| Chapter 23 – |
Public Key Infrastructures and Certificate Authorities |
Santosh Chokhani
Chapter Contents:
| |
23.1 |
|
Introduction
|
| |
23.1.1 |
|
Secret Key Cryptography Not Practical for Network Security
|
| |
23.1.2 |
|
Public Key Cryptosystem
|
| |
23.1.3 |
|
Advantages of Public Key Cryptosystem over Secret Key Cryptosystem
|
| |
23.2 |
|
Need for Public Key Infrastructure
|
| |
23.3 |
|
Public Key Certificate
|
| |
23.4 |
|
Enterprise Public Key Infrastructure
|
| |
23.5 |
|
Certificate Policy
|
| |
23.6 |
|
Global Public Key Infrastructure
|
| |
23.6.1 |
|
Trusted Paths
|
| |
23.6.2 |
|
Trust Models
|
| |
23.6.2.1 |
|
Strict Hierarchy
|
| |
23.6.2.2 |
|
Hierarchy
|
| |
23.6.2.3 |
|
Bridge
|
| |
23.6.2.4 |
|
Multiple Trust Anchors
|
| |
23.6.2.5 |
|
Anarchy
|
| |
23.6.3 |
|
Choosing a Public Key Infrastructure Architecture
|
| |
23.6.4 |
|
Cross-Certification
|
| |
23.6.5 |
|
Public Key Infrastructure Interoperability
|
| |
23.6.5.1 |
|
Trust Path
|
| |
23.6.5.2 |
|
Cryptographic Algorithms
|
| |
23.6.5.3 |
|
Certificate and Certificate Revocation List Format
|
| |
23.6.5.4 |
|
Certificate and Certificate Revocation List Dissemination
|
| |
23.6.5.5 |
|
Certificate Policies
|
| |
23.6.5.6 |
|
Names
|
| |
23.7. |
|
Forms of Revocation
|
| |
23.7.1 |
|
Types of Revocation-Notification Mechanisms
|
| |
23.7.2 |
|
Certificate Revocation Lists and Their Variants
|
| |
23.7.2.1 |
|
Full and Complete CRL
|
| |
23.7.2.2 |
|
Authority Revocation List
|
| |
23.7.2.3 |
|
Distribution-Point CRL
|
| |
23.7.2.4 |
|
Delta Certificate Revocation List
|
| |
23.7.3 |
|
Server-based Revocation Protocols
|
| |
23.7.4 |
|
Summary of Recommendations for Revocation Notification
|
| |
23.8 |
|
Rekey
|
| |
23.9 |
|
Key Recovery
|
| |
23.10 |
|
Privilege Management
|
| |
23.11 |
|
Trusted Archival Services and Trusted Time Stamps
|
| |
23.12 |
|
Cost of Public Key Infrastructure
|
| |
23.13 |
|
References
|
| |
23.14 |
|
Further Reading
|
| |
23.15 |
|
Notes
|
|
|
|
