The Role of CAs in PKI

msbachman · August 2009

Hi,

This question concerns the role of certificate authorities. How I understand PKI thusfar is that it's simply the use of asymmetric cryptography to protect data. I hope that much I have right.

Next, I've been looking for info on what exactly CAs do. What is their role in all of this? In other words, would it be possible to have PKI without a certificate authority and have each keep and issue their own public/private key pair?

If anyone is confused I can clarify this.

dynamik · August 2009

You can do asymmetric encryption (public/private keys) without a CA, but CAs are an integral part of a PKI.

CAs are essentially used to very that the certificates are trustworthy and valid. Would you feel better about entering sensitive information on a website that created it's own certificate, or one that was backed by a CA like Verisign?

msbachman · August 2009

dynamik wrote: »

Would you feel better about entering sensitive information on a website that created it's own certificate, or one that was backed by a CA like Verisign?

Yeah, you've got a point there...but can't certificates just be spoofed?

dynamik · August 2009

Not if they're backed by a CA. The security can be compromised, and if that happens, the CA revokes the certificate (which is another important function of CAs).

RobertKaucher · August 2009

Yes, even if it's backed by a CA. But this type of stuff is not "just" spoofing.
Rogue SSL certificate exploit puts VeriSign on the spot - Network World

Man in the middle attacks are far more likely.
http://www.networkworld.com/community/node/43983

The Role of CAs in PKI

Comments