计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (1): 80-82.DOI: 10.3778/j.issn.1002-8331.2011.01.023

• 网络、通信、安全 • 上一篇    下一篇

基于P2P网络的Over-Issued CRL机制研究

邱 钊,陈明锐   

  1. 海南大学 信息科学技术学院,海口 570228
  • 收稿日期:2009-08-07 修回日期:2009-10-13 出版日期:2011-01-01 发布日期:2011-01-01
  • 通讯作者: 邱 钊

Research of Over-Issued CRL mechanism based on P2P network

QIU Zhao,CHEN Mingrui   

  1. College of Information Science & Technology,Hainan University,Haikou 570228,China
  • Received:2009-08-07 Revised:2009-10-13 Online:2011-01-01 Published:2011-01-01
  • Contact: QIU Zhao

摘要: 目前关于公钥基础设施(public key infrastructure)中证书撤销问题的主要解决方案是使用X.509证书撤销列表(Certificate Revocation List)来定期发布证书状态信息。现有的发布机制存在CRL存储库峰值负荷过重,导致PKI部署成本过高的问题。通过对Over-Issued CRL模型和P2P技术的分析,给出一种基于P2P网络和Over-Issued CRL发布机制,它结合了上述两种技术的优点,有效降低了CRL存储库峰值负荷。

Abstract: At present,the main solution scheme in public key infrastructure of certificate revocation problem is to use X.509 certificate revocation list.The existing methods have some problems such that peak load on CRL repository is too heavy to deploy a large-scale PKI with reasonable cost.By analyzing Over-Issued CRL model and P2P network,an approach to distribute CRL is given based on the above models.It combines the advantages of above two models,reduces the peak load of CRL repository effectively.

中图分类号: