论文部分内容阅读
分析了Internet公钥基础设施中公钥证书撤销的各种方法,研究了各种方法的优缺点。提出把前向安全数字签名技术应用于CA对撤销信息的签名的新方法,从而确保在CA的签名密钥泄露的情况下将损失减小到最小,新方法适用于现存所有证书撤销方案。
Various methods of revocation of public key certificates in Internet public key infrastructure are analyzed, and the advantages and disadvantages of various methods are studied. A new method of applying forward-secure digital signature technology to the CA’s signature of revocation information is proposed to ensure that the loss will be minimized if the CA’s signature key is compromised. The new method is applicable to all existing certificate revocation schemes.