Abstract

When relying on public key infrastructure (PKI) for authentication, whether a party can be trusted primarily depends on its certificate status. Bob's certificate status can be retrieved by Alice through her interaction with Certificate Authority (CA) in the PKI. More specifically, Alice can download Certificate Revocation List (CRL) and then check whether the serial number of the Bob's certificate appears in this list. If not found, Alice knows that Bob can be trusted. Once downloaded, a CRL can be used offline for arbitrary many times till it expires, which saves the bandwidth to an extreme. However, if the number of revoked certificates becomes too large, the size of the CRL will exceed the RAM of Alice's device. This conflict between bandwidth and RAM consumption becomes even more challenging for the Internet-of-Things (IoT), since the IoT end-devices is usually constrained by both factors.