• Login
    View Item 
    •   SMARTech Home
    • Institute for Information Security & Privacy (IISP)
    • Institute for Information Security & Privacy Cybersecurity Lecture Series
    • View Item
    •   SMARTech Home
    • Institute for Information Security & Privacy (IISP)
    • Institute for Information Security & Privacy Cybersecurity Lecture Series
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Revocations Are Dead, Long Live Revocations

    Thumbnail
    View/Open
    levin.mp4 (324.4Mb)
    levin_videostream.html (985bytes)
    Date
    2018-01-12
    Author
    Levin, David
    Metadata
    Show full item record
    Abstract
    The importance of the web’s public key infrastructure (PKI) cannot be overstated: it is what allows users to know with whom they are communicating online. Central to its correct operation is the ability to “revoke” certificates in the wake of a compromised key. For revocations to work: (1) website administrators must request to have their certificates revoked, (2) browser manufacturers must regularly check for revocations, and (3) above all, no one should share their private keys. Using Internet-wide measurements, I will show that all of these are violated on a regular basis, largely due to perverse economic incentives. I will also present a promising path forward: a new system, CRLite, that compactly represents all revocations in only tens of kilobytes per day. CRLite shows that, at last, it is feasible for every client to download every revocation everyday.
    URI
    http://hdl.handle.net/1853/59326
    Collections
    • Institute for Information Security & Privacy Cybersecurity Lecture Series [118]

    Browse

    All of SMARTechCommunities & CollectionsDatesAuthorsTitlesSubjectsTypesThis CollectionDatesAuthorsTitlesSubjectsTypes

    My SMARTech

    Login

    Statistics

    View Usage StatisticsView Google Analytics Statistics
    • About
    • Terms of Use
    • Contact Us
    • Emergency Information
    • Legal & Privacy Information
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    • Login
    Georgia Tech

    © Georgia Institute of Technology

    • About
    • Terms of Use
    • Contact Us
    • Emergency Information
    • Legal & Privacy Information
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    • Login
    Georgia Tech

    © Georgia Institute of Technology