Certificates

Security

Collapse -

by secureplay · 15 years ago In reply to Certificates

The "weakest link" (well, one of the weakest links) in a Public Key System is the initial registration process. It is important to remember that the basic model in a public key system is to trust anyone with a certificate. You need to actively "key out" bad guys with CRL (certificate revocation lists) or CKLs (compromised key lists). Thus, instead of an ongoing key distribution problem, you have an ongoing CRL/CKL distribution problem.. making sure everyone has an updated list of no-longer-good guys.

So, because a Registration Authority is the main way to create new, valid users, it is an obvious target for attack. Also, for public key systems, the real question is "what is a valid user? ... that is what an RA answers. An RA could be online if it can somehow ensure the integrity of the data/registration validation provided to it - but this is the question that the RA is usually answering.

A non-standard PKI architecture could certainly have an online RA, but the typical model where trust is established through the registration process doesn't work.

Steven Davis
http://www.secureplay.com/ corporate
http://www.playnoevil.com/ blog

Security

General discussion

Certificates

All Comments

Start or search

Create a new discussion

Post type

Subject title

Topic Tags

Message Body

Track this discussion and email me when there are updates

Related Discussions

Account takeover attacks are on the rise

Facebook data privacy scandal: Cheat sheet

Five free encryption apps to protect sensitive data

US voter records sold on hacking forum

A Best-selling Mac app acts like spyware

Related Forums