liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Revocation Statuses on the Internet
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0003-3347-8716
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0003-1367-1594
2021 (English)In: Passive and Active Measurement, PAM 2021, SPRINGER INTERNATIONAL PUBLISHING AG , 2021, Vol. 12671, p. 175-191Conference paper, Published paper (Refereed)
Abstract [en]

The modern Internet is highly dependent on the trust communicated via X.509 certificates. However, in some cases certificates become untrusted and it is necessary to revoke them. In practice, the problem of secure certificate revocation has not yet been solved, and today no revocation procedure (similar to Certificate Transparency w.r.t. certificate issuance) has been adopted to provide transparent and immutable history of all revocations. Instead, the status of most certificates can only be checked with Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs). In this paper, we present the first longitudinal characterization of the revocation statuses delivered by CRLs and OCSP servers from the time of certificate expiration to status disappearance. The analysis captures the status history of over 1 million revoked certificates, including 773K certificates mass-revoked by Lets Encrypt. Our characterization provides a new perspective on the Internets revocation rates, quantifies how short-lived the revocation statuses are, highlights differences in revocation practices within and between different CAs, and captures biases and oddities in the handling of revoked certificates. Combined, the findings motivate the development and adoption of a revocation transparency standard.

Place, publisher, year, edition, pages
SPRINGER INTERNATIONAL PUBLISHING AG , 2021. Vol. 12671, p. 175-191
Series
Lecture Notes in Computer Science, ISSN 0302-9743
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:liu:diva-184856DOI: 10.1007/978-3-030-72582-2_11ISI: 000788003900011ISBN: 9783030725822 (electronic)ISBN: 9783030725815 (print)OAI: oai:DiVA.org:liu-184856DiVA, id: diva2:1658108
Conference
22nd Annual International Conference on Passive and Active Measurement (PAM), ELECTR NETWORK, mar 29-apr 01, 2021
Funder
Wallenberg AI, Autonomous Systems and Software Program (WASP)
Note

Funding Agencies|Wallenberg AI, Autonomous Systems and Software Program (WASP) - Knut and Alice Wallenberg Foundation

Available from: 2022-05-13 Created: 2022-05-13 Last updated: 2022-09-29

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Korzhitskii, NikitaCarlsson, Niklas
By organisation
Database and information techniquesFaculty of Science & Engineering
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 83 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf