PKI (Public Key Infrastructure)
Radia Perlman, Sun Microsystems Laboratories
Introduction
Authentication
Authorization
Security without Public Key Cryptography
Functional Comparison between Public Key– and Secret Key–Based Systems
Issues with Public Key Infrastructure
PKI Models
Monopoly
Oligarchy
Anarchy
Name-Based Trust
Top-Down, Name-Based
Bottom-Up, Name-Based
Bridge Model
Using PKI
Certificate Revocation
Conclusion
Glossary
Cross References
Further Reading
INTRODUCTION
PKI is an acronym for “public key infrastructure.” This chapter discusses what that means and the challenges associated with providing this functionality.
If Bob believes Alice's public key is pubA, and Alice knows the private key associated with pubA, then Bob can use pubA to encrypt a message for Alice, or Alice can use the associated private key to prove to Bob that she is Alice (i.e., she can authenticate to Bob). The purpose of a PKI is to provide a convenient and secure method for obtaining the public key associated with some principal.
The basic idea is to have a trusted authority known as a CA (certification authority) digitally sign a message known as a certificate, thereby vouching that a particular key goes with a particular name. If Alice has been certified by the CA, Bob knows the CA's public key, Bob trusts that CA, and Bob receives Alice's certificate, then he can validate the CA's signature on that certificate and know Alice's public key. In the chapter about digital certificates in this volume, ...
Get Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
