Caching alternatives for a MANET-oriented OCSP scheme

Even though mobile ad hoc networks (MANETs) have been receiving increasing attention for more than a decade, many issues still remain unsolved, including the implementation and design of adequate security and trust mechanisms. The infrastructure-less nature of MANETs renders trust establishment a rather complex issue. Many solutions using public key cryptography and digital certificates have been proposed in this direction. However, the problem of certificate revocation and certificate status information distribution in MANETs has not yet been fully addressed. ADOPT (Ad-hoc Distributed OCSP for Trust) proposes the deployment of a lightweight, distributed, on-demand scheme based on cached OCSP responses, which can efficiently provide up-to-date certificate status information. As accurate and current revocation information is critical for any application based on public key certificates, ADOPT's caching mechanism should ensure that cached responses are updated regularly. This paper discusses caching issues and time parameters concerning ADOPT and proposes various alternatives that fit into different scenarios.