摘要
商用 CA或 PKI系统中主要使用定期颁布证书撤消列表 (CRL )来分发证书状态信息 ,但现有方法主要侧重于对 CRL的时间和空间特性改进 ,而对存储库性能的优化 ,尤其是如何有效降低存储库峰值负荷方面仍有一些未解决的问题 .本文通过对现有方法在存储库性能改进不力的分析 ,提出一个新的基于 Over- Issued CRL机制的证书状态信息分发方法 .它通过改变 Over- Issue发放的时间间隔 ,使得 CRL请求率大幅降低并迅速达到稳态 。
Certificate revocation list ( CRL) is mainly applied to distribute certificate status information in many commercial CA or PKI systems.However,there are some unsolved problems concerning how to op- timize the repository performance,especially on how to minimize peak loads on the repositories.The exist- ing methods putemphasis mainly on the improvements of timeliness and space capacity.By analyzing the deficiency of the old methods with regard to the improvement on repository performance,we are led to a new approach to distribute certificate status information based on the Over- Issued CRL mechanism.lt rapidly reduces the CRL inquiry rate to attain stability by adjusting the time interval of the Over- Issued CRL distribution in order to effectively minimize peak loads on the repositories.
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2002年第2期224-227,共4页
Journal of Zhejiang University:Engineering Science
