摘要: 对证书撤销机制进行了研究。指出基于有序顺序表的证书撤销列表方案的不足,提出一种基于二叉排序树的CRL方案。通过分析表明,该方案与传统CRL相比,能够减少证书用户查找撤销证书的平均查询次数,克服了顺序CRL在更新时移动记录的缺点,优化了系统性能,且方案易于实现。
关键词:
公钥基础设施,
证书撤销列表,
二叉排序树
Abstract: This paper discusses certificate revocation list (CRL). A CRL based on schedule storage is not perfect and it proposes a new CRL based on binary sorted tree. Compared to other methods, the new method can reduce the average search length that the certificate user looks for the revocative certificate compared with traditional CRL. It is capable of avoiding the disadvantage of the improved CRL that any update will cause the move of the records, and it optimizes the performance of the certificate revocation system. The scheme is easy to be realized.
Key words:
Public key infrastructure (PKI),
Certificate revocation list (CRL),
Binary sorted tree
中图分类号:
牟 颖;全太锋;袁 丁. 一种新型的证书撤销列表[J]. 计算机工程, 2007, 33(12): 169-171.
MOU Ying; QUAN Taifeng; YUAN Ding. New Certificate Revocation List[J]. Computer Engineering, 2007, 33(12): 169-171.