to authenticate themselves because the server is authenticated. Also, SSL connections use asymmetric operations meaning
the same key can be used each time. For example, if Alice was placing an order online and had to walk away when she
returned she could use the same key to pick up where she left off. Also, SSL connections can lead individuals to click
on a bad certificate believing it is ok to proceed even if an error appears. Whereas an IPsec connection secures all
traffic regardless of where it came from as well as provides encryption of all information.
5.BL) Public Key Infrastructure (PKI) is a framework for secure communications among disparate users through a process
for creating trust relationships. In short, PKI provides for the digital equivalent of a notary public, which provides
assurance that users are who they purport to be. Once a user has received its “stamp of approval”, the stamp is used to
provide assurance for individual communications between users. An international standard X.509 has been issued with PKI
framework requirements. PKI consists of:
Parties:
Certificate Authority (CA): A CA is a neutral organization that serves as the electronic notary. Examples of CA’s are
Symantec and GoDaddy. CA’s roles are to:Enroll new users. Users must prove their their identity to the CA.
Issue digital certificates. Once approved, users provide their public key and this is incorporated int the digital
certificate. The CA provides its private key to digitally signthe certificate.
Revoke digital certificates. Certificates may need to be pulled if security has been compromised,
critical information such as names have been changed, etc.Users: Parties that want to securely communicate can provide their digital certificate or request one from
the other party. So, if Party A wants to communicate with a new party that A does not know, the CA acts as an
intermediary so that the two can indirectly trust one another
Other: The X.509 standard does not specify a particular encryption protocol, so there is flexibility to upgrade as
better protocols become available.
You must be logged in to post a comment.