The Inherent Problem of an Outdated Certificate Revocation System

As the survey shows, even if the configuration is strict, the user will be affected, the certificate check process will time out and you will not be allowed to connect to a valid certificate. The theoretical framework in which the research project focuses begins with how the certificate revocation system functions from the server to the browser. This will discuss how each major browser handles revocation of certificates. With all news about heart disease, this research project discusses issues related to certificate revocation.

X.509 certificate is another topic. Please do not leave details in the meantime. For the purposes of this article, we will describe how the authentication revocation process works. This is done by exposing a secret revocation message signed with a private key. The certificate will take effect immediately, so you do not have to wait for the block chain acknowledgment. To further enhance security, you can activate two-factor authentication. In this way, even if the private SSL certificate is damaged in some way, we need to add a layer of security to deal with it.

I want to keep the possibility of revoking the certificate. It is because I am worried that I missed the fundamental flaws of the design and may need to invalidate the first attempt. The undo of the current system (version 1) is not actually deleted - you can not delete information from the block chain - but you can let the issuer or recipient know that the certificate is not recognized . It is effective. More professionally, I will create two outputs, including $ 0.01. One is for recipients and the other is for publisher. To revoke a certificate, both parties only need to use the output they manage. In this sense, what everyone has to agree is more consensual. Our viewer code follows this convention and checks whether an invalidation tag is set, but other viewer code can choose to ignore it. The two possible directions are Version Control and Maintenance Revocation List.

In the compliance specification, the latest revocation information is packaged with a digital signature and associated certificate chain (such as a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) response indicating that the certificate is not revoked) You need to specify how to do it. In addition, compliance specifications must specify behavior when revocation information is not included or has not been completed. In compliance specifications, if there is revocation information, you need to specify that it is necessary to attempt to verify the revocation information in the widget processing environment. Compliance with the specification should state that the revocation information is stale or invalid.