Abstract by Trevor Smith
Certificate Revocation Forests: Distributing the Revocation Problem
Tracking and communicating certificate revocations is essential to the security of the Internet. Current revocation strategies have security flaws, inefficiencies in deployment, or do not cover all certificates. We utilize minimalistic Certificate Revocation Trees (CRTs) to compress Certificate Revocation Lists (CRLs) into Certificate Revocation Forests (CRFs) to address these concerns. In particular we show how CRFs can be constructed by combining individually created CRTs from Certificate Authorities. We further show storage, bandwidth, and computational metrics for CRFs in comparison to other certificate revocation strategies. We finally discuss the implications of CRFs on current certificate public key infrastructure.