PKI Scalability Issues

This report surveys different PKI technologies such as PKIX and SPKI and the issues of PKI that affect scalability. Much focus is spent on certificate revocation methodologies and status verification systems such as CRLs, Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation, OCSP, SCVP and DVCS.

[1]  Mike Just An Overview of Public Key Certificate Support for Canada ’ s Government On-Line ( GOL ) Initiative , 2003 .

[2]  William T. Polk,et al.  Public Key Infrastructures that Satisfy Security Goals , 2003, IEEE Internet Comput..

[3]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[4]  David A. Cooper,et al.  A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[5]  David A. Cooper A more efficient use of delta-CRLs , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[6]  Carlisle Adams,et al.  A General, Flexible Approach to Certificate Revocation , 1998 .

[7]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols , 2001, RFC.

[8]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[9]  Jon Callas Improving Message Security With a Self-Assembling PKI , 2003 .

[10]  Patrick D. McDaniel,et al.  Windowed certificate revocation , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[11]  Jonathan K. Millen,et al.  Efficient fault-tolerant certificate revocation , 2000, CCS.

[12]  Petra Wohlmacher,et al.  Digital certificates: a survey of revocation methods , 2000, MULTIMEDIA '00.

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[15]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .