A response to “can we eliminate certificate revocation lists?”

Patrick McDaniel, Aviel Rubin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Scopus citations


The massive growth of electronic commerce on the Internet heightens concerns over the lack of meaningful certificate management. One issue limiting the availability of such services is the absence of scalable certificate revocation. The use of certificate revocation lists (CRLs) to convey revocation state in public key infrastructures has long been the subject of debate. Centrally, opponents of the technology attribute a range of semantic and technical limitations to CRLs. In this paper, we consider arguments advising against the use of CRLs made principally by Rivest in his paper “Can we eliminate certificate revocation lists?” [1]. Specifically, the assumptions and environments on which these arguments are based are separated from those features inherent to CRLs. We analyze the requirements and potential solutions for three distinct PKI environments. The fundamental tradeoffs between revocation technologies are identified. Prom the case study analysis we show how, in some environments, CRLs are the most efficient vehicle for distributing revocation state. The lessons learned from our case studies are applied to a realistic PKI environment. The result, revocation on demand, is a CRL based mechanism providing timely revocation information.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography - 4th International Conference, FC 2000, Proceedings
EditorsYair Frankel
PublisherSpringer Verlag
Number of pages14
ISBN (Print)3540427007
StatePublished - 2001
Event4th International Conference on Financial Cryptography, FC 2000 - Anguilla, Anguilla
Duration: Feb 20 2000Feb 24 2000

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other4th International Conference on Financial Cryptography, FC 2000

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'A response to “can we eliminate certificate revocation lists?”'. Together they form a unique fingerprint.

Cite this