Re: trust issues associated with Public Key Infrastructure?




What are the trust issues associated with Public Key Infrastructure?

The main issue is: how can you trust, that the public key you have really
is from the person you want to communicate with?

There are two different ideas for that topic: certification authorities
(with i.e. SSL/TLS, S/MIME) and the web of trust (i.e. OpenPGP).


Are the following PKI trust issues?...

CAs could issue certificates without checking owner identity
CAs could deliberately issues false certificates
Private keys could be disclosed by accident or on purpose
False certificates could be inserted into browsers
How to know that a revocation request is genuine (possible denial of service
attack)
Checking revoked certificates requires another secure channel
Liability issues for false or misused keys

Source:
http://66.249.93.104/search?q=cache:1F9DMPETzvgJ:www.unb.ca/pstnet/pst2005/Shaughnessy%2520Room/oct14/Josang-PST2005.ppt+trust+issues+PKI&hl=en&gl=uk&ct=clnk&cd=19

Thanks,

Johnny.


.



Relevant Pages

  • Proofs, burdens, abrahamic claims, and out-of-band data
    ... When you get a trust point certificates so you can tell if the site ... method that does not directly involve in-band transmission. ... The usual way to do out-of-band is to have the manufacturer of your ...
    (soc.religion.mormon)
  • Re: New Method for Authenticated Public Key Exchange without Digital Certificates
    ... > certificates were redundant and superfluous when the relying party ... > context of the original posting) and the semantic meaning of trust ... > the addition of public key operations to these environments isn't to ... > operations are the financial institutions. ...
    (sci.crypt)
  • Re: PKI: the end
    ... that one of the keys is consistently kept private and the other ... How does PKI infer 3-factor? ... What's with the "business process" terminology? ... > case of domain name SSL certificates, ...
    (sci.crypt)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... >>If we should trust these certificates, ... (Just as we should do for existing certificates issued by ... > level certificate to a small organization's PKI server in australia ... HTTPS is precisely so I don't need to trust DNS: ...
    (sci.crypt)
  • Re: ASDF-INSTALL for CMUCL, CLISP, AllegroCL, and LispWorks - plus tutorial
    ... > AND I've established a trust relationship with them, ... thusly gaining multiple weakly trusted keys in one whopping step. ... as opposed to installation which will happen with every new ... > than simply downloading packages directly from people's pages, ...
    (comp.lang.lisp)