?? 相關(guān)國(guó)際標(biāo)準(zhǔn).htm
字號(hào):
<html>
<!--BEGIN TIMESTAMP
MIIGajCCAVMCAQqgBxYFd2VuY24wggFDMEECAQAWGy9sZWFybi9sZXNzb24yL2No
YXB0ZXI3Lmh0bTAfMAcGBSsOAwIaBBTwwKLanLqgyEFjo7wt3oFIUivuNDA/AgEA
FhkvbGVhcm4vbGVzc29uMi90aXRsZTIuZ2lmMB8wBwYFKw4DAhoEFEbtZ+njNruB
jE+VnnTlScpIyOdSMD0CAQAWFy9sZWFybi9pbWFnZXMvYmFjazEuZ2lmMB8wBwYF
Kw4DAhoEFNE+svybihoJ5+CP9NffkVGpfedSMD0CAQAWFy9sZWFybi9pbWFnZXMv
YmFjazEuZ2lmMB8wBwYFKw4DAhoEFNE+svybihoJ5+CP9NffkVGpfedSMD8CAQAW
GS9sZWFybi9sZXNzb24yL3RpdGxlMi5naWYwHzAHBgUrDgMCGgQURu1n6eM2u4GM
T5WedOVJykjI51IwgAYJKoZIhvcNAQcCoIAwggT8AgEBMQkwBwYFKw4DAhowgAYJ
KoZIhvcNAQcBoIAEezB5AgEKMCowKAYIKwYBBQUHAgIwHDAPGghOZXRmcm9udDAD
AgEBGglUaW1lU3RhbXAwCAIBAIEAggEAMBcYDzIwMDAwMzEwMDIxNzMyWgIBAAIB
AKMfMAcGBSsOAwIaBBRaEpfXuPnzcyZWiBqp2wS174Q02YQCAemFAAAAAACgggLd
MIIC2TCCAkICARQwDQYJKoZIhvcNAQEEBQAwgcwxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxJTAjBgNVBAoTHE5l
dEZyb250IENvbW11bmljYXRpb25zLCBJbmMxIDAeBgNVBAsTF05ldEZyb250IEdy
YW5kVGltZSBSb290MSYwJAYDVQQDEx1OZXRGcm9udCBHcmFuZFRpbWUgU3Vic2Ny
aWJlcjEjMCEGCSqGSIb3DQEJARYUZ3RhZG1pbkBuZXRmcm9udC5jb20wHhcNMDAw
MzA5MDcxMjM4WhcNMDAwOTA2MDcxMjM4WjCBnDELMAkGA1UEBhMCQ04xDTALBgNV
BAgUBLGxvqkxDTALBgNVBAcUBLGxvqkxITAfBgNVBAoUGMW1t73Qxc+ivLzK9dPQ
z97U8MjOuavLvjEPMA0GA1UECxQGytCzobK/MREwDwYDVQQDEwhOZXRGcm9udDEo
MCYGCSqGSIb3DQEJARYZbWFya2V0aW5nQG5ldGZyb250LmNvbS5jbjCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAzssoreWB3uunipVJ5Pxz8xzfbCnGiv/wzHxT
PJzuJnLsHiypauuGcYVfIQw6gw6wKfd4+8lV0vdv8FqtoPQDUiZFNX9J9wso2My0
f4ljBnBCrlfAbh6lad6bkMuOAnfemxWQxFPTT4hNJaJ2i+/vUDeApBpMjgwiWIkb
XPsK5BMCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAvifvtxJDe0lHOXQ73iI6puiNv
J0M30SSptDiArX/0PW+Aum8MaAHt1NjDbm9dpe52YxT/VQqaOMt2nAzKOjjhvA16
RnDy3WgcqAw1mjNTcPUEuqmfHzHEKkI8aq5BS9YbNgNMLVT6QpDN10YP5NL4IRWT
tcbiLE9sGp2t+WJPSjGCAXkwggF1AgEBMIHSMIHMMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSUwIwYDVQQKExxO
ZXRGcm9udCBDb21tdW5pY2F0aW9ucywgSW5jMSAwHgYDVQQLExdOZXRGcm9udCBH
cmFuZFRpbWUgUm9vdDEmMCQGA1UEAxMdTmV0RnJvbnQgR3JhbmRUaW1lIFN1YnNj
cmliZXIxIzAhBgkqhkiG9w0BCQEWFGd0YWRtaW5AbmV0ZnJvbnQuY29tAgEUMAkG
BSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYBfNFRPU1prbty0hnOrUMtifMkBTtqT
/IRnWmss+YmDhLIwD19k63tfVA6BgDRYLpjtJhLfUnOs5WGIPZFQKTTqzoGfP2Ad
FfUTSVCE8/NkChOfr70Eh3nteYnFyaPQdZEe/uU41CU834ZO/j5XTdh5bJB+dUBG
h1U950xnbhuvqAAAAAA=
END TIMESTAMP-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta http-equiv="Content-Language" content="zh-cn">
<title>相關(guān)國(guó)際標(biāo)準(zhǔn)</title>
</head>
<body bgcolor="#FFFFFF">
<div align="center"><center>
<table border="0" width="691">
<tr>
<td width="100%"><p align="center"><img border="0" src="title2.gif" width="742" height="35"><br>
</td>
</tr>
</table>
</center></div><div align="center"><center>
<table border="0" width="691">
<tr>
<td width="100%"><blockquote>
<p align="center"><a href="../security.htm"><img src="../images/back1.gif" border="0" WIDTH="57" HEIGHT="20"></a></p>
</blockquote>
</td>
</tr>
</table>
</center></div><div align="center"><center>
<table border="0" width="691">
<tr>
<td bgcolor="#666633"><b><font size="2" color="#FFFFFF">相關(guān)國(guó)際標(biāo)準(zhǔn)</font></b></td>
</tr>
<tr>
<td width="100%"><blockquote>
<p align="left" style="line-height: 20px"><font size="2"><font color="#660066"><br>
</font><font color="#FFFFFF">——</font><font color="#660066">PKI (Public-Key
Infrastructure) 公鑰體系基礎(chǔ)框架。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">PKIX (Public-Key
Infrastructure Using X.509)使用X.509的公鑰體系基礎(chǔ)框架。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">X.500 由ISO和ITU提出的用于為大型網(wǎng)絡(luò)提供目錄服務(wù)的標(biāo)準(zhǔn)體系。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">X.509 為X.500提供驗(yàn)證(Authenticating)體系的標(biāo)準(zhǔn)。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">PKCS(Public Key
Cryptography Standards)公鑰加密標(biāo)準(zhǔn),為PKI提供一套完善的標(biāo)準(zhǔn)體系。<br>
</font></font></p>
<p align="left" style="line-height: 20px"><font color="#FFFFFF"><font size="2">——</font></font><font size="2"><font color="#660066">對(duì)于任何基于公鑰體系的安全應(yīng)用,必須確立其PKI。而電子簽證機(jī)關(guān)(CA)是PKI中的一個(gè)關(guān)鍵的組成部分,它主要涉及兩方面的內(nèi)容,即公鑰證書的發(fā)放和公鑰證書的有效性證明。在PKIX中,CA遵循X.509標(biāo)準(zhǔn)規(guī)范。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">X.509最早的版本X.509v1是在1988年提出的,到現(xiàn)在已升級(jí)到X.509v3,現(xiàn)將其涉及到的主要內(nèi)容以及與前版本的比較列于下表。<br>
</font></font></p>
<p align="center"><font color="#660066" size="2">X.509 PKI國(guó)際標(biāo)準(zhǔn)更新版本對(duì)照表</font></p>
<div align="center"><table border="1" width="80%" bordercolorlight="#C0C0C0" cellspacing="0" bordercolordark="#FFFFFF">
<tr>
<td width="100%" colspan="3"><p align="center"><font color="#660066" size="2">X.509 PKI 主要特性</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"> </td>
<td width="33%" align="center"><font color="#660066" size="2">X.509 v1 &
2</font></td>
<td width="34%" align="center"><font color="#660066" size="2">X.509 v3</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">證書信息</font></td>
<td width="33%" align="left"><font color="#660066" size="2">只有X.500
實(shí)體名,包括CA、證主(subject)名,證主公鑰及其有效期。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">充分?jǐn)U展,可包含任何信息。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">CA 規(guī)范</font></td>
<td width="33%" align="left"><font color="#660066" size="2">CA體系鼓勵(lì)帶交叉的層狀樹(shù)型結(jié)構(gòu),無(wú)信任限制規(guī)范。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">CA體系鼓勵(lì)帶交叉的層狀樹(shù)型結(jié)構(gòu),有信任限制規(guī)范。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">CA «證主
« 用戶 </font></td>
<td width="67%" align="left" colspan="2"><font color="#660066" size="2">CA、證主、用戶在概念上嚴(yán)格區(qū)分</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">CA «證主«
用戶信任關(guān)系</font></td>
<td width="33%" align="left"><font color="#660066" size="2">認(rèn)為每個(gè)用戶至少信任一個(gè)CA。CA無(wú)法操縱與其它CA、證主及用戶間的信任關(guān)系。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">認(rèn)為每個(gè)用戶至少信任一個(gè)CA。CA可以規(guī)范與其它CA及證主間的信任關(guān)系。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">證書有效性驗(yàn)證方式 </font></td>
<td width="33%" align="left"><font color="#660066" size="2">離線方式,通過(guò)檢查證書有效期及是否出現(xiàn)在最近的CRL(證書吊銷表)上。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">支持離線與在線方式。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">證書吊銷方法</font></td>
<td width="33%" align="left"><font color="#660066" size="2">簡(jiǎn)單CRL。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">復(fù)雜的CRL,通過(guò)功能擴(kuò)展支持在線方式。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">證書形式特點(diǎn)</font></td>
<td width="33%" align="left"><font color="#660066" size="2">身份形式的證書。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">主要還是身份形式的證書,但支持信任委托形式的證書。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">匿名性</font></td>
<td width="33%" align="left"><font color="#660066" size="2">匿名程度依賴于
X.500 條目的匿名程度。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">擴(kuò)展功能支持徹底的匿名服務(wù)。</font></td>
</tr>
</table>
</div><p align="left"> </p>
</blockquote>
</td>
</tr>
</table>
</center></div><div align="center"><center>
<table border="0" width="691">
<tr>
<td width="100%"><p align="center"><br>
<a href="../security.htm"><img src="../images/back1.gif" border="0" WIDTH="57" HEIGHT="20"></a><br>
<img border="0" src="title2.gif" WIDTH="742" HEIGHT="35"></td>
</tr>
</table>
</center></div>
</body>
</html>
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -