[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CRLs versus short Validity periods

To: spki@c2.org
Subject: CRLs versus short Validity periods
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Thu, 29 Feb 96 20:15:02 EST
Cc: ietf-pkix@tandem.com, coderpunks@toad.com
Sender: owner-spki@c2.org


To follow up on Carl Ellison's note, let me briefly mention Silvio
Micali's recent proposal for optimizing CRL's somewhat:

Suppose my certificate is valid for one month.  The CA includes two
values, x0 and y.  The CA knows values x32 and y' such that

                h(y') = y
                h(x32) = x31
                h(x31) = x30
                ...
                h(x1) = x0

for some one-way hash function h (e.g. MD5).

The cert policy says: 
        (1) if you can produce a y' such that h(y') = y, then this
            certificate should be considered as revoked.  
        (2) this cert should only be considered as valid on day i of the
            month if it is accomanied by an xi such that h^i(xi) = x0.

The CA can "recertify" the cert for one more day by handing out xi to
the distributors of the cert (in particular the owner, and possibly other
cert servers).  The CA can revoke the cert by passing out y', similarly.

One advantage of this scheme is that additional digital signatures are
not required by the CA for recertification or revocation.

A paper on this topic should be available on this topic from Silvio Micali
at some point soon...

        Cheers,
        Ron Rivest

Prev by Date: General Requirements (was Re: encodings, character sets, general requirements)
Next by Date: automated processing of generalized certificates
Prev by thread: RE: CRLs versus short Validity periods
Next by thread: Re: CRLs versus short Validity periods
Index(es):
- Main
- Thread