论文信息 - Feasibility and Efficiency Analysis of Distributing the Certificate Revocation List by P2P Network

Feasibility and Efficiency Analysis of Distributing the Certificate Revocation List by P2P Network

The management organization of the large-scale PKI (Public Key Infrastructure) [1] generally adopts the CRL (Certificate Revocation List) to collect the invalid digital certificates due to the password disclosure and expiration. It is the core issue that how to increase the distribution efficiency of CRL to decrease the deployment cost. In the paper, it discussed the feasibility of distributing the digital certificate revocation list by P2P network and dealt with the quantitative analysis on the distribution efficiency. Then it compared the results with the traditional distribution method.

Tao Yin | Zhao Qiu | Zhao Wang | Jun Huang | WeiDong Xiao

[1] Bruce M. Maggs,et al. Globally Distributed Content Delivery , 2002, IEEE Internet Comput..

[2] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[3] Ian T. Foster,et al. Mapping the Gnutella Network: Properties of Large-Scale Peer-to-Peer Systems and Implications for System Design , 2002, ArXiv.

[4] Thomas Wölfl. Public-Key-Infrastructure Based on a Peer-to-Peer Network , 2005, HICSS.

[5] Ian T. Foster,et al. Mapping the Gnutella Network , 2002, IEEE Internet Comput..

[6] Cheng Tao. The Study of P2P Trust Management Model and Certificate Revocation Approach , 2006 .

[7] David A. Cooper. A more efficient use of delta-CRLs , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8] David A. Cooper,et al. A model of certificate revocation , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).