英语翻译请不要用谷歌翻译,那样没有意思,但是在翻译的时候可以借助这个工具,请尽量翻译得通顺一些,一些缩写,例如CA、PK

英语翻译
请不要用谷歌翻译,那样没有意思,但是在翻译的时候可以借助这个工具,请尽量翻译得通顺一些,一些缩写,例如CA、PKI等,不需要翻译.
2.3.Certificate verification
An internet entity needing to verify the validity of an employee’s certificate asks its local SCVP server.The verification processing is decomposed into three steps,the first one to download the certificates belonging to the chain of trust,the second one to trust the root CA certificate (of Company1),and the third one to check the validity of each certificate of the chain,as follows:
All the certificates belonging to the certificate chain are downloaded from the bottom-level certificate (issuer) up to the high-level certificate based on the issuerAltName information within the certificates.For Bob's certificate,the LDAP server will be solicited only once to get the root CA's certificate,because the LDAP PKI is a one-level CA hierarchy.
As soon as the root certificate is found in the chain,the DNS hierarchy is solicited to provide the CERT RR containing the root CA’s certificates.This CERT RR is get from the DNS reference given either in the issuerAltName or subjectAltName field of the root CA’s certificate.The validity of the returned CERT RR is ensured by the DNSSEC PKI,but it will be definitely considered as valid if the root certificates registered in DNSSEC and LDAP PKIs are exactly the same.
All the downloaded certificates are then verified checking their validity period (validity),the signature (signatureValue) and,if possible,the CRL [1].The verification is done from the high-level certificate down to the bottom-level certificate.For revocation verification,it is required to download the CRL corresponding to the CrlDistributionPoints URI of the certificate under test,and to check its own validity period,and signature.
2.4.Defining a minimum security level within Internet
With the designed PKI,any internet entities are provided with mechanisms to get certificates and to verify their authenticity and validity.This helps introducing a homogeneous security level within Internet and lets private individuals benefiting from that more secure Internet.
The overall security level depends on how LDAP and DNSSEC PKI are managed.If strict procedures for managing public and private keys are imposed by regulating or standardized bodies,the resulted security level will be significant.Otherwise,it will serve as a basic security level.Anyway,the security level get from that solution will never be as high as with CSP (Certificate Service Provider),and so its application will concern scenarios which are not too much security demanding.

量大,难度高,答复者聊聊就是明证,楼主的承诺能兑现吧?
2.3.Certificate verification
证书验证
An internet entity needing to verify the validity of an employee’s certificate asks its local SCVP server.The verification processing is decomposed into three steps,the first one to download the certificates belonging to the chain of trust,the second one to trust the root CA certificate (of Company1),and the third one to check the validity of each certificate of the chain,as follows:
一个需要验证某一雇员证书有效性的互联网实体要请求自己本地的SCVP服务器.该验证的过程被分解成三步,第一步是下载属于该信任链的证书；第二步是委托（公司1）的根CA证书,第三步是检查该信任链每份证书的有效性,具体如下：
All the certificates belonging to the certificate chain are downloaded from the bottom-level certificate (issuer) up to the high-level certificate based on the issuerAltName information within the certificates.For Bob's certificate,the LDAP server will be solicited only once to get the root CA's certificate,because the LDAP PKI is a one-level CA hierarchy.
属于该证书链的所有证书根据证书内的issuerAltName信息从底层证书（颁发者）到高层证书下载,对于
Bob’s证书来说,LDAP服务器只有在一旦得到根CA证书时被请求,因为LDAP PKI是一种一层的CA层次结构.
As soon as the root certificate is found in the chain,the DNS hierarchy is solicited to provide the CERT RR containing the root CA’s certificates.This CERT RR is get from the DNS reference given either in the issuerAltName or subjectAltName field of the root CA’s certificate.The validity of the returned CERT RR is ensured by the DNSSEC PKI,but it will be definitely considered as valid if the root certificates registered in DNSSEC and LDAP PKIs are exactly the same.
一旦根证书在链中被找到,DNS层次结构就被请求而提供包含根CA证书的CERT RR.此CERT RR得自于根CA证书issuerAltName域或subjectAltName域中提供的DNS基准.返回的CERT RR的有效性由DNSSEC PKI确保,但是,如果在DNSSEC 和 LDAP PKIs中登记的根证书准确相同,它将肯定被看作是有效的
All the downloaded certificates are then verified checking their validity period (validity),the signature (signatureValue) and,if possible,the CRL [1].The verification is done from the high-level certificate down to the bottom-level certificate.For revocation verification,it is required to download the CRL corresponding to the CrlDistributionPoints URI of the certificate under test,and to check its own validity period,and signature.
然后,所有下载的证书加以验证,以检查它们的有效期（有效性）、签名（signatureValue）、以及如果可能的话还有CRL【1】.验证从高层次证书进行到底层证书.对于废止验证来说,要求下载与被验证证书的CrlDistributionPoints URI相应的CRL,并检查其自己的有效期和签名.
2.4.Defining a minimum security level within Internet
2.4 规定互联网内的最低安全水平
With the designed PKI,any internet entities are provided with mechanisms to get certificates and to verify their authenticity and validity.This helps introducing a homogeneous security level within Internet and lets private individuals benefiting from that more secure Internet.
借助于所设计的PKI,任何互联网实体都得到了一些机制,用于获得证书和验证它们的真实性和有效性.这有助于在互联网内引入同一的安全水平,并让私人个体从更安全的互联网中得到好处.
The overall security level depends on how LDAP and DNSSEC PKI are managed.If strict procedures for managing public and private keys are imposed by regulating or standardized bodies,the resulted security level will be significant.Otherwise,it will serve as a basic security level.Anyway,the security level get from that solution will never be as high as with CSP (Certificate Service Provider),and so its application will concern scenarios which are not too much security demanding.
整个的安全水平取决于LDAP 和 DNSSEC PKI如何加以管理.如果管理或标准化机构对公共和私人密钥的管理施加严格的程序,最终的安全水平将相当高.或者,它就只能起到基本的安全水平的作用.不管怎样,由该解决方案得到的的安全水平始终不会达到CSP（证书服务提供者）那么高,因此它的应用将涉及那些不要求太高安全性的情况.