Sunday, October 4, 2015

Public Key Infrastructure (PKI)

Exploring PKI Components
A Public Key Infrastructure (PKI) is a group of technologies used to request, create, manage,
store, distribute, and revoke digital certificates. Asymmetric encryption depends on the use of
certificates for a variety of purposes, such as protecting email and protecting Internet traffic with SSL
and TLS. For example, HTTPS sessions protect Internet credit card transactions, and these
transactions depend on a PKI.

A primary benefit of a PKI is that it allows two people or entities to communicate securely
without knowing each other previously. In other words, it allows them to communicate securely
through an insecure public medium such as the Internet.

For example, you can establish a secure session with even if you’ve never done so
before. Amazon purchased a certificate from VeriSign. The certificate provides the ability to establish a secure session.
A key element in a PKI is a Certificate Authority.

Certificate Authority
A Certificate Authority (CA, pronounced “cah”) issues, manages, validates, and revokes
certificates. In some contexts, you might see a CA referred to as a certification authority, but they are
the same thing. CAs can be very large, such as VeriSign, which is a public CA. A CA can also be very small, such as a single service running on a server in a domain.

Public CAs make money by selling certificates. For this to work, the public CA must be trusted.
Certificates issued by the CA are trusted as long as the CA is trusted.

This is similar to how a driver’s license is trusted. The Department of Motor Vehicles (DMV)
issues driver’s licenses after validating a person’s identity. If you want to cash a check, you may
present your driver’s license to prove your identity. Businesses trust the DMV, so they trust the
driver’s license.

Although we may trust the DMV, why would a computer trust a CA? The answer is based on the
certificate trust path.

No comments:

Post a Comment