cmp协议与spkm协议

分别看下官方文档对两者的定义，在RFC-4210中详细的描述了cmp协议，

cmp(Certificate Management Protocol,证书管理协议)：
   This document describes the Internet X.509 Public Key Infrastructure(PKI) Certificate Management Protocol (CMP).  Protocol messages are defined for X.509v3 certificate creation and management.CMP provides on-line interactions between PKI components, including an   exchange between a Certification Authority (CA) and a client system.

最后一句话说明了CMP协议的作用，是用于在pKI各个组件(RA、CA和KM)间进行通信时所遵守的消息格式，说白了就是规范了各个组件通信时的数据包格式(反映到程序上就是一个结构体)。

        在RFC-2025中详细描述了spkm(The Simple Public-Key GSS-API Mechanism)： This specification defines protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (GSS-API as specified in RFCs 1508 and 1509) when using the Simple Public-Key Mechanism.这句话仅仅说明了RFC-2025所要说明的东西，并没有说明spkm的具体作用，在RFC-2025中紧跟这个定义后有下面一句话：
   Although the Kerberos Version 5 GSS-API mechanism [KRB5] is becoming   well-established in many environments, it is important in some applications to have a GSS-API mechanism which is based on a public-key, rather than a symmetric-key, infrastructure.The mechanism described in this document has been proposed to meet this need and to provide the following features.

这段话的意思说的是：为了保证通信双方的安全性，在GSS-API(Generic Security Service Application Program Interface)第五版中虽然定义了些安全接口，但是这些接口都是基于对称密钥的，为了对非对称密码的支持，引入了spkm机制。

       到这里我们就很清晰的明了他们两者的各自用途了，CMP协议规范了PKI实体间应该以什么样的格式来组织通信的数据包，实际上就是一个结构体；而spkm是支持非对称密钥的、对CMP进行了消息保护的一种机制，也可以说是种协议。如果将CMP比作为网络通信领域的tcp协议的话，那么spkm相当于保护tcp的ssl协议，只不过CMP仅仅限于PKI各个实体间通信时所采用的数据包标准而已。

最后，更加具体的内容建议大家下载这两个官方的RFC文档进行了解。