The Role of CAs in PKI
msbachman
Member Posts: 43 ■■□□□□□□□□
Hi,
This question concerns the role of certificate authorities. How I understand PKI thusfar is that it's simply the use of asymmetric cryptography to protect data. I hope that much I have right.
Next, I've been looking for info on what exactly CAs do. What is their role in all of this? In other words, would it be possible to have PKI without a certificate authority and have each keep and issue their own public/private key pair?
If anyone is confused I can clarify this.
This question concerns the role of certificate authorities. How I understand PKI thusfar is that it's simply the use of asymmetric cryptography to protect data. I hope that much I have right.
Next, I've been looking for info on what exactly CAs do. What is their role in all of this? In other words, would it be possible to have PKI without a certificate authority and have each keep and issue their own public/private key pair?
If anyone is confused I can clarify this.
Comments
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□You can do asymmetric encryption (public/private keys) without a CA, but CAs are an integral part of a PKI.
CAs are essentially used to very that the certificates are trustworthy and valid. Would you feel better about entering sensitive information on a website that created it's own certificate, or one that was backed by a CA like Verisign? -
msbachman Member Posts: 43 ■■□□□□□□□□Would you feel better about entering sensitive information on a website that created it's own certificate, or one that was backed by a CA like Verisign?
Yeah, you've got a point there...but can't certificates just be spoofed? -
dynamik Banned Posts: 12,312 ■■■■■■■■■□Not if they're backed by a CA. The security can be compromised, and if that happens, the CA revokes the certificate (which is another important function of CAs).
-
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■Yes, even if it's backed by a CA. But this type of stuff is not "just" spoofing.
Rogue SSL certificate exploit puts VeriSign on the spot - Network World
Man in the middle attacks are far more likely.
http://www.networkworld.com/community/node/43983