PKI has a history of very poor support for revocation. It is both too expensive and too coarse grained, so that private keys which are compromised or otherwise become invalid remain in use long after they should have been revoked. This paper considers Instant Revocation, or revocations which take place within a second or two. A new revocation scheme, Certificate Push Revocation (CPR) is described which can support instant revocation. CPR can be hundreds to thousands of times more Internet-bandwidth efficient than traditional and widely deployed schemes. It also achieves significant improvements in cryptographic overheads. Its costs are essentially independent of the number of queries, encouraging widespread use of PKI authentication. Although explored in the context of instant revocation, CPR is even more efficient-both in relative and absolute terms-when used with coarser grain (non-instant) revocations. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Solworth, J. A. (2008). Instant revocation. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5057 LNCS, pp. 31–48). https://doi.org/10.1007/978-3-540-69485-4_3
Mendeley helps you to discover research relevant for your work.