Re: trust issues associated with Public Key Infrastructure?
- From: "Johnny" <John@xxxxxxxxxxxxxxxx>
- Date: Thu, 10 Aug 2006 18:48:03 GMT
What are the trust issues associated with Public Key Infrastructure?
The main issue is: how can you trust, that the public key you have really
is from the person you want to communicate with?
There are two different ideas for that topic: certification authorities
(with i.e. SSL/TLS, S/MIME) and the web of trust (i.e. OpenPGP).
Are the following PKI trust issues?...
CAs could issue certificates without checking owner identity
CAs could deliberately issues false certificates
Private keys could be disclosed by accident or on purpose
False certificates could be inserted into browsers
How to know that a revocation request is genuine (possible denial of service
attack)
Checking revoked certificates requires another secure channel
Liability issues for false or misused keys
Source:
http://66.249.93.104/search?q=cache:1F9DMPETzvgJ:www.unb.ca/pstnet/pst2005/Shaughnessy%2520Room/oct14/Josang-PST2005.ppt+trust+issues+PKI&hl=en&gl=uk&ct=clnk&cd=19
Thanks,
Johnny.
.
- Follow-Ups:
- Re: trust issues associated with Public Key Infrastructure?
- From: Volker Birk
- Re: trust issues associated with Public Key Infrastructure?
- References:
- trust issues associated with Public Key Infrastructure?
- From: Johnny
- Re: trust issues associated with Public Key Infrastructure?
- From: Volker Birk
- trust issues associated with Public Key Infrastructure?
- Prev by Date: Re: FYI: Avira reacted about "Shutdown Windows' servers" as malware
- Next by Date: Re: FYI: Avira reacted about "Shutdown Windows' servers" as malware
- Previous by thread: Re: trust issues associated with Public Key Infrastructure?
- Next by thread: Re: trust issues associated with Public Key Infrastructure?
- Index(es):
Relevant Pages
|
|
