Author(s)

Johannes BUCHMANN, Vangelis KARATSIOLIS

Technische Universit?t Darmstadt, Department of Computer Science, Cryptography and Computeralgebra, Darmstadt, Germany.

The Server-Based Certificate Validation Protocol allows PKI clients to delegate to a server the construction or validation of certification paths. The protocol’s specification focuses on the communication between the server and the client and its security. It does not discuss how the servers can efficiently locate the necessary PKI resources like certificate or certificate revocation lists. In this paper we concentrate on this topic. We present a simple and effective method to facilitate locating and using various PKI resources by the servers, without modifying the protocol. We use the extension mechanism of the protocol for notifying the servers about PKI repositories, certificates, and revocations. We specify the tasks of the servers and certificate issu-ers and define the messages that are exchanged between them. A proof of concept is given by implementing an SCVP server, a client, and the proposed method in Java.

SCVP, Certification Path, Certification Path Construction, Certification Path Validation, X.509 Certificate

J. BUCHMANN and V. KARATSIOLIS, "Notification Services for the Server-Based Certificate Validation Protocol," International Journal of Communications, Network and System Sciences, Vol. 2 No. 5, 2009, pp. 378-384. doi: 10.4236/ijcns.2009.25042.