Search: 

Home > CoreStreet Products > MiniCRL

• The CoreStreet Advantage
• CoreStreet Products
  • Public Key Infrastructure
  • PIVMAN System
  • Physical Access Control
• CoreStreet Solutions
  • Government
  • Business and Industry
  • Identity Services Infrastructure
• About CoreStreet
• Subscribe
• Contact Us
  • Americas
  • APAC
  • EMEA
• Support

MiniCRL

---

MiniCRLs, a new CoreStreet technology, are a more efficient representation for the list of revoked certificates from a certificate issuer. The MiniCRL standard offers all of the security and management simplicity of traditional CRLs, but allows full transmission of the revocation list using only 3% of the bandwidth of a full X.509 CRL. In addition, MiniCRLs can allow a relying party to validate an individual certificate using a MiniCRL segment of only a few hundred bytes, regardless of the size of the full CRL.

Because MiniCRLs are so small, the bandwidth required between the Validation Authority and a Responder is small as well. Furthermore, a MiniCRL can be segmented, so the transmission from a Responder to a client is extremely small. MiniCRLs can be signed, are tamper-evident, and contain no secret information, so there is no security risk to Responders. Users can be widely scattered as adding additional Responders to a system is relatively cost-effective, and MiniCRLs are simple to compute, so the Validation Authority responders and clients have low computing requirements. The combination of the small size of a MiniCRL, and the ability to add as many Responders as a system requires means that a validation solution designed using MiniCRLs can scale to hundreds of millions of users. Additionally, MiniCRLs work with existing deployments as they're based on the CRL standard which is already accepted industry-wide.

Advantages/Disadvantages

• Tiny bandwidth between CA and responders
• Small bandwidth between responder and clients
• No trusted responders required
• Scales to hundreds of millions of users
• Computationally simple (no signing per transaction)
• Works with all issued certificates
• Not yet adopted as an industry standard

Suitable Applications

A MiniCRL solution works well for deployments with anywhere from hundreds of thousands of users to a few million users, up to hundreds of millions of users. A nation which wanted to issue its citizens universal ID cards with validation information covering many different privileges could easily do so with the use of MiniCRLs. The extremely small bandwidth requirements between the Validation Authority and the responders make this technology an excellent choice for bandwidth-constrained environments such as submarines.

Copyright © 2008, CoreStreet Ltd. | Legal Notices | Privacy Policy | Glossary | Library | How to Buy | Contact |