CHAPTER 37

PKI AND CERTIFICATE AUTHORITIES

Santosh Chokhani, Padgett Peterson, and Steven Lovaas

37.1 INTRODUCTION

37.1.1 Symmetric Key Cryptography

37.1.2 Public Key Cryptosystem

37.1.3 Advantages of Public Key Cryptosystem over Secret Key Cryptosystem

37.1.4 Combination of the Two

37.2 NEED FOR PUBLIC KEY INFRASTRUCTURE

37.3 PUBLIC KEY CERTIFICATE

37.4 ENTERPRISE PUBLIC KEY INFRASTRUCTURE

37.5 CERTIFICATE POLICY

37.6 GLOBAL PUBLIC KEY INFRASTRUCTURE

37.6.1 Levels of Trust

37.6.2 Proofing

37.6.3 Trusted Paths

37.6.4 Trust Models

37.6.5 Choosing a Public Key Infrastructure Architecture

37.6.6 Cross-Certification

37.6.7 Public Key Infrastructure Interoperability

37.7 FORMS OF REVOCATION

37.7.1 Types of Revocation-Notification Mechanisms

37.7.2 Certificate Revocation Lists and Their Variants

37.7.3 Server-Based Revocation Protocols

37.7.4 Summary of Recommendations for Revocation Notification

37.8 REKEY

37.9 KEY RECOVERY

37.10 PRIVILEGE MANAGEMENT

37.11 TRUSTED ARCHIVAL SERVICES AND TRUSTED TIME STAMPS

37.12 COST OF PUBLIC KEY INFRASTRUCTURE

37.13 FURTHER READING

37.14 NOTES

37.1 INTRODUCTION.

Where at one time the use of encryption across the Internet consisted mainly of individuals with Pretty Good Privacy (PGP) exchanging secure e-mail and each maintaining a private “web of trust,” today's use of encryption encompasses a much wider range of elements including proofing, issuance, revocation, identification, federation, bridging, encryption, digital signing and a myriad of ancillary ...