Efficient Certificate Revocation : A P2P Approach

Certificate revocation is one of the many challenges faced by Public Key Infrastructure (PKI). Certificate revocation is the action of declaring a certificate, which has not expired, is no longer valid due to various reasons ranging from change of relationship between certificate issuer and the public key owner to compromised private keys of the associated certificate to change of information contained in the certificate. All the revoked certificates by the certificate issuer must be made available to all the end-entities, which need to verify a certificate. Many schemes have been proposed for certificate revocation; each with its own strenghts and weaknesses. Some of these schemes, although straightforward and easy to implement, suffer when faced with the challenge of efficient distribution of certificate revocation information. In this paper we look into the use of Peer-to-Peer (P2P) technology to effectively and efficiently distribute the revoked information. P2P is an emerging paradigm that is now viewed as a potential technology that could re-formulate well known distributed architectures (e.g., the Internet). It is a network architecture in which all participating computers (or nodes), in most cases, have equivalent capabilities and responsibilities. Certificate revocation schemes such as Certification Revocation Lists, which has the potential to distribute very large list, will definitely benefit from the P2P implementation.