Problems with certificate revocation status control limit the deployment of Public Key Infrastructure (PKI). Classical certificate paths require revocation control of all certificates on the path. In this paper, we show how the recently proposed NPKI (Nested certificate based PKI) system reduces the number of revocation status controls to at most two. Our analysis also shows that NPKI is not as...

This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocols. Protocol messages are defined for all relevant aspects of certificate creation and management. Note that "certificate" in this document refers to an X.509v3 Certificate as defined in [COR95, X509-AM]. The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "M...

Certificate Authorities (CAs) are considered as a single point of failure in the design of Public Key Infrastructure (PKI). Adversaries can take the advantage of a compromised CA to issue certificates for any domains without being noticed by the domain owners. Another argument regarding PKI is the adoption of Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) for pu...

We give the first linear-time certifying algorithms to recognize split graphs, threshold graphs, bipartite chain graphs, cobipartite chain graphs and trivially perfect graphs, with sublinear certificates for negative output. In case of membership in a given graph class our algorithms provide as certificate a structure for the input graph that characterizes the class, and in case of non-membersh...

This article presents a type certifying compiler for a subset of Java and proves the type correctness of the bytecode it generates in the proof assistant Isabelle. The proof is performed by defining a type compiler that emits a type certificate and by showing a correspondence between bytecode and the certificate which entails welltyping. The basis for this work is an extensive formalization of ...

Most epidemiologic research using birth certificate records utilizes cross-sectional or case-control study designs. These records are typically made available to qualified researchers as computerized files of vital events for a state or the entire United States by year of occurrence, either for events occurring within the state or to residents of the state. This structure clearly lends itself t...

A fundamental problem inhibiting the wide acceptance of a Public Key Infrastructure (PKI) in the Internet is the lack of a mechanism that provides scalable certificate revocation. In this paper, we propose a novel mechanism called Windowed Revocation. In windowed revocation, certificate revocation is announced for short periods in periodic Certificate Revocation Lists (CRLs). Due to the assuran...

We introduce the notion of certificate-based encryption. In this model, a certificate – or, more generally, a signature – acts not only as a certificate but also as a decryption key. To decrypt a message, a keyholder needs both its secret key and an up-to-date certificate from its CA (or a signature from an authorizer). Certificate-based encryption combines the best aspects of identity-based en...