ScienceDirect® Home Skip Main Navigation Links
You have guest access to ScienceDirect. Find out more.
 
Home
Browse
My Settings
Alerts
Help
 Quick Search
 Search tips (Opens new window)
    Clear all fields    
Computer Communications
Volume 29, Issue 3, 1 February 2006, Pages 291-305
Internet Security
 
Font Size: Decrease Font Size  Increase Font Size
 Abstract - selected
Article
Purchase PDF (825 K)

  E-mail Article   
  Add to my Quick Links   
Bookmark and share in 2collab (opens in new window)
Request permission to reuse this article
  Cited By in Scopus (2)
 
 
 
Related Articles in ScienceDirect
View More Related Articles
 
View Record in Scopus
 
doi:10.1016/j.comcom.2004.12.008    How to Cite or Link Using DOI (Opens New Window)
Copyright © 2005 Elsevier B.V. All rights reserved.

Evaluation of certificate validation mechanisms

T. Perlines HormannCorresponding Author Contact Information, ,1, E-mail The Corresponding Author, K. Wrona2, E-mail The Corresponding Author and S. Holtmanns3, E-mail The Corresponding Author

Ericsson Eurolab Deutschland GmbH, Ericsson Allee 1, 52134 Herzogenrath, Germany

Received 3 December 2004; 
accepted 3 December 2004. 
Available online 4 January 2005.

Purchase the full-text article



References and further reading may be available for this article. To view references and further reading you must purchase this article.

Abstract

In this article we evaluate different certificate validation mechanisms to be possibly used within the Wireless Public Key Infrastructure (W-PKI). An implementation of a standard compliant signed content application offering full PKI functionality served as means for evaluating different mechanisms. We compared short-lived certificates, Certificate Revocation Lists (CRLs), the Online Certificate Status Protocol (OCSP) and the XML Key Management Specification (XKMS) with regard to security, interoperability, complexity and performance in terms of size and scalability. The evaluation has lead to propose OCSP for delegated certificate validation. It has to be pointed out though, that OCSP should be enhanced with full delegation capabilities, such as the ones offered by XKMS.

Keywords: PKI; Short-lived certificates; CRLs; OCSP; XKMS

Article Outline

1. Introduction
2. Evaluation framework
3. Evaluation of certificate validation mechanisms
3.1. Security evaluation
3.1.1. Short-lived certificates
3.1.2. Certificate revocation lists (CRLs)
3.1.3. Online certificate status protocol (OCSP)
3.1.4. XML key management specification (XKMS)
3.2. Interoperability evaluation
3.2.1. Short-lived certificates
3.2.2. Certificate revocation lists (CRL's)
3.2.3. Online certificate status protocol (OCSP)
3.2.4. XML key management specification (XKMS)
3.3. Complexity evaluation
3.3.1. Short-lived certificates
3.3.2. Certificate revocation lists (CRLs)
3.3.3. Online certificate status protocol (OCSP)
3.3.4. XML key management specification (XKMS)
3.4. Performance evaluation
3.4.1. Size evaluation
3.4.2. Scalability evaluation
4. Summary of results
5. Related and future work
References
Vitae











Computer Communications
Volume 29, Issue 3, 1 February 2006, Pages 291-305
Internet Security
 
Home
Browse
My Settings
Alerts
Help
Elsevier.com (Opens new window)
About ScienceDirect  |  Contact Us  |  Information for Advertisers  |  Terms & Conditions  |  Privacy Policy
Copyright © 2008 Elsevier B.V. All rights reserved. ScienceDirect® is a registered trademark of Elsevier B.V.