• Title/Summary/Keyword: Certificate Revocated Lists

Search Result 1, Processing Time 0.02 seconds

A Study on Efficient CRI managing for Certificate Status Validate in Distributed OCSP (분산 OCSP에서 인증서 상태 검증을 위한 효율적인 CRI 운영에 관한 연구)

  • Kim, Young-Ja;Chang, Tae-Mu
    • Journal of the Korea Society of Computer and Information
    • /
    • v.13 no.3
    • /
    • pp.91-97
    • /
    • 2008
  • The conventional CA(Certificate Authority) has problems in dealing with certificates whose valid time is expired and in managing CRI (Certificate Revocation Information) produced by clients. Many researches are conducted to solve them, but they have limitations in providing real-time verifications of certificates' status for clients. In this paper, we propose a new CRI management model to address these limitations in distributed OCSP(On-line Certificate Status Protocol) environments. CRL(Certificate Revocation List) is divided into two parts: one part that is recent is replicated over several OCSP servers, the other part is replicated and distributed over servers. Our methods can help to break the bottleneck of CA, and effectively reduce the size of CRL transferred. Therefore, with our methods, clients can verify the state of certificates in real time.

  • PDF