Generalized certificate revocation

Carl A. Gunter, Trevor Jim

Research output: Contribution to journalConference articlepeer-review


We introduce a language for creating and manipulating certificates, that is, digitally signed data based on public key cryptography, and a system for revoking certificates. Our approach provides a uniform mechanism for secure distribution of pubic key bindings, authorizations, and revocation information. An external language for the description of these and other forms of data is compiled into an intermediate language with a well-defined denotational and operational semantics. The internal language is used to carry out consistency checks for security, and optimizations for efficiency. Our primary contribution is a technique for treating revocation data dually to other sorts of information using a polarity discipline in the intermediate language.

Original languageEnglish (US)
Pages (from-to)316-329
Number of pages14
JournalConference Record of the Annual ACM Symposium on Principles of Programming Languages
StatePublished - Dec 3 2000
Externally publishedYes
EventPOPL'00 - The 27th ACM SIGPLAN-SIGACT Symposium on Principles og Programming Languages - Boston, MA, USA
Duration: Jan 19 2000Jan 21 2000

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Generalized certificate revocation'. Together they form a unique fingerprint.

Cite this