Friday, February 10, 2012
Chapter 12
This chapter expanded on chapter 11's discussion of cryptography. The first part of the chapter dealt with defining a digital certificate. A DC is a file that ties a user's identity to a public key (in PKI) that's been signed by a third party. This allows the use of public keys that are from a trusted but indirect participant in the key exchange process. Certificate authorities issue digital certificates. Registration authorities verify the identity of an individual using a CA. Certificates have an expiration date, and the certs that have expired will be kept on a certificate revocation list for future reference. Certificate repositories are lists of digital certs that can be accessed by the public.There are several kinds of digital certs. Class 1 are personal DC's. Class 2 are server DC's and allow those on the web to see who owns a server. Class 3 certs are software DC's and allow these companies to ensure their software has not been hacked or altered. The next portion of the chapter dealt with PKI.and the way it functions, specifically the role trust plays in its use.Third-party trust is where two people trust a third party, and thus the word of that party is sufficient for the certificate or key in PKI. Hierarchical trust is defined as the trust relationships built up from relationships of third-party trusts of CA's. The next part of the chapter dealt with PKI management through certificate policy, or a system of rules governing certificate use and issuance. This is summed up in the cert practice statement. Similarly, key management is the way keys are handled in a PKI system. Transport encryption algorithms were covered next. Secure socket layer (SSL) transport layer security (TLS) use an algorithm to encrypt data sent over the internet and provide server & client authentication. Secure shell (SSL) allows access to rmote computers as an alternative to telnet. HTTPS secures communications between a browser and a web server. IPSec secures the exchange of packets.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment