We introduce a language for creating and manipulating certificates, that is, digitally signed data based on public key cryptography, and a system for revoking certificates. Our approach provides a uniform mechanism for secure distribution of pubic key bindings, authorizations, and revocation information. An external language for the description of these and other forms of data is compiled into an intermediate language with a well-defined denotational and operational semantics. The internal language is used to carry out consistency checks for security, and optimizations for efficiency. Our primary contribution is a technique for treating revocation data dually to other sorts of information using a polarity discipline in the intermediate language.
|Original language||English (US)|
|Number of pages||14|
|Journal||Conference Record of the Annual ACM Symposium on Principles of Programming Languages|
|State||Published - Dec 3 2000|
|Event||POPL'00 - The 27th ACM SIGPLAN-SIGACT Symposium on Principles og Programming Languages - Boston, MA, USA|
Duration: Jan 19 2000 → Jan 21 2000
ASJC Scopus subject areas