Re: trust issues associated with Public Key Infrastructure?




What are the trust issues associated with Public Key Infrastructure?

The main issue is: how can you trust, that the public key you have really
is from the person you want to communicate with?

There are two different ideas for that topic: certification authorities
(with i.e. SSL/TLS, S/MIME) and the web of trust (i.e. OpenPGP).


Are the following PKI trust issues?...

CAs could issue certificates without checking owner identity
CAs could deliberately issues false certificates
Private keys could be disclosed by accident or on purpose
False certificates could be inserted into browsers
How to know that a revocation request is genuine (possible denial of service
attack)
Checking revoked certificates requires another secure channel
Liability issues for false or misused keys

Source:
http://66.249.93.104/search?q=cache:1F9DMPETzvgJ:www.unb.ca/pstnet/pst2005/Shaughnessy%2520Room/oct14/Josang-PST2005.ppt+trust+issues+PKI&hl=en&gl=uk&ct=clnk&cd=19

Thanks,

Johnny.


.



Relevant Pages

  • Proofs, burdens, abrahamic claims, and out-of-band data
    ... When you get a trust point certificates so you can tell if the site ... method that does not directly involve in-band transmission. ... The usual way to do out-of-band is to have the manufacturer of your ...
    (soc.religion.mormon)
  • Re: New Method for Authenticated Public Key Exchange without Digital Certificates
    ... > certificates were redundant and superfluous when the relying party ... > context of the original posting) and the semantic meaning of trust ... > the addition of public key operations to these environments isn't to ... > operations are the financial institutions. ...
    (sci.crypt)
  • Re: PKI: the end
    ... that one of the keys is consistently kept private and the other ... How does PKI infer 3-factor? ... What's with the "business process" terminology? ... > case of domain name SSL certificates, ...
    (sci.crypt)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... >>If we should trust these certificates, ... (Just as we should do for existing certificates issued by ... > level certificate to a small organization's PKI server in australia ... HTTPS is precisely so I don't need to trust DNS: ...
    (sci.crypt)
  • Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
    ... if all the linux distros put their "heads" together and create a single ... It will still be far from ideal, but then again, an ideal situation implies a dynamic WoT and would thus require educating users in basic trust management. ... If the user actually trusts the owners of *all* the root certificates on his machine, then the model is actually fine. ... I think I'd trust Red Hat, SUSE, Canonical, the Linux Foundation, the FSF or the OSI way, way more than Microsoft for example. ...
    (Fedora)