摘要
根据PKI证书撤销机制的评价标准 ,对当前几种证书撤销机制———分段式CRLs ,Delta CRLs和重叠发布CRLs进行了分析比较 .针对这几种机制的优缺点 ,提出了一种新的PKI证书撤销机制———重叠发布滑动窗口分段式Delta CRLs ,分析了该机制的性能 .该机制减小了信任方所需下载的CRL大小 ,降低了CRL库的峰值负荷和平均负荷 ,改善了时间碎片问题和可扩展性问题 .
Based on the criteria of certificate revocation mechanism in PKI, this paper analyzed and compared among several popular certificate revocation mechanisms, such as segmented CRLs, Delta CRLs and Over issued CRLs. Aiming at the advantages of the mechanisms and its disadvantages, it put forward a new certificate revocation mechanism in PKI: Over issued sliding window segmented Delta CRLs and analyzed the performances of this method. The mechanism minimized the size of CRLs that relying parties had to download, the peak and average loads on CRL repositories, alleviated time granularity and scalability.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2002年第11期13-15,共3页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家保密局资助项目