Certificate Revocation Paradigms

With the extensive development of applications of public key cryptography, the need for supporting infrastructure arose. It became clear that a person can not just use another person’s public key obtained in some way, but he also has to be sure that the key and its claimed owner really belong together and that the connection is not expired. One of the oldest and most widespread ideologies to satisfy the demands above is the PKIX one (Public Key Infrastructure using X.509, we refer intersested reader to [1]). The idea is to introduce a Trusted Third Party (TTP) also known as Certification Authority (CA) whose public key is trusted and who signs the certificate “the person A and the key N belong together at time t, this connection being valid for the time δt” by his secret key. One major trouble that can occur is the problem of compromise (or otherwise losing its validity) of A’s public key before the time t+ δt. Although the verifier B could have a trusted certificate and check that the public key has not yet expired, he still should not trust A’s public key. To be absolutely sure, he has to check that the certificate has not been revoked. It is clear that along with the information about the issuded certificates, the CA must also distribute the information concerning the revoked ones among them. The whole problem is finding a suitable infrastructure for that purpose in order to make the distribution of the revocation information operative and the structure itself scalable. In what follows we will consider several systems proposed and discuss their properties.