Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/.2006.1629442
A. Slagell , Univ. of Illinois at Urbana-Champaign, USA
R. Bonilla , Univ. of Illinois at Urbana-Champaign, USA
W. Yurcik , Univ. of Illinois at Urbana-Champaign, USA
In this paper, PKI implementations, namely PKTX, SPKT and PGR are discussed. In all of these systems, there is a need to perform both efficient enrollment and revocation. We examined some of the more common certificate revocation methods. All of these solutions differ in how they balance the amount of communication between the directory and CA with the amount of communication between the directory and the end users. Additionally, some of them make trade-offs to work better in an offline environment. Lastly, we looked closely at some of the newer real-time PKI services such as OCSP, SCVP and DVCS. These services offer everything from real-time certificate status checking to complete certificate validation and verification. SCVP even allows organizations to create central points of management for all certificate handling and PKI policy enforcement. Depending on the goals and resources of a particular project, the most scalable PKI solution will look very different. Thus, it is impossible to say that PKI does or does not scale, but one can only say that a particular PM solution does or does not scale for their environment.
certificate revocation method, PKI implementation, public key infrastructure, enrollment
W. Yurcik, A. Slagell and R. Bonilla, "A survey of PKI components and scalability issues," Performance, Computing, and Communications Conference, 2002. 21st IEEE International(PCC), Phoenix, AZ, USA, 2006, pp. 64.