摘要
提出一种基于LDAP目录服务的OCSP(Online Certificate Status Protocol)实现模型。新模型使用LDAP目录数据库存储OCSP响应器中的证书撤销数据,同时记录实体间证书验证关系;响应器为服务的实体提前收集验证证书的撤销信息,提前准备签名,部分减少了OCSP响应器对撤销数据库的搜索范围和签名时间。实验结果表明,这一方法降低了OCSP平均响应时间,提高了响应器的性能。
This article gives a new implementation model of OCSP based on LDAP directory services.In the new model,data of certificate revocation of OCSP responder is stored in LDAP directory database,and the relationship of certificate authentication between entries is recorded at the same time.The responder gathers revocation information of authentication certificate for serving entries and signs response massage all in advance,it reduces in partial the search scope of revocation database and signing time when response massage constructed.The experimental results show that this model reduces the average response time of OCSP,servers performance is improved as well.
出处
《计算机应用与软件》
CSCD
2010年第4期283-285,共3页
Computer Applications and Software
关键词
证书撤销
LDAP
OCSP
Certificate revocation Lightweight directory access protocol(LDAP) Online certificate status protocol(OCSP)
