Privacy-Preserving Revocation Checking with Modified CRLs

Certificate Revocation Lists (CRLs) are the most popular means of revocation checking. A CRL is essentially a signed and timestamped list containing information about all revoked certificates issued by a certification authority. One of the shortcomings of CRLs is poor scalability which influences update, bandwidth and storage costs. Other, more efficient revocation techniques leak potentially sensitive information. Information leaks occur since third parties (agents, servers) of dubious trustworthiness discover the identities of the parties posing revocation check queries as well as identities of the queries’ targets. An even more important privacy loss results from the third party’s ability to tie the source of the revocation check with the query’s target. (Since, most likely, the two are about to communicate.) This paper focuses on privacy and efficiency in revocation checking. Its main contribution is a simple modified CRL structure that allows for efficient revocation checking with customizable level of privacy.