1999 Conferences

3rd CACR Information Security Workshop

Peter Williams, ValiCert

Certificate Validation and the Online Certificate Status Protocol

Digital Certificates are fast becoming the mechanism of choice for authentication on the Internet. Developers building applications that use digital certificates are faced with an array of established validation mechanisms to choose from. Additionally, the many applications supporting certificate-based transactions require different approaches for validating certificates. These include traditional validation mechanisms such as Certificate Revocation Lists (CRLs), the newly proposed Online Certificate Status Protocol (OCSP), as well as ValiCert's unique Certificate Revocation Trees (CRTs). Which approach offers the most advantages to a developer, and what are the trade-offs for each approach? This presentation will review and assess the various validation standards available to developers for building certificate-based applications.

Speaker Bio
Peter Williams has worked as PKI researcher and architect for 9 years, and has been involved in a series of high-profile EEC, NASA, and commercial CA deployments, including a DoD pilot. He joined ValiCert as an operational security practices designer in 1998, after leaving VeriSign, Inc, where he worked since the companies Internet debut on a variety of high-profile systems infrastructure projects. He is the co-author of an 1999 Addison-Wesley book entitled "Digital Certificates - Applied Internet Security."

Company Profile
ValiCert delivers a universal, high-performance solution for assuring the integrity of secure communications and electronic commerce transactions over the Internet. ValiCert's products and services enable organizations to securely and rapidly manage the validation of digital certificates, and provide enterprise developers and ISVs with the tools to build applications that incorporate certificates. The company has partnerships with leading worldwide providers of security services and products.