FcgiOCSP: a scalable OCSP‐based certificate validation system exploiting the FastCGI interface. (6th August 2012)
- Record Type:
- Journal Article
- Title:
- FcgiOCSP: a scalable OCSP‐based certificate validation system exploiting the FastCGI interface. (6th August 2012)
- Main Title:
- FcgiOCSP: a scalable OCSP‐based certificate validation system exploiting the FastCGI interface
- Authors:
- Berbecaru, Diana
Casalino, Matteo M.
Lioy, Antonio - Other Names:
- Di lorio Angelo guestEditor.
Rossi Davide guestEditor.
Zacchiroli Stefano guestEditor. - Abstract:
- SUMMARY: Certificate validation, one of the most important and complex tasks in Public Key Infrastructures, is still a challenging topic nowadays because of the scalability and complexity issues related to this process. Validation of an X.509 certificate requires checking its revocation status, either by consulting the so‐called Certificate Revocation Lists or by contacting a specific server via the Online Certificate Status Protocol (OCSP). Because more and more entities extensively need to validate the certificates used for various purposes (such as digital signature, server authentication, and secure e‐mail), the OCSP servers become overloaded. Thus, an increasing effort is currently dedicated to the creation and management of scalable certificate validation architectures. In this work, we discuss scalability challenges in OCSP‐based certificate validation, and we propose a method to evaluate the OCSP server performance in stress conditions. Next, we experimentally measure the performance, expressed in terms of response time and throughput, of some open‐source OCSP implementations. Finally, we propose and evaluate our own scalable OCSP‐based certificate validation system, named FcgiOCSP, as it exploits the FastCGI interface. Experimental results demonstrate the high performance of FcgiOCSP with respect to other OCSP implementations evaluated in this work. Copyright © 2012 John Wiley & Sons, Ltd.
- Is Part Of:
- Software, practice & experience. Volume 43:Number 12(2013)
- Journal:
- Software, practice & experience
- Issue:
- Volume 43:Number 12(2013)
- Issue Display:
- Volume 43, Issue 12 (2013)
- Year:
- 2013
- Volume:
- 43
- Issue:
- 12
- Issue Sort Value:
- 2013-0043-0012-0000
- Page Start:
- 1489
- Page End:
- 1518
- Publication Date:
- 2012-08-06
- Subjects:
- security -- X.509 certificate validation -- scalable OCSP architecture -- PKI
Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2148 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 1781.xml