We present a solution for the problem of certificate revocation. This solution represents Certificate Revocation Lists by authenticated dictionaries that support (i) efficient verification whether a certificate is in the list or not, and (ii) efficient updates (adding/removing certificates from the list). The suggested solution gains in scalability, communication costs, robustness to parameter changes and update rate. Comparisons to the following solutions (and variants) are included: `traditional' CRLs (Certificate Revocation Lists), Micali's Certificate Revocation System (CRS) and Kocher's Certificate Revocation Trees (CRT). We also consider a scenario in which certificates are not revoked, but frequently issued for short-term periods. Based on the authenticated dictionary scheme, a certificate update scheme is presented in which all certificates are updated by a common message. The suggested solutions for certificate revocation and certificate update problems is better than curren..
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.