Certificate Revocation Lists or Online Mechanisms1

With more and more acceptance of Digital Certificates and Public Key Infrastructures (PKI), the mechanisms to revoke a certificate in a PKI have recently received increasing attention. The revocation mechanisms are commonly classified into Certificate Revocation Lists (CRLs), trusted dictionaries and online mechanisms. The designer of a PKI should select an appropriate revocation method suiting his requirements. This turns out to be a sufficiently confusing task as different revocation solutions are good in different type of environments. We ask the question “How do we decide which revocation solution to use amongst the various categories of solutions?” We first conduct a survey of the existing certificate revocation techniques and then analyze and compare the various classes of revocation methods for their advantages and disadvantages. This analysis can greatly help the PKI designer to select the right revocation solution.