Public key infrastructure
This article may be deleted soon. | ||
---|---|---|
A public key infrastructure or PKI provides the supporting tools to make it practical to deploy and use public key cryptography. The first essential element of PKI is that the creators of public-private keys key pairs have a secure way to store the public key in an accessible repository, with the stored key autheticated as coming from the purported source. The second essential element is that users of the public key have a secure way to retrieve the public key for a given source of information. As with any security tool, there must be a reliable means of auditing changes to the system resources, such as the entry of new keys, with a log verifying that the change was authenticated. Public keys, in practice, will be delivered in a digital certificate.[1] While there are many details, think of a digital certificate as if it were a typical official document such as a passport:
In the Internet, the fundamental specification, RFC 5280, states that it may be necessary to add additional authorization, assurance, or operational requirements to accept a certificate. This specification, however, deals with common representations of frequently used attributes are defined so that application developers can obtain necessary information without regard to the issuer of a particular certificate or certificate revocation list (CRL)." In no way does the standard suggest any specific rights that apply to the holder of a certificate. References
|