| 分段CRL的一种改进方案 |
| |
| 引用本文: | 王庆生,陈水霞.分段CRL的一种改进方案[J].计算机安全,2010(4):15-17. |
| |
| 作者姓名: | 王庆生 陈水霞 |
| |
| 作者单位: | 太原理工大学,计算机与软件学院,山西,太原,030024 |
| |
| 摘 要: | 证书撤销列表(CRL)是公开密钥基础设施中应用最为广泛的一种证书撤销机制。通过对基本CRL及分段CRL的分析,在分段CPL的基础上,提出了二次分段CRL。对于分段CRL中的尺寸越来越大以至于影响性能的分段,二次分段CRL根据不同于第一次的分段标准对其进行再次分段,改善了分段CRL中由于证书分类不平衡导致的性能下降问题,同时采用将各分段错开更新的方案,降低了CRL的峰值请求率。二次分段CRL由于通信量小,峰值请求率低,可扩展性好,适合于大规模的PKI系统。
|
| 关 键 词: | 公开密钥基础设施 证书撤销 证书撤销列表 分段证书撤销列表 二次分段证书撤销列表 |
An Improved Scheme of Segmented CRL |
| |
| WANG Qing-sheng,CHEN Shui-xia.An Improved Scheme of Segmented CRL[J].Network & Computer Security,2010(4):15-17. |
| |
| Authors: | WANG Qing-sheng CHEN Shui-xia |
| |
| Affiliation: | College of Computer and Software;Taiyuan University of Technology;Taiyuan;Shanxi 030024;China |
| |
| Abstract: | CRL is a widespread-used certificate revocation mechanism in PKI. A Secondary Segmented CRL was put forward based on the analysis of the traditional CRL and the Segmented CRL. Those segments which became bigger and bigger and therefore affecting the performance of the Segmented CRL was segmented the second time based on different standards. The Secondary Segmented CRL improves the decreasing performance of the Segmented CRL due to the unbalanced certificate classification. Furthermore, the peak request rate... |
| |
| Keywords: | PKI certificate revocation CRL Segmented CRL Secondary Segmented CRL |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
