PKI LEAST hardened

I am a new comer here and in recent days I get a lot of kind help/explaination from you , thanks for all of you.

I have a confusion of the below question and looking forward to someone can help me.

In which of the following scenarios is PKI LEAST hardened

A The CRL is posted to a publicly accessible location
B The recorded time offsets are developed with symmetric keys
C A malicious CA certificate is loaded on all the clients
D All public keys are accessed by an unauthorized users

I don't understand wh the answer is 'C'

Find more posts tagged with

Comments

samurai86

Well I am not as confident with one as the others. so if anyone else wants to chime in feel free.

A. I don't see the Certificate Revocation List (CRL) being publicly accessed an issue, but a good thing.

B. Honestly, not too sure. I kind of see this as benign information. I can understand replay attacks, but hopefully there are mechanisms in place to thwart that.

D. Public keys being accessed by anyone is kind of the idea behind public keys. It is the private key for an individual that needs to be secure in a PKI environment. So again no issue here.

C. That leaves answer C. Yea for sure having a malicious certificate is very dangerous as we have seen with digitally signed malware. It isn't the certificate itself that is dangerous, but it is rather the privileges that a certificate offers is what makes malware signed by a legitimate certificate dangerous.

Malware Using Fake Certificate to Evade Detection | Symantec Connect Community
McAfee research shows sharp rise in malware signed with legitimate digital certificates - Network World

So without looking at this question I would identify C as the worst possible scenario in general. Looking at the question I would immediately be able to eliminate answers A and D. B would cause me to scratch my head. After all the question is about hardening, which my thought my process leads to think , "What I am doing to secure (harden) the environment?" So after thinking about it, if I were to upload a malicious certificate on all my clients, I would have gone in the negative direction in hardening my environment. And based on that I do agree with answer C for the question.

lsud00d

Great answer by samurai86--good breakdown of the potential answers and why things are automatically dq'd (A and D), and why out of the remaining two that it is definitely C.

+Rep