Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9  4.5  Key Management and Certificate Lifecycles
           9  4.5.5  Revocation

Previous Topic/Section
4.5.5  Revocation
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.5.1  Status Checking
Next Topic/Section

Certificate Revocation Techniques

Several methods for certificate revocation by managing entities are currently in place. The older method employs a list of keys that cannot be trusted being held in a CRL (Certificate Revocation List), which is a time-stamped list of no-longer-valid certificates signed by the CA’s private key. One of the issues with this is that the CA may generate a new CRL only once a day, so revocations do not happen immediately. If an e-commerce site’s private key has been compromised, the amount of time it takes for the key to appear in the CRL could be an issue. Another issue with CRL’s is that they are distributed with a specific lifetime, and often cached on intermediate systems. If a system cannot reach the CA, it will attempt to use the existing, cached CRL, and it may find that it is out of date.

Although many CA’s still make use of the CRL method, the newer method is the OCSP406 (Online Certificate Status Protocol). OCSP allows for on-line checking of certificate validity, by sending a request to a web site containing information on valid certificates. Thus, it tends to use more up-to-date data than the CRL approach uses. The drawback is that the client must be on-line to the network containing the CA, in order to contact the site furnishing validity data via OCSP. This may not be an issue in corporate environments using an internal CA, since network connectivity is assumed.


 __________________

406. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci784421,00.html

Previous Topic/Section
4.5.5  Revocation
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.5.1  Status Checking
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.