Professional Documents
Culture Documents
1. Certificates
Certificates are digitally signed electronic documents that bind a public key with a user
identity.
2. X.509
X.509 certificate has access to multiple resources, possibly in multiple locations.
Although difficult, X.509 certificates that use MD5 and SHA-1 hashes can be
compromised. For organizations worried about extremely resourceful hackers, a more
powerful hashing algorithm such as SHA-2 should be implemented with the certificate.
X.509 is the core of the PKIX, which is the IETFs Public Key Infrastructure (X.509)
working group. Components of an X.509 certificate include the following:
Owner (user) information, including their public key
Certificate authority information, including their name, digital signature, serial
number, issue and expiration date, and version
3. Certificate authority (CA)
A certificate authority (CA) is the entity (usually a server) that issues certificates to users.
In a PKI system that uses a CA, the CA is known as a trusted third party. Most PKI
systems use a CA. The CA is also responsible for verifying the identity of the recipient of
the certificate.
4. Registration authorities (RA)
Registration authorities are used to verify requests for certificates.
An RA might also be used if the organization deals with several CAs.
5. Certificate revocation list (CRL)
A list of certificates no longer valid or have been revoked by the issuer
Could be revoked due to theft, unspecified certificates, or key compromise
6. Online Certificate Status Protocol (OCSP)
Contains less information than a CRL and does not require encryption
7. Key escrow
When certificate keys are held in the case that third parties such as government or
other organizations need access to encrypted communications
8. Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) A cryptographic protocol that provides secure Internet
communications such as web browsing, instant messaging, e-mail, and VoIP.
9. Transport Layer Security (TLS)
Transport Layer Security (TLS) is the successor to SSL. Provides secure Internet
communications. This is shown in a browser as HTTPS.
B.
C.
Single-sided certificates
When the server validates itself to recipients of the certificate, for
example, users who access the website
Dual-sided certificates
The server and the user validate their identities
Works well when a limited amount of computers and sessions are involved
Web of trust
A decentralized trust model that addresses issues associated with the
public authentication of public keys common to CA-based PKIs.
Is peer-to-peer.
This model is used by PGP.
Secure Sockets Layer and Transport Layer Security (SSL and TLS)
Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are
crypto- graphic protocols that provide secure Internet communications such as
web browsing, instant messaging, e-mail, and VoIP. These protocols rely on a PKI
for the obtaining and validating of certificates.
Many people refer to the secure connections they make to websites as SSL, but
actually some of these will be TLS. The last version of SSL, version 3, was
released in 1996. TLS is a more secure solution; version 1 of TLS supersedes
SSLv3. As of the writing of this book, the latest version of TLS is 1.2 (defined in
2008).
C.
4. List the three protocols that use IPsec and define them (8)
Uses three protocols: SA, AH, and ESP
Secure Association (SA)
o The establishment of secure connections and shared security information,
using either certificates or cryptographic keys
Authentication Header (AH)
o Offers integrity and authentication
Encapsulating Security Payload (ESP)
o Provides integrity, confidentiality, and authenticity of packets