摘要
本文分析了几种主要的CRL机制及OCSP协议,并提出了一种离线模式下CRL机制的改进方案——基于P2P分布式CRL列表的证书撤消系统,此系统利用CRL发布点技术与重叠发布增量CRL机制相结合的理念,在数据源上对传统CRL列表发布机制进行了改进。在机制中运用P2P技术实现了CRL资源的共享,并将传统的CRL发布的C/S体系结构改进成分散化的P2P结构,使整个网络的信息流量分散化,这不仅降低了系统负荷而且还发挥了对等网中资源版本越多越有利于资源的发现和共享的特点,提高了用户查询CRL列表的及时性,加强了CRL列表的离线性能。经实践证明,方案具有较好的可行性。
In this paper we analyses existing CRL schemes and Online Certificate Status Protocol, then we describe an improved scheme of off-line CRLs-a distributed system for certificate revocation, based on peer-to-peer distribution of CRLs,this system has improved traditional CRL scheme in source data by distribution points together with Over-issued Delta CRLs,Sharing CRLs can be realized in this system by peer-to-peer technology. This scheme has improved traditional client/server scheme to dispersive peer-to-peer scheme, and has dispersed information of the whole network. This scheme not only reduce the load on system but also exert characteristic of peer-to-peer technology, that is it have more resource more resource can be discovered and shared. This scheme has improved the timeless requirements and achieved good off-line functionary. By testing, this scheme has good feasibility.
出处
《微计算机信息》
北大核心
2006年第09X期100-101,99,共3页
Control & Automation