Theoretical Analysis of Issuing Mechanism in Distributive Digital Certificate Revocation List

Abstract

The core of large-scale PKI (Public Key Infrastructure) is digital certificate, while in the service of certificate, the existing factors of password disclosure and expiration will lead to the certificate invalidation. Presently, PKI Administration always adopts the method of Certificate Revocation List ('CRL') to summarize the invalidation certificate. However, the biggest bottleneck of CRL application is the high peak value requirement rate for CRL storage, which will require the hardware unit with high performance but expensive price. The paper attempted to refine the CRL issuing mechanism in network structure based on the distributive concept of P2P network and then put forward a new issuing mechanism, distributive CRL issuing. Meanwhile, we took the theoretical analysis for it and the result has showed its advantages.