Professional Documents
Culture Documents
X l AH.
3.2.1.1.2 ESP Outbound ch bin
1. Trnh t xc nhn s.
2. xc nhn MAC: Nu yu cu xc, gi tr MAC c tnh ton li v kim tra.
Nu hai m khng bng nhau, cc gi tin b loi b; khc khn ngoan ch bin trong
nc vn tip tc.
3. ti gi Original: ny c thc hin bng cch s dng mt lot cc ba
hot ng: (1) gii m cc d liu ESP Payload, padding, Pad Length, v cc lnh vc
Next Header s dng kha b mt, cc thut ton m ha, ch thut ton, v cc
mt m ng b ha d liu theo quy nh ca SA; (2) Add- ing bt k padding l
quy nh trong c t thut ton m ha; v (3) xy dng li d liu gc IP t IP
header ban u v cc thng tin giao thc lp trn trong lnh vc Payload ESP cho
phng tin giao thng, hoc t ng hm IP header v ton b datagram IP trong
lnh vc Payload ESP cho cc ch ng hm.
3.2.2 Hn ch IPsec
3.2.2. 3 Hn ch ca cc th tc y quyn
Networks thc hin IPsec khng s dng kim sot truy cp a phng
cung cp c ch t authori-. iu ny s lm gim kh nng ca mt dch v ni
mng cung cp cc quyn c nhn ho da trn cc thng s lin quan n dch
v v ngi s dng cc tnh nng. Mt nt c th, v d, s dng danh sch kim
sot truy cp a phng, s dng cc lnh vc c th trong Giy chng nhn k
thut s, hoc to ra c s h tng chng ch s ring bit cho mi ng dng n
host. Tht khng may l vic trin khai IPsec khng i ph vi tt c cc nhu cu
.
Mt khc, cc giao thc trao i kha c s dng trong IPsec, nh IKE,
khng i vo xem xt cc thng tin y quyn c th c chit xut t giy chng
Cc tiu chun hin hnh, trin khai, v thc tin p dng trong vic trin
khai IPsec khng th hin mt c ch c bit c thc hin c sn bo v
cc thnh phn nhy cm nht ca IPsec suite. Mt truy cp bt hp php vo SPD
s cho php k xm nhp thay i chnh sch bt k. Mt s xm nhp tri php
vo cc SAD s cho php k tn cng ly tt c cc ti liu c lu tr an ton
trong SA.
Hai cch tip cn c th c s dng khc phc nhng hn ch: Cc
phng php tip cn u tin lm gim vai tr ca IPsec l mt giao thc xy
dng dnh ring VPN, v cung cp cc gii php ng, bao gm cch thch cho vic
m bo cc ng dng. Cch tip cn th hai lm cho IPsec erative coop- vi cc
ng dng cn bo mt cao cp. Trong phn tip theo, chng ti tho lun v nhng
ci tin cn thit lin quan n cc phng php tip cn, c bit l khi di chuyn
c lin quan.
Cng c cho vic thu hi, xc minh, x l, v bng chng v tials credenk thut s (nh giy chng nhn k thut s).
Th tc th cc c tnh ch yu bao gm liveness, t chi pht hin dch
v, v gi tr a ch.
c tip sc ca cc gi tin c ch k v m ha; chuyn thng tin v cc
thc th ng dng c giao tip vi; v p ng cc yu cu y quyn ca ng
dng.
1.
P '=
= Ci Ci Pi + 1 Mask = Pi + 1 Mask
Pi '= Ci-1 DK (Ci')
Cuc tn cng ny nhm mc ch thao tng lnh vc giao thc trong IP header ca
gi tin bt c m ha. Cuc tn cng ny l hiu qu khi kch thc khi ca gi
tin c m ha bng 128 v cc thut ton m ha AES. Trong phin bn ny
trng tocol trnh (trong cc gi tin b bt) nm trong P1 khi bn r. V vy, n
gin bng cch lt cc bit trong C0, lnh vc ny s ch ra mt giao thc lp trn m
khng c h tr bi cc my ch kt thc. Khi nhn c cc gi tin c m ha
sa i, my ch s gi mt gi tin ICMP c tn Nhng k tn cng vn cn phi sa
i a ch ngun, nhng k t khi ng i ch mt cht trong C0 cho n khi n
nhn c mt cu tr li "khng th truy cp cng."; iu ny c th cn khong
215 ln lp li.
Cc giao thc ESP cho bit thm mt s padding, vo cui ca gi tin IP, c mt
chiu di bng vi bi s ca kch thc khi. N cng cho bit thm hai byte,
Length Pad (PL) v Header Next (NH), sau khi b sung ny (xem Hnh 3.4 cho mt
m t ca tiu IP). Cc byte NH c gi tr 4 trong mt ch ng hm. Mi
cng IPsec nhn mt gi tin c m ha nn kim tra xem cc ming m ca cc
gi d liu c cu trc m t. Nu khng phi l trng hp, gateway s th cc
gi tin. By gi chng ta hy xem xt mt ng hm IPsec gia hai cng s dng
ESP khng c chng thc. K tn cng in thoi di ng c kh nng lng nghe lu
lng v bm cc gi bn trong ng hm. Sau k tn cng c th nm bt
c mt gi tin c m ha. Sau , anh thay i ngu nhin cc thnh phn ca
gi c cha cc gi tr IHL hoc trng Protocol (mt cch tng t nh cc cuc tn
cng th hai). Mc ch ca cuc tn cng l thc hin mt sa i c mt
thng bo ICMP bn trong ng hm. V vy, nhng k tn cng khng phi thay
i a ch ngun v ch. i vi iu ny, anh ta cn phi tip tc c gng cho n
khi gi to ra mt thng ip ICMP. K t khi c thng bo ICMP vn c m ha,
chng ti gi nh rng nhng k tn cng c th nhn ra n.
R '[6] = R [6] 1.
SSL v TLS hin l cc giao thc c s dng rng ri nht m bo an ninh cho
cc lin kt Internet client / thng. SSL c xp lp trn u trang ca mt b
giao thc ng tin cy hin c, c th l cc giao thc TCP / IP. cung cp dch v
ca mnh, SSL c chia thnh hai lp: cc giao thc bt tay v cc lp k lc. Cc
giao thc bt tay
hnh 3.5 dng tin nhn trong phin giao dch SSL.
cho php cc bn giao tip ty chn xc thc mi phm phin trao i khc ri.
Khi chm dt th tc bt tay, cc bn giao tip chia s mt b mt m c th c
s dng xy dng mt knh an ton. SSL l mt giao thc khng i xng m p
dng cc m hnh my ch ca khch hng. Mt s dng in hnh ca SSL lm cho
vic s dng phin cc thut ton trao i kha RSA ch vi my ch xc thc. Hnh
3.4.3 WTLS
Cc giao thc ghi li c chia thnh bn khch hng giao thc khc nhau: Alert,
cc
ng dng, i Cipher, v cc giao thc bt tay. Mt d liu
WTLS
Khch hng
My ch
Xin cho my ch server Certificate Server Key Exchange server Certificate Request
Xin cho Done
Giy chng nhn khch hng Khch hng Key Exchange Certificate Verify
(Change Cipher Specification) Hon tt
Application Data
3.4.4.1 Xc thc
WTLS_Compressed_data.data_length WTLS_Compressed_data.fragment)
3.4.4.2.2 Bo mt
Privacy trong WTLS c thc hin bng phng tin ca vic m ha cc knh
truyn thng. Cc phng php m ha c s dng v tt c cc gi tr cn thit
tnh chia s b mt c trao i mt cch an ton trong khi bt tay. B quyt
tng th l mt chui 20-byte, c tnh ton theo cng thc sau:
3.4.4.2 Data Integrity
WTLS_Compressed_data.data_length WTLS_Compressed_data.fragment)
3.4.4.2.2 Bo mt
Privacy trong WTLS c thc hin bng phng tin ca vic m ha cc knh
truyn thng. Cc phng php m ha c s dng v tt c cc gi tr cn thit
tnh chia s b mt c trao i mt cch an ton trong khi bt tay. B quyt
tng th l mt chui 20-byte, c tnh ton theo cng thc sau:
Master_secret = PRF (pre_master_secret, "ch b mt," ClientHello.random
ServerHello.random),
3.4.5 SSH
Cc giao thc SSH cho php hai my ch (client v server) xy dng mt knh
an ton cho d liu truyn s dng DSA v Diffie-Hellman trao i quan trng, trong
cung cp mt kha b mt c chia s m khng th c xc nh bi mt
trong hai bn mnh. Cc kha b mt c chia s c s dng nh mt cha kha
phin. Mt khi mt ng hm c m ha c cre- ated s dng kha ny, bi
cnh cho cc thut ton nn m phn v cc thut ton m ha c khi to. C
ba phn chnh ca col nguyn thy SSH: tha thun thut ton, xc thc v m ha
d liu (Barrett, 2001).
Vic m phn ca cc thut ton c thc hin ch yu xc nh cc thut
ton encryp- tion, cc thut ton nn, v cc phng php xc thc sup- chuyn v
c s dng gia cc my khch v my ch. Vic m phn sau tip theo l
xc thc, m c thc hin bi mt qu trnh 2 bc: vic trao i kha v xc
thc khch hng. Mc tiu ca vic trao i chnh l c gng xc thc my ch
cho khch hng v thit lp mt kha chia s c s dng nh mt cha kha
session m ha tt c cc d liu c chuyn giao gia hai thc th. Cc kha
phin m ha d liu v mt hash c to ra kim tra ca cc ti trng bng
cch s dng kha ring ca my ch ton vn. Cc khch hng xc nhn kha
cng khai ca server v cc my ch nhn c ch k, v sau tip tc vi xc
thc ngi dng.
Phng php xc thc ngi dng c h tr bao gm, nhng khng gii hn, mt
khu, kha cng khai, giy chng nhn OpenPGP, v giy chng nhn X509v3. Mt
khi
xc thc thnh cng, mt trong nhng thut ton m ha thng lng c s
dng m ha d liu truyn ti gia hai my. Duces vic trao i kha trnh hai
gi tr: mt b mt K chia s, v H. ngoi bm i vi iu ny, khch hng to ra
mt s ngu nhin x ni (1 <x <q) v my ch to ra mt s ngu nhin y (0 <y
<q), trong q l mt s nguyn t. Vic qun l ca cc cp kha c thc hin
nh sau:
Nh ni trc y, khi hon thnh nhng ci bt tay, khch hng SSL v thay i
trao i my ch thng ip c im k thut mt m chuyn i ty chn bo
mt ca h. C hai bn s, sau , ch giao tip bng cch s dng tnh nng bo
mt trn ng . buc c hai bn bt u thng tin bo mt m khng cn
thay i cc mi ng -on c im k thut mt m, mt ngi n ng trong
cuc tn cng gia ch c th c gng gi mt tin nhn Hon tt ngay trc khi
mt m thng ip c im k thut c th c gi i. Hai l do bin minh cho s
thnh cng ca cuc tn cng nh: Th nht, khng c hot ng trong SSL c
trch nhim kim tra xem mt c im k thut mt m thay i c gi i
trc khi nhn Hon tt. Th hai, cc thut ton m ha thay i c im k thut
tin khng xc thc ging nh tt c cc d liu bt tay khc.
3.5.2.1 IVs d on c
WTLS s dng mt tnh ton tuyn tnh ca cc vector khi to, ngay c i vi cc
cng xuyn ng tin cy. Khi mt thut ton m ha khi c s dng trong ch
CBC, IV c tnh nh sau:
C s, 0 = E K (IVs Ps, 0)
C s, j = E K (C s, j -1 Ps, j),
j> 0
Pt, 0 = m (t, t, t, t)
Thc th cui cng c th c coi l nhng ngi s dng cc dch v lin quan
n PKI. Thi hn cui cng thc th l mt thut ng chung ch nh r cc thu
bao, thit b mng (nh ers serv- v b nh tuyn), quy trnh, hoc bt k t chc
no khc m c p dng v nhn c mt giy chng nhn k thut s s
dng trong vic h tr an ninh v s tin tng trong cc giao dch c hiu ly.
Mt kt thc thc th cng c th l mt bn th ba (mt c nhn hoc mt t
chc),
LDAP
CA
OCSP
URL ca
Giy chng nhn
Xc minh
Giy chng nhn
Internet
Xc minh
Giy chng nhn
Mt c quan cp giy chng nhn l ngi pht hnh chng ch kha cng khai
trong mt PKI c. Giy chng nhn kha cng khai c k thut s c ch k ca
CA pht hnh, m hiu qu (v hp php) lin kt vi cc tn thuc din chu kha
cng khai v kha cng khai ca CA c s dng xc minh ch k trn giy
chng nhn pht hnh. CA cng l trch nhim cp giy chng nhn danh sch thu
hi (CRL), m bo co v chng v hiu, tr khi iu ny c giao cho mt thc
th ring bit, c gi l danh sch thu hi Giy chng nhn t chc pht hnh.
Mt CA nn tham gia vo mt s cng vic hnh chnh v k thut nh: ng k
ngi dng cui cng, xc minh thng tin ca ngi dng cui, qun l giy chng
nhn, giy chng nhn v cng b. Tuy nhin, mt s cc chc nng hnh chnh c
th c giao cho din vin khng bt buc, gi l c quan ng k (RA). Hot ng
ch yu ca CA bao gm vic pht hnh chng ch, gia hn giy chng nhn, certificate thu hi v kim tra giy chng nhn. Vic xc minh chng nhn kt thc
thc th c th bao gm mt danh sch cc CA, biu hin bng CAj, 1 <j <n, nh
vy l CA1
t chc pht hnh Giy chng nhn kt thc thc th, CAK + 1 l ngi pht hnh
chng ch c cp
cak k giy chng nhn, k> 1, v c th l mt CA ng tin cy (t im xc
minh
xem).
Do , giy chng nhn kt thc thc th i din cho nhng im khi u xc
nhn mt ng dn chng c a ra, trong i din cho mt danh sch cc
chng ch k ca CA v giao cho CA.
The R Nh, tuy nhin, khng c php pht hnh chng ch hoc CRL. Trin khai
mt RA c th cung cp hai li th ln. u tin, RA c th gip gim chi ph chng
nhn tng th. iu ny c bit ng trong ln, phn b a l cng ty u yu cu
ngi dng ca h c th cht hin nay trc cc hot ng lin quan n PKI c
th c php. Th hai, gim ti cho cc chc nng qun tr t mt CA cho php
mt t chc hot ng ca CA off-line, lm gim cc c hi m mt k th ra mt
tn cng chng li CA.
Thng thng, mt kch bn dch v PKI lin quan n mt ngi s dng in thoi
di ng c m t nh sau:
1. CA thc hin nhn dng ngi dng thng qua tip xc trc tip.
2. CA cung cp cho ngi dng vi danh tnh v mt khu.
3. Mt in thoi di ng to ra mt cp v giy chng nhn tin nhn yu cu quan
trng.
4. Cc du hiu nhn in thoi di ng v cc yu cu chng thc ch k s verichnh fication vi chnh th h ch k k thut s.
5. Cc in thoi di ng gi h n CA.
3.6.2.1 ng k
3.6.2.2 Khi to
Qu trnh ny xy ra sau khi kt thc qu trnh khi to. N lin quan n vic pht
hnh ca n v chng nhn kha cng khai ca c quan cp giy chng nhn.
Thng thng, qu trnh to t chc cc thng tin cn thit (bao gm c bn sc
ca CA v cc a ch thu hi) trong mt cu trc d liu theo chun X.509 S NN &
PTNT v k thut s k tn. Nu cp kha lin quan n chng ch c to ra bn
ngoi vi CA, cc thnh phn quan trng cng cng phi c giao cho CA mt cch
an ton. Sau khi to ra, chng ch c tr li cho cc thc th cui cng v / hoc
xut bn cho mt kho lu tr chng ch (Housley, 2002).
3.6.2.4 Chng Update
3.6.2.5 Thu hi
Giy chng nhn kha cng cng c ban hnh vi thi gian sng kh ln. Tuy
nhin, hon cnh tn ti khi cc chng ch c cp c th thay i n mt
trng thi khng th chp nhn trc khi chng ch c th n ht hn bnh thng.
L do khng chp nhn c th bao gm s tha hip chnh t nhn hoc thay i
cc thng tin lin quan n cc thu bao (v d, lin kt v thay i tn). V vy, n
c th tr nn cn thit thu hi giy chng nhn trc ngy ht hn ca n. Yu
cu thu hi cho php chm dt thc th (hoc RA bt u qu trnh ghi danh)
yu cu s revoca- ca chng ch. Thng tin thu hi Giy chng nhn phi c lm
sn c ca CA cp giy chng nhn hoc bng cch pht hnh CRL, m cc i
biu CA chc nng ny.
X.509 nh ngha mt phng php cho vic cng b thng tin trn thng qua danh
sch thu hi chng ch (CRL). Tn s xut bn v cc loi CRL c s dng l chc
nng ca chnh sch a phng. Cui cng, ngi ta c th nhn thy rng cui
cng cc thc th, hoc bn th ba ng tin cy hot ng trn danh ngha, phi
kim tra tnh trng thu hi tt c cc chng ch m n mun da vo. iu ny s
c cp trong cc phn tip theo.
Mt khc, vic xc nhn Giy chng nhn X.509 i hi CRL xc minh. nhn ra
iu ny, mt thit b di ng cn ti CRL t CA v kim tra xem giy chng nhn b
thu hi. Quy trnh ny tiu tn ca thit b di ng v khng dy truyn ti trn
khng ng k. Nh vy, mt phng php ng tin cy ht v effi- c yu cu
ph chun chng nhn X.509 m khng xc minh trc tip ca cc thit b di ng
CRL.
3. Ti u ha cc giao thc qun l giy chng nhn (CMP): Current dy CMP c
da trn giao thc SSL, trong khi yu cu giy chng nhn c cp bi cc thit b
v gi bng WTLS. V bo mt da trn WTLS khng tr gip trong end-to-end an
ninh, thng tin cn thit cho cc yu cu chng ch c th khng c an ton
chuyn giao cho CA. V vy, mt CMP khng dy mi (hoc WCMP) cn phi c
xy dng v khng nn c da trn SSL, khng phi trn WTLS. Tuy nhin, cc
WCMP phi m bo cc chc nng ging nh CMP c dy v c nh hn v c
ti u ha cho ch bin trong cc thit b di ng v truyn qua kt ni khng dy.
4. Ti u ha chng trnh xc thc chng: xc nhn giy chng nhn X.509,
chui chng ch v CRL phi c thu thp v kim chng trong cc thit b di ng.
Nu vic xc minh chng ch cn xc nhn ca chui di ca giy chng nhn,
nhim v nh vy c th xut hin kh x l. Phng php hiu qu v ng tin
cy cho ng dn chng ch xc nhn ph hp cho cc thit b di ng l cn thit.
Cc gii php thc hin theo cc yu cu ni trn c th s dng cc khi nim
v ng bng CRL, lm gim kch thc ca CRL ti v bng cch gi cc thay
i c thc hin cho cc CRL t yu cu cui cng. Mt phng php khc c th
giao ton b xc minh phc tp cho cc i tng nm trn nt c nh (trong mng
di ng) hoc cho bn th ba ng tin cy c thm ngun lc.
Trong m hnh ny, chng ti p dng chng ch X.509 l Giy chng nhn ca in
thoi di ng. Bi v giy chng nhn X.509 thuc s hu ca in thoi di ng
c xc minh bi my ch, kim tra giy chng nhn khng phi l kh khn trong
cc my ch c hiu sut. Ngay c vic lu tr ca mt chng ch c gnh
nng cho my in thoi di ng v in thoi di ng ch gi n n bn kia m
khng c bt k hot ng cp giy chng nhn. Trong m hnh ny, CA pht hnh
chng ch, xut bn th mc ca n, v ch gi URL ca giy chng nhn cho cc
in thoi di ng. Khi mt in thoi di ng giao tip vi mt my ch, in thoi
di ng gi mt URL ca giy chng nhn cho my ch, khng giy chng nhn
ring ca mnh. Cc my ch c th d dng truy cp vo cc th mc v c c
cc chng ch. Kt qu l, in thoi di ng c th tit kim khng gian b nh
s dng khc.
i vi my ch, chng ti s dng mt chng ch X.509 v ngn ngi (Housley,
2002). Nu mt my ch s gi mt giy chng nhn X.509 in thoi di ng,
mt chng trnh xc thc chng nhn hiu qu v nh c th c yu cu trong
cc in thoi di ng. i khi in thoi di ng c th xc nhn giy chng nhn
X.509 bi v n c th c gng kt ni vi mt my ch c thit k phc v
ch mt thit b u cui c dy v ch c giy chng nhn X.509. Chng ti a vo
s Duce Online Certificate Status Protocol (OCSP), v cc i biu in thoi di ng
OCSP xc nhn giy chng nhn thay v xc nhn trong cc in thoi di ng
ca chnh n. Trong trng hp ny, in thoi di ng c th trnh c nhng th
tc phc tp ca vic xc nhn giy chng nhn v c c mt kt qu t cc my
ch OCSP ng tin cy (Myers, 1999).
Mt WTLS-chng ch c th c nh ngha nh l mt chng ch ngn ngi kt
ni WTLS. Mt chng ch ngn ngi khng c phn m rng c s dng chng
nhn xc nhn con ng ngh Bi v ch c mt khong thi gian hp l trong
mt thi gian ngn. N c xc minh ch khi ch k ca CA v thi gian hp l
xc nhn giy chng nhn l hp l. Do , in thoi di ng c th trnh gnh
nng ca CRL ti v xc nhn ng dn chng ch. Chng ti gii thch cc thnh
phn chi tit kin trc WPKI.
p dng OCSP xc nhn giy chng nhn trong m hnh ny, chng ti s dng
tn min cp thng tin v m rng quyn tip cn thng tin xc nh lm th
no truy cp vo my ch OCSP (Myers, 1999). i vi my ch, cc im phn
phi CRL c th c s dng c c thng tin CRL. Vic tip cn thng tin v
cc c quan c CRL m rng cc im phn phi phi c mt theo giy chng nhn
xc nhn giy chng nhn, nhng ngi xc minh c th chn cc phng thc
xc nhn giy chng nhn, hoc l CRL hoc OCSP.
3.6.3.2.2 Certificate Request v Wireless Management Protocol
Chng ti xem xt lm th no mt in thoi di ng an ton yu cu mt giy
chng nhn cho CA v CA pht hnh n vo in thoi di ng. Sau y l nhng
yu cu ca cc giao thc yu cu chng ch.
Nhng tin nhn yu cu giy chng nhn c xy dng ti cc in thoi di
ng. Gi tr ny nn bao gm mt kha cng khai, v s tham chiu cui cng thc
th (chng hn nh mt ID) v mt khu. Chng ti cho rng cc lnh vc khc theo
yu cu chng ch, v kim sot thng tin b sung lin quan n qu trnh ng k,
c thc hin trong out-of-band.
A POP (Proof of Possession) ca kha ring tng ng vi kha cng khai m mt
chng ch ang c gi tr ngh c bao gm trong yu cu giy chng nhn
tin nhn.
Phng php m cc thng ip yu cu chng nhn l an ton truyn t
mt CA.
p ng cc yu cu ny, mt giao thc qun l giy chng nhn khng dy c
th c pht trin trn in thoi di ng. Mt mt khu c th c chuyn giao
cho mt CA bi gi tr bm; bo mt ca mt khu c th c m bo. Chng ti
s dng kha cng khai l mt thng tin thi gian cho cng tc phng chng tn
cng replay.
3.6.3.2.3 Certificate Validation Scheme
Nh cp trc , mt i biu chnh quyn in thoi di ng in thoi xc
nhn (VA) vali- giy chng nhn ngy trong m hnh ny. Cc in thoi di ng
c th trnh c nhng gnh nng ca CRL ti v v lu tr cng nh cc th tc
phc tp t c v xc minh chui chng ch. i vi mt chng ch ngn
ngi, in thoi di ng xc nhn cc chng nhn qua kim tra cate ch ch k
v thi hn hiu lc trong giy chng nhn.
Mt CRL ng bng lit k cc giy chng nhn c tnh trng thu hi thay i k
t khi pht hnh ca mt hon CRL tham chiu c th c s dng xc minh
CRL trong mt in thoi di ng. Nhng th tc cu to ca CRL hon chnh t
delta CRL l khng d dng cho cc in thoi di ng v i hi phi c m-un b
sung. Ngoi ra in thoi di ng nn lu tr cc c s CRL, cui cng hon
thnh CRL. Nh vy, chng ta loi tr vic xc minh CRL delta CRL da trn t m
hnh ca chng ti. Hnh 3.9 cho thy th tc rn cc vali- giy chng nhn. Cc
my ch c c mt giy chng nhn t th mc bng cch s dng URL ca cc
chng ch nhn c t in thoi di ng, v xc nhn n bng cch s CRL hay
VA.
hnh 3.9 OCSP th tc trong in thoi di ng.
Ngc li, cc my ch s gi n in thoi di ng ca mnh vi giy chng nhn
chng ch CA v ARL (Authority Revocation List) vi nhau. Do , cc in thoi di
ng khng cn phi c c giy chng nhn v ARL CA t th mc nh trong hnh
3.9. N lm gim s lng cc kt ni khng dy gia in thoi di ng v cc th
mc.
ti liu tham kho