A survey and security strength classification of PKI certificate revocation management implementations
MacMichael, John L.
MetadataShow full item record
In this thesis, I define all currently operational, proposed, and theoretically possible methods of certificate revocation. The role of certificate revocation within the larger scheme of PKI is examined and the mandates upon Department of Defense from the Certification Practices Statement (CPS) and Certificate Policy (CP) are examined. A "best case" model for revocation is suggested. The security attributes affecting certificate revocation are examined; from these attributes a set of metrics are defined for the purpose of measuring the security-relevant strengths and weaknesses of all plausible methods of certificate revocation. Each method is examined and ranked according to security strength. Conclusions regarding certificate revocation use within Department of Defense are made and further study within the field is suggested.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
A CyberCIEGE scenario illustrating PKI interoperability issues through e-mail communications in a corporate environment Ng, Teng Teng. (Monterey, California. Naval Postgraduate School, 2011-12);To help educate computer/network users and administrators on the complexities and potential implementation pitfalls of PKI, the work outlined in this thesis extended the CyberCIEGE computer security simulation game with ...
Installation, configuration and operational testing of a PKI certificate server and its supporting services Kelly, Amanda M.; Ambers, Vanessa P. (Monterey California. Naval Postgraduate School, 2004-06);Public key infrastructure (PKI) was created to provide the basic services of confidentiality, authenticity, integrity and non-repudiation for sensitive information that may traverse public (un-trusted) networks. This thesis ...
Requirements for the deployment of Public Key Infrastructure (PKI) in the USMC Tactical Envioronment Stocks, Alan R. (2001-06);Marine forces are expeditionary in nature yet require the full range of Public Key infrastructure (PKI) services at deployed sites with limited bandwidth and access to their respective Registration Authority (RA). The ...