Privacy-Preserving Revocation Checking

Digital certificates signed by trusted Certification Authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration time, it is not uncommon that a certificate needs to be revoked prematurely. For this reason, whenever a client (user or program) needs to assert the validity of another party's certificate, it performs a certificate revocation check. There are several revocation techniques varying in both the operational model and underlying data structures. One common feature is that a client typically contacts some third party (whether trusted, untrusted or semi-trusted) and obtains some evidence of either revocation or validity (non-revocation) for the certificate in question.