Certificate revocation system implementation based on the Merkle Hash Tree
Rights accessRestricted access - publisher's policy
Public-key cryptography is widely used to provide Internet security services. The public-key infrastructure (PKI) is the infrastructure that supports the public-key cryptography, and the revocation of certificates implies one of its major costs. The goal of this article is to explain in detail a certificate revocation system based on the Merkle hash tree (MHT) called AD–MHT. AD–MHT uses the data structures proposed by Naor and Nissim in their authenticated dictionary (AD) . This work describes the tools used and the details of the AD–MHT implementation. The authors also address important issues not addressed in the original AD proposal, such as responding to a request, revoking a certificate, deleting an expired certificate, the status checking protocol for communicating the AD–MHT repository with the users, verifying a response, system security, and, finally, performance evaluation.
CitationMuñoz, J. [et al.]. Certificate revocation system implementation based on the Merkle Hash Tree. "International journal of information security", Gener 2004, vol. 2, núm. 2, p. 110-124.