Notification of Certificate Revocation Status between Different
Domains under a PKI System
Y. Miyake, J. Millen, G. Denker, T. Tanaka, and K. Nakao.
In Information Processing Society Japan (IPSJ) Journal, June 2003.
When public key certificates are used to control access by a clie
nt in
one domain to a server in another domain, the certificate revocat
ion
status should be distributed to the server domain too. For securi
ty
reasons, the distribution of information to other domains should
be
minimized, and external distribution points are subject to attack
from
third parties on the Internet. In this paper, we propose a mechan
ism
to securely convey the current revocation status of certificates
to
other domains under a PKI (Public Key Infrastructure) system in t
he
Web environment. Because our proposal does not need to modify sta
ndard
browsers, we can introduce the proposed method into the current W
eb
environment easily. We implemented a prototype system, and evalua
ted
the system to prove its effectiveness.