[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: spki@c2.org*Subject*: CRLs versus short Validity periods*From*: rivest@theory.lcs.mit.edu (Ron Rivest)*Date*: Thu, 29 Feb 96 20:15:02 EST*Cc*: ietf-pkix@tandem.com, coderpunks@toad.com*Sender*: owner-spki@c2.org

To follow up on Carl Ellison's note, let me briefly mention Silvio Micali's recent proposal for optimizing CRL's somewhat: Suppose my certificate is valid for one month. The CA includes two values, x0 and y. The CA knows values x32 and y' such that h(y') = y h(x32) = x31 h(x31) = x30 ... h(x1) = x0 for some one-way hash function h (e.g. MD5). The cert policy says: (1) if you can produce a y' such that h(y') = y, then this certificate should be considered as revoked. (2) this cert should only be considered as valid on day i of the month if it is accomanied by an xi such that h^i(xi) = x0. The CA can "recertify" the cert for one more day by handing out xi to the distributors of the cert (in particular the owner, and possibly other cert servers). The CA can revoke the cert by passing out y', similarly. One advantage of this scheme is that additional digital signatures are not required by the CA for recertification or revocation. A paper on this topic should be available on this topic from Silvio Micali at some point soon... Cheers, Ron Rivest

- Prev by Date:
**General Requirements (was Re: encodings, character sets, general requirements)** - Next by Date:
**automated processing of generalized certificates** - Prev by thread:
**RE: CRLs versus short Validity periods** - Next by thread:
**Re: CRLs versus short Validity periods** - Index(es):