The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI(Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates’ status for clients.
In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time.
[book]
Bogdan C. Popescu
/ 2003
/ A Certificate Revocation Scheme for a Large-Scale Highly Replicated Distributed System
/ ISCC
: 225~231
[journal]
K. Papapanagiotou
/ 2006
/ Performance evaluation of a distributed OCSP protocol over MANETs
/ in Proceedings of 3rd IEEE Consumer Communications and Networking Conference (CCNC'06)
1
: 1~5
[journal]
Iliadis J
/ 2003
/ Towards a framework for evaluating certificate status information mechanisms
/ Computer Communications
26(16)
: 1839~1850
[book]
R. Housley
/ 2002
/ Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
/ RFC
@article{ART001254442}, author={김경자 and 장태무}, title={A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP}, journal={Journal of The Korea Society of Computer and Information}, issn={1598-849X}, year={2008}, volume={13}, number={3}, pages={91-98}
TY - JOUR AU - 김경자 AU - 장태무 TI - A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP JO - Journal of The Korea Society of Computer and Information PY - 2008 VL - 13 IS - 3 PB - The Korean Society Of Computer And Information SP - 91 EP - 98 SN - 1598-849X AB - The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI(Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates’ status for clients.
In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time. KW - 인증기관(Certificate Authority);인증서(Certificate);인증서 취소 목록(Certificate Revocated Lists);OCSP(Online Certificate Status Protocol); DO - UR - ER -
김경자 and 장태무. (2008). A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP. Journal of The Korea Society of Computer and Information, 13(3), 91-98.
김경자 and 장태무. 2008, "A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP", Journal of The Korea Society of Computer and Information, vol.13, no.3 pp.91-98.
김경자, 장태무 "A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP" Journal of The Korea Society of Computer and Information 13.3 pp.91-98 (2008) : 91.
김경자, 장태무. A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP. 2008; 13(3), 91-98.
김경자 and 장태무. "A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP" Journal of The Korea Society of Computer and Information 13, no.3 (2008) : 91-98.
김경자; 장태무. A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP. Journal of The Korea Society of Computer and Information, 13(3), 91-98.
김경자; 장태무. A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP. Journal of The Korea Society of Computer and Information. 2008; 13(3) 91-98.
김경자, 장태무. A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP. 2008; 13(3), 91-98.
김경자 and 장태무. "A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP" Journal of The Korea Society of Computer and Information 13, no.3 (2008) : 91-98.