Today's computer user has access to a wide variety of network resources, such as for online shopping, social networking, content sharing, and so on. Many such resources utilize some form of trust verification mechanism to prevent sensitive user information from being exposed to an unauthorized entity. One example of such a mechanism is a digital certificate, which can be used to determine whether a network resource that provides the digital certificate is a trusted resource.
Digital certificates are typically issued to network resources by a certificate authority (CA), which can first verify the identity and the trustworthiness of a network resource before issuing a digital certificate to the resource. Further, a computing device can maintain a list of CAs which the device trusts to issue digital certificates. If a computing device determines that a digital certificate received from a network resource was issued by a trusted CA, the computing device can determine that the network resource may also be trusted. Thus, the computing device can correspond with the network resource in a secure manner such that sensitive information may not be exposed to an unauthorized (e.g., untrusted) entity.
While digital certificates provide a convenient way to establish a trust relationship between a computing device and a network resource, some security risks are involved in the use of digital certificates. For example, an untrusted entity can obtain unauthorized access to a legitimate digital certificate such that the untrusted entity appears to be a trusted entity. Such impersonation of a trusted entity is often referred to as “spoofing.”
Since it is possible in some instances for an untrusted entity to obtain such unauthorized access to a legitimate digital certificate, it is useful to have the ability to revoke a digital certificate. For example, if a CA determines that a digital certificate has been imitated by an untrusted entity, the CA can issue information to computing devices indicating that the digital certificate is no longer valid and should not be relied upon to establish a trust relationship with a network resource.
However, current techniques for communicating digital certificate revocation information can be untimely and can cause revocation of a digital certificate to be undetected by a computing device for an extended period of time. In such scenarios, the computing device may continue to recognize a revoked digital certificate as legitimate, which may cause sensitive information to be exposed to an untrusted entity that provides the revoked digital certificate. Further, current techniques may be unsuccessful in communicating revocation information about a digital certificate if a network failure occurs during an attempt to communicate the revocation information to a computing device. In such a scenario, a computing device may not recognize the failed attempt to communicate the revocation information, and may continue to recognize a revoked digital certificate as legitimate.