摘要
提出了一种应用证书撤消列表CRL(CertificaterevocationList)发布公钥基础设施PKI(Publickeyinfrastruc ture)证书状态信息新模型 :分段 过量发布综合模型 ,该模型采用先将CRL分段 ,然后各段独立过量发布的方式来实现 .通过分析表明 ,该方式既可以减少CRL的长度 ,使存储库以更快的速度提供请求服务 ,又可以降低峰值请求率、峰值带宽和平均负荷 ,减少时间碎片 ,满足大规模PKI对证书撤消的要求 .
An improved model: the segmented and over-issued CRL synthesis model, which issues certificate status information with certificate revocation list in public key infrastructure's presented. It is realized by that CRL is segmented first, and then over-issued. Compared to other models, the improved model minimizes the size of CRL which can accelerate to request service, as well as the peak request rate, peak bandwidth, average loads and time piece on CRL repository. The improved model is fit for the large-scale PKIs according to the requirements.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2005年第2期227-230,共4页
Acta Electronica Sinica
基金
现代通信国家重点实验室基金 (No.51 4 360 50 2 0 3DZ0 2 1 0 )
