Practical TCP/IP and Ethernet Networking- P26

Practical TCP/IP and Ethernet Networking- P26: One of the great protocols that has been inherited from the Internet is TCP/IP and this is being used as the open standard today for all network and communications systems. The reasons for this popularity are not hard to find. | 232 Practical TCP IP and Ethernet Networking Somewhere in the middle ground lies a hybrid approach that relies upon both independent CAs and peer-to-peer certification. In such an approach businesses may act as their own CA issuing certificates for its employees and trading partners. Alternatively trading partners may agree to honor certificates signed by trusted third party CAs. This decentralized model most closely mimics today s typical business relationships and it is likely the way PKIs will mature. Building a public-key infrastructure is not an easy task. There are a lot of technical details to address - but the concept behind an effective PKI is quite simple a PKI provides the support elements necessary to enable the use of public-key cryptography. One thing is certain the public-key infrastructure will eventually - whether directly or indirectly - reach every Internet user. Storage and distribution of public keys E-commerce transactions don t always involve parties who share a previously established relationship. For this reason a PKI provides a means for retrieving certificates. If provided with the identity of the person of interest the PKI s directory service will provide the certificate. If the validity of a certificate needs to be verified the PKI s certificate directory can also provide the means for obtaining the signer s certificate. Revocation of public keys Occasionally certificates must be taken out of circulation or revoked. After a period of time a certificate will expire. In other cases an employee may leave the company or a person may suspect that his or her private key has been compromised. In such circumstances simply waiting for a certificate to expire is not the best option but it is nearly impossible to physically recall all possible copies of a certificate already in circulation. To address this problem CAs publish certificate revocation lists CRLs and compromised key lists KRLs . Verification of public keys The true value of a PKI is .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.