued by a TTP,
an
identifier
of the TTP that issued the
, the
serial number
of the target
1
The CA that issued the certificate is often the one who performs the RDI's functions
for the certificate, but these functions can be delegated to an independent TTP.
SD
