📄 相关国际标准.htm
字号:
<html>
<!--BEGIN TIMESTAMP
MIIGajCCAVMCAQqgBxYFd2VuY24wggFDMEECAQAWGy9sZWFybi9sZXNzb24yL2No
YXB0ZXI3Lmh0bTAfMAcGBSsOAwIaBBTwwKLanLqgyEFjo7wt3oFIUivuNDA/AgEA
FhkvbGVhcm4vbGVzc29uMi90aXRsZTIuZ2lmMB8wBwYFKw4DAhoEFEbtZ+njNruB
jE+VnnTlScpIyOdSMD0CAQAWFy9sZWFybi9pbWFnZXMvYmFjazEuZ2lmMB8wBwYF
Kw4DAhoEFNE+svybihoJ5+CP9NffkVGpfedSMD0CAQAWFy9sZWFybi9pbWFnZXMv
YmFjazEuZ2lmMB8wBwYFKw4DAhoEFNE+svybihoJ5+CP9NffkVGpfedSMD8CAQAW
GS9sZWFybi9sZXNzb24yL3RpdGxlMi5naWYwHzAHBgUrDgMCGgQURu1n6eM2u4GM
T5WedOVJykjI51IwgAYJKoZIhvcNAQcCoIAwggT8AgEBMQkwBwYFKw4DAhowgAYJ
KoZIhvcNAQcBoIAEezB5AgEKMCowKAYIKwYBBQUHAgIwHDAPGghOZXRmcm9udDAD
AgEBGglUaW1lU3RhbXAwCAIBAIEAggEAMBcYDzIwMDAwMzEwMDIxNzMyWgIBAAIB
AKMfMAcGBSsOAwIaBBRaEpfXuPnzcyZWiBqp2wS174Q02YQCAemFAAAAAACgggLd
MIIC2TCCAkICARQwDQYJKoZIhvcNAQEEBQAwgcwxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxJTAjBgNVBAoTHE5l
dEZyb250IENvbW11bmljYXRpb25zLCBJbmMxIDAeBgNVBAsTF05ldEZyb250IEdy
YW5kVGltZSBSb290MSYwJAYDVQQDEx1OZXRGcm9udCBHcmFuZFRpbWUgU3Vic2Ny
aWJlcjEjMCEGCSqGSIb3DQEJARYUZ3RhZG1pbkBuZXRmcm9udC5jb20wHhcNMDAw
MzA5MDcxMjM4WhcNMDAwOTA2MDcxMjM4WjCBnDELMAkGA1UEBhMCQ04xDTALBgNV
BAgUBLGxvqkxDTALBgNVBAcUBLGxvqkxITAfBgNVBAoUGMW1t73Qxc+ivLzK9dPQ
z97U8MjOuavLvjEPMA0GA1UECxQGytCzobK/MREwDwYDVQQDEwhOZXRGcm9udDEo
MCYGCSqGSIb3DQEJARYZbWFya2V0aW5nQG5ldGZyb250LmNvbS5jbjCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAzssoreWB3uunipVJ5Pxz8xzfbCnGiv/wzHxT
PJzuJnLsHiypauuGcYVfIQw6gw6wKfd4+8lV0vdv8FqtoPQDUiZFNX9J9wso2My0
f4ljBnBCrlfAbh6lad6bkMuOAnfemxWQxFPTT4hNJaJ2i+/vUDeApBpMjgwiWIkb
XPsK5BMCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAvifvtxJDe0lHOXQ73iI6puiNv
J0M30SSptDiArX/0PW+Aum8MaAHt1NjDbm9dpe52YxT/VQqaOMt2nAzKOjjhvA16
RnDy3WgcqAw1mjNTcPUEuqmfHzHEKkI8aq5BS9YbNgNMLVT6QpDN10YP5NL4IRWT
tcbiLE9sGp2t+WJPSjGCAXkwggF1AgEBMIHSMIHMMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSUwIwYDVQQKExxO
ZXRGcm9udCBDb21tdW5pY2F0aW9ucywgSW5jMSAwHgYDVQQLExdOZXRGcm9udCBH
cmFuZFRpbWUgUm9vdDEmMCQGA1UEAxMdTmV0RnJvbnQgR3JhbmRUaW1lIFN1YnNj
cmliZXIxIzAhBgkqhkiG9w0BCQEWFGd0YWRtaW5AbmV0ZnJvbnQuY29tAgEUMAkG
BSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYBfNFRPU1prbty0hnOrUMtifMkBTtqT
/IRnWmss+YmDhLIwD19k63tfVA6BgDRYLpjtJhLfUnOs5WGIPZFQKTTqzoGfP2Ad
FfUTSVCE8/NkChOfr70Eh3nteYnFyaPQdZEe/uU41CU834ZO/j5XTdh5bJB+dUBG
h1U950xnbhuvqAAAAAA=
END TIMESTAMP-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta http-equiv="Content-Language" content="zh-cn">
<title>相关国际标准</title>
</head>
<body bgcolor="#FFFFFF">
<div align="center"><center>
<table border="0" width="691">
<tr>
<td width="100%"><p align="center"><img border="0" src="title2.gif" width="742" height="35"><br>
</td>
</tr>
</table>
</center></div><div align="center"><center>
<table border="0" width="691">
<tr>
<td width="100%"><blockquote>
<p align="center"><a href="../security.htm"><img src="../images/back1.gif" border="0" WIDTH="57" HEIGHT="20"></a></p>
</blockquote>
</td>
</tr>
</table>
</center></div><div align="center"><center>
<table border="0" width="691">
<tr>
<td bgcolor="#666633"><b><font size="2" color="#FFFFFF">相关国际标准</font></b></td>
</tr>
<tr>
<td width="100%"><blockquote>
<p align="left" style="line-height: 20px"><font size="2"><font color="#660066"><br>
</font><font color="#FFFFFF">——</font><font color="#660066">PKI (Public-Key
Infrastructure) 公钥体系基础框架。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">PKIX (Public-Key
Infrastructure Using X.509)使用X.509的公钥体系基础框架。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">X.500 由ISO和ITU提出的用于为大型网络提供目录服务的标准体系。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">X.509 为X.500提供验证(Authenticating)体系的标准。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">PKCS(Public Key
Cryptography Standards)公钥加密标准,为PKI提供一套完善的标准体系。<br>
</font></font></p>
<p align="left" style="line-height: 20px"><font color="#FFFFFF"><font size="2">——</font></font><font size="2"><font color="#660066">对于任何基于公钥体系的安全应用,必须确立其PKI。而电子签证机关(CA)是PKI中的一个关键的组成部分,它主要涉及两方面的内容,即公钥证书的发放和公钥证书的有效性证明。在PKIX中,CA遵循X.509标准规范。<br>
</font><font color="#FFFFFF">——</font><font color="#660066">X.509最早的版本X.509v1是在1988年提出的,到现在已升级到X.509v3,现将其涉及到的主要内容以及与前版本的比较列于下表。<br>
</font></font></p>
<p align="center"><font color="#660066" size="2">X.509 PKI国际标准更新版本对照表</font></p>
<div align="center"><table border="1" width="80%" bordercolorlight="#C0C0C0" cellspacing="0" bordercolordark="#FFFFFF">
<tr>
<td width="100%" colspan="3"><p align="center"><font color="#660066" size="2">X.509 PKI 主要特性</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"> </td>
<td width="33%" align="center"><font color="#660066" size="2">X.509 v1 &
2</font></td>
<td width="34%" align="center"><font color="#660066" size="2">X.509 v3</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">证书信息</font></td>
<td width="33%" align="left"><font color="#660066" size="2">只有X.500
实体名,包括CA、证主(subject)名,证主公钥及其有效期。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">充分扩展,可包含任何信息。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">CA 规范</font></td>
<td width="33%" align="left"><font color="#660066" size="2">CA体系鼓励带交叉的层状树型结构,无信任限制规范。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">CA体系鼓励带交叉的层状树型结构,有信任限制规范。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">CA «证主
« 用户 </font></td>
<td width="67%" align="left" colspan="2"><font color="#660066" size="2">CA、证主、用户在概念上严格区分</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">CA «证主«
用户信任关系</font></td>
<td width="33%" align="left"><font color="#660066" size="2">认为每个用户至少信任一个CA。CA无法操纵与其它CA、证主及用户间的信任关系。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">认为每个用户至少信任一个CA。CA可以规范与其它CA及证主间的信任关系。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">证书有效性验证方式 </font></td>
<td width="33%" align="left"><font color="#660066" size="2">离线方式,通过检查证书有效期及是否出现在最近的CRL(证书吊销表)上。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">支持离线与在线方式。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">证书吊销方法</font></td>
<td width="33%" align="left"><font color="#660066" size="2">简单CRL。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">复杂的CRL,通过功能扩展支持在线方式。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">证书形式特点</font></td>
<td width="33%" align="left"><font color="#660066" size="2">身份形式的证书。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">主要还是身份形式的证书,但支持信任委托形式的证书。</font></td>
</tr>
<tr align="center">
<td width="33%" align="center"><font color="#660066" size="2">匿名性</font></td>
<td width="33%" align="left"><font color="#660066" size="2">匿名程度依赖于
X.500 条目的匿名程度。</font></td>
<td width="34%" align="left"><font color="#660066" size="2">扩展功能支持彻底的匿名服务。</font></td>
</tr>
</table>
</div><p align="left"> </p>
</blockquote>
</td>
</tr>
</table>
</center></div><div align="center"><center>
<table border="0" width="691">
<tr>
<td width="100%"><p align="center"><br>
<a href="../security.htm"><img src="../images/back1.gif" border="0" WIDTH="57" HEIGHT="20"></a><br>
<img border="0" src="title2.gif" WIDTH="742" HEIGHT="35"></td>
</tr>
</table>
</center></div>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -