检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]电子科技大学计算机科学与工程学院电子科技大学-卫士通信息安全实验室 [2]电子科技大学计算机科学与工程学院
出 处:《计算机科学》2005年第4期133-136,139,共5页Computer Science
基 金:国家863计划项目(863-104-03-01)
摘 要:针对当前PKI应用规模的变化,提出了一种新模型:增量-过量发布综合模型。该模型采用将Delta-CRLs的Base CRL过量发布来实现。通过比较表明,该方式既可以减小信任方下载的CRL大小,改善了响应时间,减少时间碎片;又可以降低对Base CRL峰值请求率,从而降低对存储库的峰值带宽和平均负荷。文中同时指出,增量-过量发布综合模型优于传统模型和增量模型,但其发布性能依赖于PKI系统的证书有效期、证书吊销率、Delta CRL的颁发周期和时间跨度。Delta CRL的颁发周期越长,时间跨度越大,证书吊销率越高,证书有效期越短,过量发布Base CRL所带来的性能优化就越小。因此,增量-过量模型适合于在Delta CRL的颁发周期和时间跨度较短、证书吊销率不高、证书有效期较长的大型PKI系统中。According to the change of application scale of PKI system currently, an improved model: the Delta and over-issued CRL synthesis model is presented, it is realized by that Base CRL of Delta-CRLs is over-issued. Com- pared to other models, the improved model minimizes the size of CRL which can accelerate to response time and time piece, as well as the peak request rate for Base CRL, the peak bandwidth and average loads on CRL repositories. Si- multaneously it is presented in this paper that the improved model is better than traditional model and Delta-CRLs, but the issuance performance of the improved model depends on the rate of certificate revocation, period of certificate validity, time span and issue periods on Delta CRL. Rate of certificate revo-cation is more higher, time span and issue periods on Delta CRL is more longer and period of certificate validity is more shorter, the performance improvement by over-issued Base CRL is more less. So the improved model is fit for the large-scale PKIs whose rate of certificate revo-cation is not high, period of certificate validity is more longer, time span and issue periods on Delta CRL is more shorter.
关 键 词:证书撤消列表 过量发布 证书吊销率 时间跨度 证书有效期 PKI
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.15.0.151
