Evaluation of certificate validation mechanisms

In this article we evaluate different certificate validation mechanisms to be possibly used within the Wireless Public Key Infrastructure (W-PKI). An implementation of a standard compliant signed content application offering full PKI functionality served as means for evaluating different mechanisms. We compared short-lived certificates, Certificate Revocation Lists (CRLs), the Online Certificate Status Protocol (OCSP) and the XML Key Management Specification (XKMS) with regard to security, interoperability, complexity and performance in terms of size and scalability. The evaluation has lead to propose OCSP for delegated certificate validation. It has to be pointed out though, that OCSP should be enhanced with full delegation capabilities, such as the ones offered by XKMS.