Abstract: This paper describes the principle of the mechanism of certificate revocation based on OCSP, and proposes a policy evaluating model focusing on the single service mode of OCSP. The model based on queuing theory simplifies and abstracts the mechanism. According to the model, the revocation policies about OCSP are evaluated, and several parameters effecting on the system such as queuing time, net bandwidth and verifying velocity are discussed. And it analyzes multi-service model.

Key words: on-line certificate status protocol(OCSP), certificate revocation list(CRL), PKI, queuing theory

摘要： 阐述了在线证书状态协议(OCSP)方式的证书撤销机制的原理，针对单服务员模式建立了一个策略评估模型。该模型基于排队理论对系统机制进行了简化和抽象，通过该模型对OCSP方式的证书撤销策略进行评价，结合模型对影响系统的排队时间、网络带宽、验证速度等相关参数进行了讨论，分析了机制中的多服务员模型。

关键词: 在线证书状态协议, 证书撤销列表, PKI, 排队论

CLC Number: 

• TP393.08