A practical and efficient tree-list structure for public-key certificate validation

Abstract

In this paper, we present the Tree-List Certificate Validation (TLCV) scheme, which uses a novel tree-list structure to provide efficient certificate validation. Under this scheme, users in a public-key infrastructure (PKI) are partitioned into clusters and a separate blacklist of revoked certificates is maintained for each cluster. The validation proof for each cluster's blacklist comes in the form of a hash path and a digital signature, similar to that used in a Certificate Revocation Tree (CRT) [1]. A simple algorithm to derive an optimal number of clusters that minimizes the TLCV response size was described. The benefits and shortcomings of TLCV were examined. Simulations were carried out to compare TLCV against a few other schemes and the performance metrics that were examined include computational overhead, network bandwidth, overall user delay and storage overhead. In general, we find that TLCV performs relatively well against the other schemes in most aspects. © 2008 Springer-Verlag Berlin Heidelberg.