Home > Explore Content > All Issues > Article View
A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP
Journal of The Korea Society of Computer and Information
Abbr :
JKSCI
2008, 13(3), pp.91-98
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science
2008, 13(3), pp.91-98
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science
-
The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI(Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates’ status for clients. In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time.
176 Viewed
Print this page
Download PDF