« Progress at Amazon | Main | Patent Medicine »
Sorting out certificate validation
Dr. Bob Dulude, CoreStreet’s CSO, has just written a handy whitepaper comparing the security aspects of three approaches to digital certificate validation. There’s been a fair amount of misinformation (perhaps disinformation) on this important topic and “Vulnerability Analysis of Certificate Validation Systems” is 12 pages of serious record-straightening.
Bob’s paper, while not up to the comedic standards expected by the reader(s) of this blog, is an excellent high-level technical overview of the main issues. The conclusion is that Distributed OCSP (D-OCSP) has the most favorable security characteristics against denial-of-service, intrusion and replay attacks.
January 26, 2004 | Permalink
