Generalized certificate revocation
- 5 January 2000
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 316-329
- https://doi.org/10.1145/325694.325736
Abstract
We introduce a language for creating and manipulating certificates, that is, digitally signed data based on public key cryptography, and a system for revoking certificates. Our approach provides a uniform mechanism for secure distribution of public key bindings, authorizations, and revocation information. An external language for the description of these and other forms of data is compiled into an intermediate language with a well-defined denotational and operational semantics. The internal language is used to carry out consistency checks for security, and optimizations for efficiency. Our primary contribution is a technique for treating revocation data dually to other sorts of information using a polarity discipline in the intermediate language.Keywords
This publication has 5 references indexed in Scilit:
- X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSPPublished by RFC Editor ,1999
- An authentication logic supporting synchronization, revocation, and recencyPublished by Association for Computing Machinery (ACM) ,1996
- Principles of programming with complex objects and collection typesTheoretical Computer Science, 1995
- Comprehension syntaxACM SIGMOD Record, 1994
- A logic of authenticationACM Transactions on Computer Systems, 1990