An Empirical Analysis of Certificate Revocation Lists

Authors: Daryl Walleck, Yingjiu Li, and Shouhuai Xu

Managing public key certificates revocation has long been a central issue in public key infrastructures. Though various certificate revocation mechanisms have been proposed to address this issue, little effort has been devoted to the empirical analysis of real-world certificate revocation data. In this paper, we conduct such an empirical analysis based on a large amount of data collected from VeriSign. Our study enables us to understand how long a revoked certificate lives and what the difference is in the lifetime of revoked certificates by certificate types, geographic locations, and organizations. Our study also provides a solid foundation for future research on optimal management of certificate revocation for different types of certificates requested from different organizations and located in different geographic locations.

Date: September 02, 2008

Book Title: Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security

Type: InProceedings

Chapter: Lecture Notes In Computer Science

Volume: Vol. 5094

Publisher: Springer-Verlag Berlin, Heidelberg

URL: http://portal.acm.org/citation.cfm?id=1426296.1426316&coll=GUIDE&dl=GUIDE

Downloads: 356

Has 1 soft copy

remote link

Bibtex

@InProceedings{An_Empirical_Analysis_of_Certificate_Rev,
author = "Daryl Walleck and Yingjiu Li and Shouhuai Xu",
title = "{An Empirical Analysis of Certificate Revocation Lists}",
month = "September",
year = "2008",
chapter = "Lecture Notes In Computer Science",
volume = "Vol. 5094",
booktitle = "Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security",
publisher = "Springer-Verlag Berlin, Heidelberg",
}