The Role of CAs in PKI

msbachmanmsbachman Posts: 43Member ■■□□□□□□□□
Hi,


This question concerns the role of certificate authorities. How I understand PKI thusfar is that it's simply the use of asymmetric cryptography to protect data. I hope that much I have right.

Next, I've been looking for info on what exactly CAs do. What is their role in all of this? In other words, would it be possible to have PKI without a certificate authority and have each keep and issue their own public/private key pair?

If anyone is confused I can clarify this.

Comments

  • dynamikdynamik Posts: 12,314Banned
    You can do asymmetric encryption (public/private keys) without a CA, but CAs are an integral part of a PKI.

    CAs are essentially used to very that the certificates are trustworthy and valid. Would you feel better about entering sensitive information on a website that created it's own certificate, or one that was backed by a CA like Verisign?
  • msbachmanmsbachman Posts: 43Member ■■□□□□□□□□
    dynamik wrote: »
    Would you feel better about entering sensitive information on a website that created it's own certificate, or one that was backed by a CA like Verisign?

    Yeah, you've got a point there...but can't certificates just be spoofed?
  • dynamikdynamik Posts: 12,314Banned
    Not if they're backed by a CA. The security can be compromised, and if that happens, the CA revokes the certificate (which is another important function of CAs).
  • RobertKaucherRobertKaucher Posts: 4,298Member
    Yes, even if it's backed by a CA. But this type of stuff is not "just" spoofing.
    Rogue SSL certificate exploit puts VeriSign on the spot - Network World

    Man in the middle attacks are far more likely.
    http://www.networkworld.com/community/node/43983
Sign In or Register to comment.