November 1999
Intermediate to advanced
320 pages
8h 46m
English
As noted in the previous section, key compromise may involve an end-entity private key or an authority (for example, CA or RA) private key. Compromise (as well as destruction or any other event resulting in total loss of use) of an authority private key can be disastrous on quite a significant scale. This is because of the trust that a (potentially large) group of PKI entities places in that authority and because of the power it has to enable security in the environment.
In general, authority key compromise is a greater problem than loss of use of a key: Both events require the establishment of trust in a new key, but key compromise also destroys entity trust in existing signed statements from that authority ...