Showing papers on "Revocation published in 1995"
Patent•
13 Nov 1995TL;DR: In this paper, the authors propose a method which allows implementation of the revocation of public-key certificates and facilitates the engineering of certificate revocation lists (CRLs) by allowing CRLs to be segmented, based on size considerations or priority considerations related to revocation reasons.
Abstract: A method which allows implementation of the revocation of public-key certificates facilitates engineering of certificate revocation lists (CRLs). It solves the practical problem of CRLs potentially growing to unmanageable lengths by allowing CRLs to be segmented, based on size considerations or priority considerations related to revocation reasons. The method is used to distribute CRL information to users of certificate-based public-key systems. It is also applied more generally to update any field in a certificate by reference to a secondary source of authenticated information.
125 citations
08 May 1995
TL;DR: It is illustrated how the inclusion of freshness policies within certificates enables the design of a secure and highly available revocation service.
Abstract: A general method is described for formally specifying and reasoning about distributed systems with any desired degree of immediacy for revoking authentication. To effect revocation, 'authenticating entities' impose freshness constraints on credentials or authenticated statements made by trusted intermediaries. If fresh statements are not presented, then the authentication is questionable. Freshness constraints are derived from initial policy assumptions and authentic statements made by trusted intermediaries. By adjusting freshness constraints, the delay for certain revocation can be arbitrarily bounded. We illustrate how the inclusion of freshness policies within certificates enables the design of a secure and highly available revocation service. We illustrate the application of the method and new techniques in an example. >
79 citations