A survey and security strength classification of PKI certificate revocation management implementations
Authors
MacMichael, John L.
Subjects
Advisors
Fulp, J.D.
Date of Issue
2003-12
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
In this thesis, I define all currently operational, proposed, and theoretically possible methods of certificate revocation. The role of certificate revocation within the larger scheme of PKI is examined and the mandates upon Department of Defense from the Certification Practices Statement (CPS) and Certificate Policy (CP) are examined. A "best case" model for revocation is suggested. The security attributes affecting certificate revocation are examined; from these attributes a set of metrics are defined for the purpose of measuring the security-relevant strengths and weaknesses of all plausible methods of certificate revocation. Each method is examined and ranked according to security strength. Conclusions regarding certificate revocation use within Department of Defense are made and further study within the field is suggested.
Type
Thesis
Description
Series/Report No
Department
Information Technology Management
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 85 p. : ill. (some col.) ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.