[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CRLs versus short Validity periods
At 20:15 2/29/96, Ron Rivest wrote:
>To follow up on Carl Ellison's note, let me briefly mention Silvio
>Micali's recent proposal for optimizing CRL's somewhat:
>
>Suppose my certificate is valid for one month. The CA includes two
>values, x0 and y. The CA knows values x32 and y' such that
>
> h(y') = y
> h(x32) = x31
> h(x31) = x30
> ...
> h(x1) = x0
>
>for some one-way hash function h (e.g. MD5).
>
>The cert policy says:
> (1) if you can produce a y' such that h(y') = y, then this
> certificate should be considered as revoked.
> (2) this cert should only be considered as valid on day i of the
> month if it is accomanied by an xi such that h^i(xi) = x0.
Ron,
thanks for the summary. I will have to get a copy of Silvio's paper.
However, from your summary, this looks like redundant operations.
That is, if the cert issuer wants to revoke a cert, all it has to do
is withhold release of x_i. This doesn't involve release of y'.
Is there some compelling reason to have mechanism (1)?
>One advantage of this scheme is that additional digital signatures are
>not required by the CA for recertification or revocation.
Exactly -- makes network traffic the big issue in performance comparisons.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+