Towards Simplifying PKI Implementation: Client-Server based Validation of Public Key Certificates

Abstract: With real-time certificate validation checking, a public-key-using system that needs to validate a certificate executes a transaction with a specialized validation party. At the end of the transaction the validation party returns an indication about the validity status of the certificate. This paper analysis the public key (PbK) certificate validation service from a practical point of view by describing the implementation of a system that makes use of the Data Validation and Certification Server (DVCS) protocols to provide certificate validation service to the Relying Parties (RPs). However the system is not restricted to use only the specified protocol and allows the integration of other validation protocols or mechanisms. Our implementation efforts emphasize the possibility to pursue a specific RP tradeoff between timeliness, security and computational resource usage via dynamic selection of several configurable options.